Hi everyone,
Hi David,
I'm interested in extending the static analysis pass as a GSoC project.
Short introduction of me: I'm Tim, currently doing my master in
computer science with focus on IT security at TU Darmstadt. I already
worked with IFDS as part of my bachelor thesis and took both program
analysis courses in my masters.
Specifically, I thought about extending the analyzer to check new
things i.e. the POSIX file-descriptor project. I would prefer a
medium-sized project, do you think this is doable?
Also, I've read a bit through the internal documentation and got a
question. The documentation mostly mentions the Reps paper as the
source for the exploded supergraph. But the paper suggests more such as
having extensional summaries that lead to the same context sensitivity
as unbounded call-strings. In contrast, the documentation also talks
about being call-strings limited and searching for complex-enough
methods to be worth summarizing.
Do you only use the exploded supergraph idea but not the rest?
Otherwise why do you use call-strings and search for methods worth
summarizing?
Best regards
Tim
- GSoC: Extending the Static Analysis Pass Tim Lange
-