Hi Dave, >> >> 4. What’s the most interesting to me are PR103533 >> (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103533), > > Turning on taint detection by default would be a great project. It > would be good to run the integration tests: > https://github.com/davidmalcolm/gcc-analyzer-integration-tests > to see if anything regresses, or if it adds noise - so this might be a > bit of an open-ended project, in that we'd want to fix whatever issues > show up there, as well as the known ones that are documented in that > bug. > Sorry for replying to you late due to another project from my university. Since most other ideas are being worked on by you or not big enough to make a GSoC project, I decided to take on this project and have been getting familiar with the analyzer this weekend. I want to sort several things out before writing the proposal. 1. What should I do with the integration tests? 2. I ran gcc -fanalyzer -fanalyzer-checker=taint ./gcc-src/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-signed-char.c , but I got different results from what you documented in PR103533: /usr/bin/ld: /lib/x86_64-linux-gnu/crt1.o: in function `_start': (.text+0x17): undefined reference to `main' collect2: error: ld returned 1 exit status 3. What does “ICE” mean when you said “ICE in alt_get_inherited_state in abs-1.c, …”? 4. For the following program, nothing is reported with the taint mode turned on. But there is -Wanalyzer-tained-divisor, is it expected? __attribute__((tainted_args)) int fun0(int a) { return a; } int main() { int b = 3 / fun0(0); return b; } 5. I guess the project would mostly modify constraint-manager.h and sm-taint.cc . Or are there other files that you suspect relevant for this project? 6. Is the current implementation based on some papers? I found this (https://users.ece.cmu.edu/~aavgerin/papers/Oakland10.pdf) and this (https://www.ndss-symposium.org/wp-content/uploads/2017/09/Dynamic-Taint-Analysis-for-Automatic-Detection-Analysis-and-SignatureGeneration-of-Exploits-on-Commodity-Software-Dawn-Song.pdf), but haven’t started reading yet. In addition, purging states of the constraint manager sounds like a problem other people may have looked at. Is there any related progress since you documented in PR103533? As you said, this would be an open-ended project, so it would be very helpful to get some feedback from you so that I know how to draft my proposal. In addition, is it ok to deviate from the proposal after I start working? Best, Shengyu