Hi, all.

I am going to be a new contributor for Clang Static Analyzer. I’ve been getting familiar for the last two weeks. I’ve already inspected git history, a bug-list​ and defined main contributors for it. I’ve read in Docs that addressing​ here is a good way to assimilate.

It would be nice if you could tell if there someone who designates the roadmap or has a strategic vision for Static Analyzer. Who could advice me where to start from to bring a real impact in terms of at least fixing bugs? Maybe you could advice me a specific bug that I can start investigating. It should be easier for you to determine which one might be the one.

Many thanks!

Hi!

Welcome to the community, I hope you’ll enjoy working in the analyzer!

As an open source project, the static analyzer receives patches from a variety of companies, individual contributors and researchers. We usually communicate either here, on the mailing list (for the most part we tag mails with the [analyzer] tag), but even more so on phabricator (where we also use the same tag). Many of these groups also contribute to related libraries, most often to clang-tidy.

Currently Apple, Ericsson and Eötvös Lóránd Universoty are the most frequent contributors, but Google, Firefox, and many others chip in often as well. Apple currently holds ownership of the tool. Generally speaking, this is a team effort from everyone involved, and we do our best to respond and guide patches to guide them where they would be a great addition.

Speaking from Ericsson’s side, we have a fairly large group working on a number of projects. Some of these in no specific order:

• Introducing a reaching definitions calculator
• Improving the checker infrastructure in preparation for a better C++ support
• Improving checkers for stream handling, iterator and container operations
• Adding new checkers to cover many of the CERT rules
• Researching summary based analyses
• And many others!

If you wanna be up-to-date as to what others might be doing, I suggest that you create a herald rule that will add you as subscriber to such patches. You can do that from https://reviews.llvm.org/ → More applications (on the left sidebar) → Herald → Create Herald Rule (upper right corner):

When any of these conditions are met:
Revision title contains analyzer
Take these actions every time this rule matches:
Add me as subscriber

When creating a patch, you should probably add some of the more experienced folks as reviewers: @NoQ (Artem Dergachev), @Szelethus (That’s me!), @xazax.hun (Gábor Horváth), @baloghadamsoftware (Ádám Balogh), @Charusso (Csaba Dabis), @dcoughlin (Devin Coughlin, the code owner).

As to what projects need the most help, I guess one of the bigger pain points for us the state of alpha checkers. You can retrieve their list with clang -cc1 -analyzer-checker-help-alpha. These are checkers that are by definition incomplete. Artem Dergachev (@NoQ on phabricator) talked about them in this letter: http://lists.llvm.org/pipermail/cfe-dev/2019-May/062298.html. Addign new CERT rule checkers would be great as well, though you should probably send a mail to check whether somebody else is working on it already.

I don’t immediately have a specific bugfix in mind I can direct you to, but other might have ideas regarding that

Please follow up if you have any questions!
Cheers,
Husi

​Kristof,

Thank you for a detailed and quick response! It is more clear now. I will look closer at alpha checkers.