[cfe-dev] General query : Alpha security checkers and taint analysis
Ashwin Ganesh via cfe-dev
cfe-dev at lists.llvm.org
Mon Apr 4 02:41:40 PDT 2016
I figured out how to add debugging checkers. I just need some help
regarding the first questions. Thanks.
On Mon, Apr 4, 2016 at 1:46 PM, Ashwin Ganesh <ashwingane at gmail.com> wrote:
> 1) I went through GenericTaintChecker.cpp and I am not sure which part of
> the code propagates the taint.For example,
> x = getchar();
> char y = x + 1;
> Which part of the code taints y? Every part of the code i see seem to deal
> with functions.
> 2) Secondly , how do i use the debugging checkers like TainTesterChecker?
> I can't quite seem to locate this in the documentation
> On Fri, Apr 1, 2016 at 10:31 PM, Artem Dergachev via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
>> Source for pretty much everything is available. To see what code
>> corresponds to what checker, consult the Checkers.td file; for the
>> TaintPropagation checker, GenericTaintChecker.cpp is the correct code file.
>> With clang static analyzer, you don't need to (though you may) implement
>> taint propagation manually in every checker - the TaintPropagation checker
>> already does a pretty good job, just enable it and code parts that it
>> doesn't support out of the box.
>> The static analyzer works only with the source code in C/C++/Objective-C.
>> You should have no problem dumping all accesses to the tainted values,
>> similarly to TaintTester, though the current diagnostic engine isn't very
>> suitable for massive dumps of big data for further analysis - it was
>> designed to report small numbers of actual bug reports and provides useful
>> facilities for that.
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cfe-dev