Hello GCC community, My name is Virginia Kodsy, and I am interested in applying for Google Summer of Code 2026 to work on the GCC static analyzer (-fanalyzer).
Over the past few weeks, I have been exploring the analyzer’s internals and working on small contributions to gain familiarity with the codebase. Specifically, I have been implementing models for functions like getenv and strcmp within the known_function framework, which has helped me understand region_model, svalue types, and constraint handling. I have prepared a draft proposal focused on improving the detection of out-of-bounds accesses for Flexible Array Members (FAMs). Project Title: Improving Detection of Out-of-Bounds Accesses for FAMs in GCC Static Analyzer Brief Summary: The project aims to enhance symbolic capacity tracking and constraint propagation to better detect OOB accesses in FAMs, particularly in complex cases involving symbolic allocation sizes and realloc patterns where the current analyzer often loses track of region bounds. Draft Proposal: https://drive.google.com/drive/folders/1hcfYmvJ7mSvdpp7c4V7ChFZAN7sv6j8h?usp=sharing I would greatly appreciate your feedback on: 1. The technical feasibility of the proposed approach for tracking symbolic FAM sizes. 2. Whether the scope is appropriate for a GSoC timeline or if it should be narrowed/expanded. 3. Any specific edge cases in FAM handling that you believe should be prioritized. I also have an interest in improving general string handling support. While I am prepared to submit multiple proposals, would you recommend focusing my efforts on refining this FAM proposal to a higher standard instead? Thank you for your time and guidance. Best regards, Virginia Kodsy
