[cfe-dev] Static Analyzer Rocks Hard
Holger Schurig
hs4233 at mail.mn-solutions.de
Tue Jun 24 00:04:47 PDT 2008
> The more complete way to catch these bugs (and potentially
> verify their absence) is to flag dangerous uses of untrusted
> data: using it as a size parameter to malloc, using it as an
> array index, and so on.
It would be cool if, e.g. at an checker-level, a variable or
memory object could have something like the perl "taint" bit.
http://www.webreference.com/programming/perl/taint/
In perl, you untaint via a regexp. In checker, you might untaint
by checking a variable, e.g. for upper/lower bounds (signed) or
upper bounds only (unsigned variable).
If you then use the tainted variable to system function (how do
we define this?), you could get a tainted warning from the
checker.
More information about the cfe-dev
mailing list