[cfe-dev] GSoC - Static Analyzer project ideas?

Martin Milata b42-ml at srck.net
Wed Mar 23 14:25:23 PDT 2011


On Tue, Mar 22, 2011 at 21:01:37 -0700, Ted Kremenek wrote:
> On Mar 21, 2011, at 5:05 AM, Martin Milata wrote:
> 
> > Hello,
> > 
> > I would like to participate in this year's Google Summer of Code
> > program. I'm interested in working on the Static Analyzer, because I
> > think it has great potential to be a tool that a lot of programmers can
> > benefit from, and it also overlaps with my academic interests.
> > 
> > The analyzer is not mentioned on the open projects page, so my question
> > is if anybody has some project idea and/or is willing to mentor it? I
> > have tried to come up with something, but I don't know if it would be
> > really possible, useful and doable in the given time:
> > 
> > - support for interprocedural analysis
> > 
> > - support for external checkers (i.e. loadable at runtime, so clang does
> >  not have to be recompiled in order to use new checker)
> > 
> > - false positive elimination with constraint solver (klee seems to
> >  contain a solver that could be specifically used for this)
> > 
> > - C++ support (only thing mentioned on the analyzer web, I don't have an
> >  idea of extent of the work needed)
> > 
> > Thank you for any feedback,
> > Martin Milata
> 
> Hi Martin,
> 
> I'm happy to hear that you are so excited about the static analyzer,
> and there are definitely task areas of it that would make good GSoC
> projects.
> 
> I think the "support for external projects" is probably the most
> reasonable for a GSoC project you proposed.  Argiris recently reworked
> the checker registration system so that all checkers register
> themselves with a CheckerManager object.  I think we should be able to
> naturally extend this to dynamically loadable checkers.  Not only is
> this a tractable project, but it would have direct impact on others
> trying to extend the static analyzer.
> 
> I think all the other projects are great ideas, but unless you are
> intimately familiar with the static analyzer engine I don't think
> interprocedural analysis or integration of a constraint solver are
> good part-time projects.  They both will require a huge amount of work
> and intimate understanding of the analyzer core.  I just don't think
> you'll have enough time in a GSoC project, and I think if this is your
> first time working with the analyzer internals its probably best to
> start on a less ambitious project that will have more immediate direct
> impact.
> 
> Concerning C++ static analysis support, there is a bunch of random
> things to be done.  Some of it dovetails into inter-procedural
> analysis and enhancing the core analyzer engine, but writing C++
> specific checkers would be really beneficial.  Note that full C++
> support is definitely much more than a GSoC project, but it's
> definitely something you can help with by carving out key pieces that
> need to be done.
> 
> Cheers,
> Ted

Thank you for your reply, it's good to know what is feasible to do and
what is not.

Regarding the external projects support, what exactly would that entail?
I can imagine that making the dynamic loading working on all supported
platforms will be nontrivial (unless clang already has some
infrastructure for that) and that the wrapper scripts will require
modifications. Is there something else apart from that?

Thanks,
Martin



More information about the cfe-dev mailing list