[PATCH] D28445: [Analyzer] Extend taint propagation and checking

Vlad Tsyrklevich via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Jan 10 07:23:08 PST 2017

vlad.tsyrklevich added inline comments.

Comment at: lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:443
+  if (auto LCV = Val.getAs<nonloc::LazyCompoundVal>())
+    return C.getSymbolManager().getRegionValueSymbol(LCV->getRegion());
zaks.anna wrote:
> This might create a new symbol. Is this what we want?
I'm not sure how to turn an LCV into a proper symbol, so without creating new symbols the best approach I can see is changing `getPointedToSymbol()` to `getPointedToSval()` and also update `addTaint()` and `isTainted()` to accept SVals. Then you could have separate TaintMaps that include both symbols and regions and check both for taintedness. Does that sound like the correct approach to you?


More information about the cfe-commits mailing list