Hi Dave, > On 22 Feb 2023, at 15:11, Shengyu Huang wrote: > >> But a better place to look would probably be in our bugzilla; see the >> links on the wiki page: >> https://gcc.gnu.org/wiki/StaticAnalyzer >> The "open bugs" list currently has 41 "RFE" bugs ("request for >> enhancement" i.e. ideas for new features), some of which might make >> suitable GSoC ideas, and/or be of interest to you (ideally both!) >> >> Also, the GSoC wiki page has some project ideas: >> https://gcc.gnu.org/wiki/SummerOfCode#Selected_Project_Ideas >> > > Yeah I was also searching for interesting ideas on the bugzilla, and I will communicate to you once I have any more concrete ideas. I spent some time searching through Bugzilla this weekend while familiarizing with the analyzer internals, and I found the following things interesting, and it’d be great if you can give me some preliminary feedback: 1. I am not sure why we added the class `shift_count_negative_diagnostic` in region-model.cc , because there is a similar warning issued from c/c-typeck.cc , and when I compiled with -fanalyzer that has the code `b = b << -1`, I got two warnings that mean the same thing. Maybe interestingly, when I compiled my test case with -O2, I got the warning from -Wshift-count-negative but not from -Wanalyzer-shift-count-negative. Would it be considered as a false negative for the analyzer? 2. Something related to 1. is PR98447 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98447) 3. PR104955 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104955) still takes a long without -Wno-analyzer-double-free. I’d be interested in further investigating the problem (probably as you said sharing one feasible_graph can fix the problem). 4. What’s the most interesting to me are PR103533 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103533), PR104940 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104940) because I focus on formal methods in my university studies, and I’m currently looking into Dafny internals for my semester project. 5. PR105891 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105891) seems fitted to get started during the project phase, or be used as a warm-up before the official project phase. 6. PR106147 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106147) says you are implementing a prototype already, so I guess I’ll leave it out, but I am also quite interested in this analysis. At a glimpse I am not quite sure why infinite recursion and infinite loop should be treated differently (maybe it’ll become clearer to me once I am more familiar with the internals). In addition, a simple function that looks like this void re (int c) { if (c > 0) re (c + 1); else re (1); } can also be concluded as infinite recursion because there is no base case in all possible paths. 7. Other PRs that interest me: PR106006 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106006) and PR107017 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107017, already mentioned in the GSoC page). Best, Shengyu