Description of the project:
- The C++ std::string class provides a c_str() method that returns a raw pointer to a string's inner character buffer. When a std::string is destroyed, the character buffer is deallocated. A common bug is to access a dangling raw pointer to the buffer after string deallocation. These "use after free" bugs can cause crashes or other unexpected behavior.
-
- This project will add a new checker to the static analyzer to find when a dangling inner string pointer is used. This will help find bugs not only with std::string and c_str() but also with LLVM's StringRef class and the new C++17 std::string_view.
-
Confirmed Mentor: Artem Dergachev
-Desirable skills: Intermediate knowledge of C++.
-Description of the project:
- The static analyzer finds bugs by exploring many possible paths through a program. To reduce false positives, it uses a very fast but imprecise custom constraint manager to rule out infeasible paths that cannot actually be executed at run time.
-
- This project will extend the analyzer to use the Z3 SMT solver to rule out additional infeasible paths by postprocessing bug reports. This will help the analyzer reduce false positives when the path involves complicated branches that the built-in constraint manager cannot reason about.
-
Confirmed Mentor: George Karpenkov
-Desirable skills: Intermediate knowledge of C++ and basic familiarity with the capabilities SMT solvers
-