[PATCH] D28445: [Analyzer] Extend taint propagation and checking
Vlad Tsyrklevich via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Jan 10 07:23:08 PST 2017
vlad.tsyrklevich added inline comments.
Comment at: lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:443
+ if (auto LCV = Val.getAs<nonloc::LazyCompoundVal>())
+ return C.getSymbolManager().getRegionValueSymbol(LCV->getRegion());
> This might create a new symbol. Is this what we want?
I'm not sure how to turn an LCV into a proper symbol, so without creating new symbols the best approach I can see is changing `getPointedToSymbol()` to `getPointedToSval()` and also update `addTaint()` and `isTainted()` to accept SVals. Then you could have separate TaintMaps that include both symbols and regions and check both for taintedness. Does that sound like the correct approach to you?
More information about the cfe-commits