From 8d008227b03383972c34d219dc28c7f93ed58f4b Mon Sep 17 00:00:00 2001
From: Jordan Rose This page lists several projects that would boost analyzer's usability and
power. Most of the projects listed here are infrastructure-related so this list
-is an addition to the potential checkers list.
- If you are interested in tackling one of these, please send an email to
-cfe-dev mailing list
-to notify other members of the community.
+is an addition to the potential checkers
+list. If you are interested in tackling one of these, please send an email
+to the cfe-dev
+mailing list to notify other members of the community. BodyFarm
- allows the analyzer to explicitly model functions, whose definitions are
+ allows the analyzer to explicitly model functions whose definitions are
not available during analysis. Modeling more of the widely used functions
- (such as std::string) will improve precision of the analysis.
+ (such as the members of std::string) will improve precision of the
+ analysis.
(Difficulty: Easy)
-
(Difficulty: Medium)
+There is an existing implementation of this, but it's not complete and + is disabled in the analyzer. + (Difficulty: Medium)
+ +Currently exceptions are treated as "black holes", and exception-handling + control structures are poorly modeled (to be conservative). This could be + much improved for both C++ and Objective-C exceptions. + (Difficulty: Medium)
-Implement unifying two symbolic values along a path after they are determined to be equal via comparison. This would allow us to reduce the number of false positives and would be a building step to more advanced - analyzes, such as summary-based interprocedural and cross-translation-unit + analyses, such as summary-based interprocedural and cross-translation-unit analysis. (Difficulty: Hard)
Currently scan-build output does not display reports that span multiple - files. The main problem is that we do not have the infrastructure to +
Currently scan-build output does not display reports that span + multiple files. The main problem is that we do not have a good format to display such paths in HTML output. (Difficulty: Medium)
We need to come up with bug reports API, which will relate bug reports +
We need to come up with an API which will relate bug reports to the checkers that produce them and refactor the existing code to use the - new API. This would allow us to identify the checker from the bug report. - (Difficulty: Medium-easy)
+ new API. This would allow us to identify the checker from the bug report, + which paves the way for selective control of certain checks. + (Difficulty: Easy-Medium)It would be great to have more code reuse between "Minimal" and "Extensive" PathDiagnostic generation algorithms. One idea is to create an IR for representing path diagnostics, which would be later be used to @@ -82,14 +93,16 @@ to notify other members of the community.
- We would like to put all analyzer attributes behind a fence so that we +
We would like to put all analyzer attributes behind a fence so that we could add/remove them without worrying that compiler (not analyzer) users depend on them. Design and implement such a generic analyzer attribute in the compiler. (Difficulty: Medium)
(Difficulty: Easy)
+(Difficulty: Easy)
This would require extending MallocPessimistic checker with reasoning +
This would require extending the MallocPessimistic checker to reason about annotated functions. It is strongly desired that one would rely on - the 'analyzer_annotate' attribute, as described in one of the items above. + the analyzer_annotate attribute, as described above. (Difficulty: Easy)
Take a look at the following paper for inspiration - CP-Miner. - (Difficulty: Medium-hard)
+Take a look at the + CP-Miner + paper for inspiration. + (Difficulty: Medium-Hard)