1
1
I am looking into static analysis, and I'd like to know what to expect in the case of Bitcoin's main implementation, Bitcoin-Core.
That way, if I try static analysis on Bitcoin, I will know whether I've done it properly (e.g. I get something other than "Yay, everything's fine!" or "Boo, all is broken!").
There doesn't seem to be much out there beyond make check and some Github issues.
It could maybe stand some more independent research, but I want to check whether somebody out there knows this already (and is willing to subject themselves to the vagaries of the stackexchange communities enough to answer it).
What are the current known static analysis issues with Bitcoin core, if any?
Please feel free to post a comment if I'm not making this clear enough? Also note that I'm not talking about static analysis of Bitcoin opcodes like those discussed here: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2012-January/001024.html
– Nathan Basanese – 2015-09-06T19:00:12.083Mentioning script somewhere in your question probably would have helped somewhat. The scripting language is somewhat dwarfed by the rest of the repository. – Anonymous – 2015-09-07T15:43:30.623
1Static analysis is a very broad field. Can you give some hints as to what kind of analysis you have in mind? – Nate Eldredge – 2015-09-07T16:22:22.110
Mostly just the cryptography, actually. – Nathan Basanese – 2015-09-08T06:42:28.613
Are there really that many failures, at the moment, for the current client? I'm not asking about the field of static analysis. – Nathan Basanese – 2015-09-08T07:02:39.263