[cfe-dev] Static Analysis launch checker in context of another checker
Gábor Márton via cfe-dev
cfe-dev at lists.llvm.org
Wed Sep 2 01:09:24 PDT 2020
> ProgramStateRef markTainted(ProgramStateRef State, SVal S)
We already have a bunch of `addTaint()` overloaded functions in Taint.h to
propagate the `TaintMap` in GDM. And `isTainted` is the counterpart to read
that.
On Wed, Sep 2, 2020 at 10:02 AM Kristóf Umann <dkszelethus at gmail.com> wrote:
> The taint propagation toolset GenericTaintChecker wants to make available
> to other checkers is just a collection of helper functions/data structures.
> For instance, it would make sense if StreamChecker could mark user inout
> from fgets() as tainted. Later, when the analyzer would find a read of that
> value, GenericTaintChecker could check whether it is a taintes symbol.
>
> The key thing to note here is that these checkers would still work
> independently (StreamChecker wouldnt make GenericTaintChecker run), but do
> share knowledge with the use of the GDM.
>
> Here is what you want to do: create a header file that contains functions
> like this:
>
> ProgramStateRef markTainted(ProgramStateRef State, SVal S) {
> // definition should be in the checker file
> return State->add<TaintedSymbols>(S);
> }
>
> Or something similar, I just wrotr this code to demonstrate what I wanted
> to say, didnt check whether this is how it works on the inside :)
>
>
> On Wed, 2 Sep 2020, 09:23 Thien Tran via cfe-dev, <cfe-dev at lists.llvm.org>
> wrote:
>
>> Thank you very much for your response,
>>
>> I'm reading GenericTaintChecker and in its document "The taint
>> information produced by it might be useful to other checkers". I wonder how
>> I can get the information from GenericTaintChecker or is it better to add
>> my own analysis to it?
>>
>> ----------------
>> Best regards,
>> Thien Tran.
>>
>>
>> On Wed, 2 Sep 2020 at 10:06, Gábor Márton <martongabesz at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> Checkers which emit bug reports are ought to be independent. So in this
>>> sense, no, you cannot "launch" another checker inside the current checker.
>>>
>>> Hope this helps,
>>> Gábor
>>>
>>> On Tue, 1 Sep 2020, 08:25 Thien Tran via cfe-dev, <
>>> cfe-dev at lists.llvm.org> wrote:
>>>
>>>> Hello all,
>>>>
>>>> I'm writing a checker to analyze function calls in the body. Please let
>>>> me know if we can launch another checker in the context of the current
>>>> checker?
>>>>
>>>> Thank you very much!
>>>>
>>>> ----------------
>>>> Best regards,
>>>> Thien Tran.
>>>> _______________________________________________
>>>> cfe-dev mailing list
>>>> cfe-dev at lists.llvm.org
>>>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>>>
>>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200902/2b75efa6/attachment.html>
More information about the cfe-dev
mailing list