[cfe-dev] Help with Taint analysis
ioripolo at gmail.com
Wed Jan 13 18:09:02 PST 2010
I don't know if clang now has a right engine for taint analysis.
Of course you can create a new checker to track all taint information using
GRExprEngine as Zhongxing said, but GRExprEngine is path sensitive. Maybe
flow sensitive analysis for taint analysis is enough?
Otherwise, i think the result from taint analysis may be useful for other
checkers. So can we implement it like LiveVariable analysis?
Phoenix is a framework for build compilers or program analysis tools from
MS. You can find an taint analysis example from the phoenix SDK docs.Maybe
you can borrow some ideas from it.
2010/1/13 Juan Carlos Martinez Santos <juanc.martinez.santos at gmail.com>
> Hello clang,
> I am interested in doing taint analysis. My idea is get a complete list of
> all variables which are potentially influenced by outside input. Checking
> the mail list, I found that a way to do this is walking into GRExprEngine
> and his friends (SVals and MemRegion).
> However, I don't know how to start.
> Thanks in advance,
> Juan Carlos
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cfe-dev