Hi everyone, My name is Saksham Gupta, and I am a 3rd-year Computing Science & Engineering student. I am writing to express my strong interest in contributing to GCC for GSoC 2026, specifically under the project "Extending the static analysis pass" to add checking for the CPython API, mentored by David Malcolm.
I have a strong background in C++ and Python, alongside a deep interest in vulnerability analysis and cybersecurity. I have previously developed risk analysis models to detect systemic vulnerabilities, and extending -fanalyzer to catch reference-counting bugs and memory leaks in C/C++ Python extensions feels like a natural and exciting progression of that work. To prepare for this proposal, I have completed the prerequisites outlined in the "Before you apply" guide: - I have successfully checked out the GCC source. - I built GCC locally from source natively on an Apple Silicon Mac (using Iain Sandoe's gcc-darwin-arm64 branch, as I noted mainline lacks full native support). - I have successfully run the testsuite. - I've experimented with dumping the GIMPLE trees (-fdump-tree-all) to understand the intermediate representation flow. - I have read through the "Analyzer Internals" and "Debugging the Analyzer" documentation. Before I begin drafting my formal proposal, I would love to start contributing code. Could anyone point me toward a "good first issue" or a relatively isolated bug in the gcc/analyzer/ directory that I could attempt to patch to familiarize myself with the workflow? Thank you for your time and for maintaining such an incredible project. Best regards, Saksham Gupta https://github.com/am-saksham https://www.linkedin.com/in/am-saksham-gupta/
