[cfe-dev] AddTaint failure with MemRegion
Pengfei Wang via cfe-dev
cfe-dev at lists.llvm.org
Wed Nov 18 07:38:00 PST 2015
Hello everyone,
I am writing my own checker for Static Analyzer, and when I intended to
mark some taints to the MemRegion, there was a problem that I could not
create a new ProgramStateRef with the function :
ProgramStateRef
<http://clang.llvm.org/doxygen/namespaceclang_1_1ento.html#a4e45a121820f0d80d8910093dd33a1df>
addTaint
<http://clang.llvm.org/doxygen/classclang_1_1ento_1_1ProgramState.html#acd4c5e1ba98d0b4ab0d8b7e1d9e7bac6>
(const MemRegion
<http://clang.llvm.org/doxygen/classclang_1_1ento_1_1MemRegion.html> *R,
TaintTagType
<http://clang.llvm.org/doxygen/namespaceclang_1_1ento.html#a7b288ea7271a1db7e1686e2e1af03a46>
Kind
<http://clang.llvm.org/doxygen/ChrootChecker_8cpp.html#aa10c9e8951b8ccf714a59ec321bdac5b>
=TaintTagGeneric
<http://clang.llvm.org/doxygen/namespaceclang_1_1ento.html#ac9b09a57a698d0c12c655945072bbe7b>)
const , thus I could not find the tainted MemRegion.And I use it like this:
void DoubleFetchChecker::checkBind(SVal loc, SVal val,const Stmt *StoreE,
CheckerContext &Ctx) const{
ProgramStateRef state = Ctx.getState();
const MemRegion *mrptr = loc.getAsRegion();
state = state->addTaint(mrptr);
Ctx.addTransition(state);
}
but when I check it with state->isTainted(mrptr), it failed. Did I make
any mistake when using this function?
Looking forward to your help! Thank you!
Kind regards
Pengfei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20151118/969d2114/attachment.html>
More information about the cfe-dev
mailing list