[cfe-dev] GSoC - Static Analyzer project ideas?
Ben Laurie
benl at google.com
Mon Mar 21 06:18:42 PDT 2011
On 21 March 2011 12:05, Martin Milata <b42-ml at srck.net> wrote:
> Hello,
>
> I would like to participate in this year's Google Summer of Code
> program. I'm interested in working on the Static Analyzer, because I
> think it has great potential to be a tool that a lot of programmers can
> benefit from, and it also overlaps with my academic interests.
>
> The analyzer is not mentioned on the open projects page, so my question
> is if anybody has some project idea and/or is willing to mentor it?
Sadly I don't think I'm qualified to mentor, or I would certainly
offer. I like your list (not so sure about dynamic loading, that seems
low priority).
One I'd like to add is some kind of support for rule-based finding of
particular known bad patterns (e.g. the OpenSSL bug where return
values that could be -1, 0 or 1 were checked as if they were
true/false). Yes, this is vague :-)
> I
> have tried to come up with something, but I don't know if it would be
> really possible, useful and doable in the given time:
>
> - support for interprocedural analysis
>
> - support for external checkers (i.e. loadable at runtime, so clang does
> not have to be recompiled in order to use new checker)
>
> - false positive elimination with constraint solver (klee seems to
> contain a solver that could be specifically used for this)
>
> - C++ support (only thing mentioned on the analyzer web, I don't have an
> idea of extent of the work needed)
>
> Thank you for any feedback,
> Martin Milata
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
More information about the cfe-dev
mailing list