Welcome to the community, I hope you’ll enjoy working in the analyzer!
As an open source project, the static analyzer receives patches from a variety of companies, individual contributors and researchers. We usually communicate either here, on the mailing list (for the most part we tag mails with the [analyzer] tag), but even more so on phabricator (where we also use the same tag). Many of these groups also contribute to related libraries, most often to clang-tidy.
Currently Apple, Ericsson and Eötvös Lóránd Universoty are the most frequent contributors, but Google, Firefox, and many others chip in often as well. Apple currently holds ownership of the tool. Generally speaking, this is a team effort from everyone involved, and we do our best to respond and guide patches to guide them where they would be a great addition.
Speaking from Ericsson’s side, we have a fairly large group working on a number of projects. Some of these in no specific order:
- Introducing a reaching definitions calculator
- Improving the checker infrastructure in preparation for a better C++ support
- Improving checkers for stream handling, iterator and container operations
- Adding new checkers to cover many of the CERT rules
- Researching summary based analyses
- And many others!
If you wanna be up-to-date as to what others might be doing, I suggest that you create a herald rule that will add you as subscriber to such patches. You can do that from https://reviews.llvm.org/ → More applications (on the left sidebar) → Herald → Create Herald Rule (upper right corner):
When any of these conditions are met:
Revision title contains analyzer
Take these actions every time this rule matches:
Add me as subscriber
When creating a patch, you should probably add some of the more experienced folks as reviewers: @NoQ (Artem Dergachev), @Szelethus (That’s me!), @xazax.hun (Gábor Horváth), @baloghadamsoftware (Ádám Balogh), @Charusso (Csaba Dabis), @dcoughlin (Devin Coughlin, the code owner).
As to what projects need the most help, I guess one of the bigger pain points for us the state of alpha checkers. You can retrieve their list with clang -cc1 -analyzer-checker-help-alpha. These are checkers that are by definition incomplete. Artem Dergachev (@NoQ on phabricator) talked about them in this letter: http://lists.llvm.org/pipermail/cfe-dev/2019-May/062298.html. Addign new CERT rule checkers would be great as well, though you should probably send a mail to check whether somebody else is working on it already.
I don’t immediately have a specific bugfix in mind I can direct you to, but other might have ideas regarding that
Please follow up if you have any questions!