[llvm-dev] GSoC and SAFECode
Michael McConville via llvm-dev
llvm-dev at lists.llvm.org
Mon Mar 21 19:07:46 PDT 2016
Hi, everyone.
I'm a senior at Swarthmore College and would love to work with LLVM this
summer. I'm interested in systems languages and security, and I'll start
a PhD on these topics this fall. I also do a good deal of open source
development and auditing with OpenBSD and a variety of other projects.
I spent last year's GSoC doing security auditing for Pidgin/libpurple.
GSoC seems like a great way to spend this summer as well. I'm
particularly interested in the SAFECode project and LLVM's general
security and auditing features. I haven't worked a ton with LLVM in the
past, but I have a mostly finished strnlen(3) optimization I've been
meaning to resubmit:
https://marc.info/?l=llvm-commits&m=145485679322322&w=2
I also worked with Martin Natano to port the integer overflow checker to
OpenBSD and build a working kernel and userland with it. We now have a
patch that integrates it into the full system build through libc, and
fixed a number of bugs in the process.
Because of my background in auditing, I like to think I have an
intuition for which compiler and scanner features developers will find
useful and usable. I also have a good understanding of the more
theoretical aspects of language and compiler design, and I'm very
familiar with the ANSI C and POSIX specs.
In regards to potential projects, I'd like to rewrite the SAFECode
static array bounds check pass and add check optimizations (both to
remove statically unnecessary checks and improve the generated code for
remaining ones). In the process, I'd refactor and simplify what already
exists, fixing bugs as I encounter them. New checks at the libc API
level could also be interesting, if they're within the scope of the
project.
This work would almost certainly lead to an OpenBSD port. John would
probably be helpful on both accounts, as he's integrated SAFECode with
FreeBSD. I'm also competent with the OpenBSD port system's bulk build
infrastructure, so I'm confident that I could test SAFECode on a handful
of important projects or even en masse.
I'm open to other project ideas as well. If anyone else is mentoring a
project that seems like a good fit for me, please share.
Thanks for your time,
Michael McConville
More information about the llvm-dev
mailing list