Program matching and transformation at a massive scale: Coccinelle meets Software Heritage

Coccinelle (https://coccinelle.gitlabpages.inria.fr/website/) is a tool for program matching and transformation that has been developed in the Whisper team.  Coccinelle has been extensively used for making repetitive transformations in the Linux kernel.  Today, in the context of the project SWHSec, we would like to consider how Coccinelle can be used effectively to improve quality of software more generally, by targeting the sorce code collected in Software Heritage (https://www.softwareheritage.org/).

Expected tasks include:

• Developing infrastructure to allow Coccinelle to interact with Software Heritage
• Identifying and resolving weaknesses in Coccinelle (typically in the parser) with respect to the software projects found in Software Heritage
• Identifying transformation and bug finding rules that can be applicable to a wide range of software projects found in Software Heritage
• Contributing to the design and evaluation of an approach to inferring transformation rules from examples, targeting the range of software projects found in Software Heritage

Note that Coccinelle is implemented in OCaml, and thus improvements to Coccinelle will involve OCaml programming.  There is also the possibility to work with Coccinelle for Rust, which is written in Rust.  Infrastructure for evaluating Coccinelle on the software projects found in Software Heritage can be developed using other programming languages, subject to the constraints of the task at hand and the interfaces provided by Software Heritage.

The principal activities are described in the previous section.

Strong software development skills.  Experience in designing and developing software that is robust and can be used and maintained by others.

Experience in programming with OCaml or another functional language.

Familiarity with common code patterns that indicate insecure or poor quality software.

Familiarity with build tools and git.

The ability to work independently.

• Restauration subventionnée
• Transports publics remboursés partiellement
• Congés: 7 semaines de congés annuels + 10 jours de RTT (base temps plein) + possibilité d'autorisations d'absence exceptionnelle (ex : enfants malades, déménagement)
• Possibilité de télétravail et aménagement du temps de travail (après 12 mois d'ancienneté)
• Équipements professionnels à disposition (visioconférence, prêts de matériels informatiques, etc.)
• Prestations sociales, culturelles et sportives (Association de gestion des œuvres sociales d'Inria)
• Accès à la formation professionnelle
• Sécurité sociale