[cfe-dev] Static analysis tool development

Monty Zukowski monty at codetransform.com
Fri Jan 16 08:46:39 PST 2009 

Ben Laurie of Google has up to $50K to spend on a pilot project to
improve the state of static analysis of C code for open source
projects.  Among other things Ben is involved with the OpenSSL project
and has tried some static analyzers such as Deputy, and Cyclone (which
is also a language extension of C), and has noted various problems and
limitations with these tools.

The goal of this pilot project is to get a static analyzer tool
developed/modified so that it is truly useful to the open source
community and can become a standard part of the development process.
The ability to customize the analysis is strongly desired.  For
instance, after a security exploit is reported people might want to
review the rest of the code for the same problem.  An analyzer that
helped do that would be quite beneficial.

If the pilot project goes well then additional funding is possible.

>From the research I have done, clang seems to be the best front end
for this type of project.  I have some questions:

1) What is the state of the static analyzer?  Where do I start
learning what needs done on it?  Is there a long term plan for it?

2) The ability to add custom logic to the analyzer is quite desirable.
 Perhaps this could be made easier by integrating with a scripting
language like Python.  To me, even the ability to write a script to
pattern match against the AST or other intermediate forms could be
quite useful.

3) Simply managing the volume of warnings can be difficult.  I would
like to integrate some method of tracking warnings from build to build
to see what's new and perhaps to be able to prioritize what should be
investigated first.  This would probably be separate from the
analyzer, but a useful front end will help the tool get adopted more
readily.

4) Annotations can be helpful to guide an analyzer.  How difficult
would it be to extend the parser to accept a simple annotation syntax?

I am open to collaborating on this project if anyone is available.

Also, if you would like to learn more about this project or submit
your own proposal, feel free to contact "Ben Laurie"
<benl at google.com>.

Thanks for your help.

Monty

More information about the cfe-dev mailing list