Detect Use-After-Free with Pointer Analysis in a C++ Codebase
Overview
What this challenge is about.
Build the codebase with compilation database (compile_commands.json). Write a custom Clang static-analyzer checker (or extend an existing one) that flags resource-handle uses after the resource's destructor is callable. Use Andersen-style pointer analysis to track may-alias relationships across handle copies. Run on the full codebase and produce a candidate report. Manually validate the top 30 candidates and classify into 3 buckets: confirmed bug, false positive, requires-more-analysis. Deliver the checker source, candidate report, validation triage spreadsheet, and a 6-page methodology report covering the pointer-analysis design and where it loses precision.
The Brief
What you'll do, and what you'll demonstrate.
Find use-after-free bugs in a 220K-line C++ codebase using pointer analysis and deliver a triaged candidate list with above 50 percent confirmed-bug rate in the top 30.
Earning criteria — what you'll demonstrate
- Implement an Andersen-style pointer analysis in a real checker
- Reason about may-alias vs must-alias in pointer-analysis design
- Write a custom Clang static-analyzer checker end-to-end
- Triage static-analysis output honestly with confirmed/FP buckets
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.