+ +

Open Projects

+ +

This page lists several projects that would boost analyzer's usability and +power. Most of the projects listed here are infrastructure-related so this list +is an addition to the potential checkers list. + If you are interested in tackling one of these, please send an email to +cfe-dev mailing list +to notify other members of the community.

Core Analyzer Infrastructure +
- Explicitly model C++ standard library functions with BodyFarm. +
  BodyFarm + allows the analyzer to explicitly model functions, whose definitions are + not available during analysis. Modeling more of the widely used functions + (such as std::string) will improve precision of the analysis. + (Difficulty: Easy)
  +
- Implement generalized loop execution modeling. +
  Currently, the analyzer simply unrolls each loop N times. This + means that it will not execute any code after the loop if the loop is + guaranteed to execute more than N times. This results in lost + basic block coverage. We could continue exploring the path if we could + model a generic i-th iteration of a loop. + (Difficulty: Hard)
  +
- Enhance CFG to model C++ destructors and/or exceptions. +
  (Difficulty: Medium)
  + +
- Design and Implement alpha-renaming. +
  Implement unifying two symbolic values along a path after they are + determined to be equal via comparison. This would allow us to reduce the + number of false positives and would be a building step to more advanced + analyzes, such as summary-based interprocedural and cross-translation-unit + analysis. + (Difficulty: Hard)
  +
+
Bug Reporting +
- Add support for displaying multi-file path in scan-build output. +
  Currently scan-build output does not display reports that span multiple + files. The main problem is that we do not have the infrastructure to + display such paths in HTML output. (Difficulty: Medium)
  +
- Relate bugs to checkers. +
  We need to come up with bug reports API, which will relate bug reports + to the checkers that produce them and refactor the existing code to use the + new API. This would allow us to identify the checker from the bug report. + (Difficulty: Medium-easy)
  +
- Refactor BugReporter.cpp. +
  It would be great to have more code reuse between "Minimal" and + "Extensive" PathDiagnostic generation algorithms. One idea is to create an + IR for representing path diagnostics, which would be later be used to + generate minimal or extensive report output. (Difficulty: Medium)
  +
+
Other Infrastructure +
- Create 'analyzer_annotate' attribute for the analyzer annotations.
  + We would like to put all analyzer attributes behind a fence so that we + could add/remove them without worrying that compiler (not analyzer) users + depend on them. Design and implement such a generic analyzer attribute in + the compiler. (Difficulty: Medium)
  +
- Rewrite scan-build (in python).
  (Difficulty: Easy)
  +
+
Enhanced Checks +
- Implement a production-ready StreamChecker. +
  A SimpleStreamChecker has been presented in the Building a Checker in 24 + Hours talk + (slides + video). + We need to implement a production version of the checker with richer set of + APIs and evaluate it by running on real codebases. + (Difficulty: Easy)
  +
- Extend Malloc checker with reasoning about custom allocator, + deallocator, and ownership-transfer functions. +
  This would require extending MallocPessimistic checker with reasoning + about annotated functions. It is strongly desired that one would rely on + the 'analyzer_annotate' attribute, as described in one of the items above. + (Difficulty: Easy)
  +
- Implement iterators invalidation checker. +
  (Difficulty: Easy)
  +
- Write checkers which catch Copy and Paste errors. +
  Take a look at the following paper for inspiration + CP-Miner. + (Difficulty: Medium-hard)
  +
+

+ +