[cfe-dev] Clear taint mark - static analyzer checker
Francisco Chiotta
franchiotta at gmail.com
Sat Apr 25 17:59:00 PDT 2015
Thanks Anna. I was taking a look at GenericTaintChecker, and saw you are
the main contributor of this module. My idea is to create a checker where
the user can define what are the methods in which alert in case of tainted
data is passed on them.
It works great when tainting primitives types, e.g. char, but if i want to
taint object like std:string, it doesn't work. It uses a getPointedToSymbol
method based on GenericTaintChecker, to retrieve the symbolic value, and
the passes it to the StateRef.addTaint(...) method:
https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp#L426
But I can hardly understand why this doesn't retrieve any symbol when the
arguments are objects.
Thanks a lot.
Francisco
2015-04-15 2:26 GMT-03:00 Anna Zaks <ganna at apple.com>:
> Taint support has not been fully implemented. I suspect this explains why
> there is no method to clear it.
>
> Anna.
>
> > On Apr 12, 2015, at 6:54 PM, Francisco Chiotta <franchiotta at gmail.com>
> wrote:
> >
> > Hi community,
> >
> > I'm developing a static analyzer checker, and I need to clear the taint
> mark for a specific symbol/stmt/region. Is that possible?
> >
> > I'm using the addTaint(..) methods of ProgramState class to add taint
> information to symbols/stms/regions, but I don't see anything to clear the
> taint mark to them.
> >
> > Does Anyone know how to do this?
> >
> > Thanks!
> >
> >
> > _______________________________________________
> > cfe-dev mailing list
> > cfe-dev at cs.uiuc.edu
> > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150425/d9947558/attachment.html>
More information about the cfe-dev
mailing list