[cfe-dev] Static Analysis launch checker in context of another checker
Kristóf Umann via cfe-dev
cfe-dev at lists.llvm.org
Wed Sep 2 01:17:38 PDT 2020
Yep, i totally meant my example to be, well, an example :^)
On Wed, 2 Sep 2020, 10:09 Gábor Márton, <martongabesz at gmail.com> wrote:
> > ProgramStateRef markTainted(ProgramStateRef State, SVal S)
>
> We already have a bunch of `addTaint()` overloaded functions in Taint.h to
> propagate the `TaintMap` in GDM. And `isTainted` is the counterpart to read
> that.
>
> On Wed, Sep 2, 2020 at 10:02 AM Kristóf Umann <dkszelethus at gmail.com>
> wrote:
>
>> The taint propagation toolset GenericTaintChecker wants to make available
>> to other checkers is just a collection of helper functions/data structures.
>> For instance, it would make sense if StreamChecker could mark user inout
>> from fgets() as tainted. Later, when the analyzer would find a read of that
>> value, GenericTaintChecker could check whether it is a taintes symbol.
>>
>> The key thing to note here is that these checkers would still work
>> independently (StreamChecker wouldnt make GenericTaintChecker run), but do
>> share knowledge with the use of the GDM.
>>
>> Here is what you want to do: create a header file that contains functions
>> like this:
>>
>> ProgramStateRef markTainted(ProgramStateRef State, SVal S) {
>> // definition should be in the checker file
>> return State->add<TaintedSymbols>(S);
>> }
>>
>> Or something similar, I just wrotr this code to demonstrate what I wanted
>> to say, didnt check whether this is how it works on the inside :)
>>
>>
>> On Wed, 2 Sep 2020, 09:23 Thien Tran via cfe-dev, <cfe-dev at lists.llvm.org>
>> wrote:
>>
>>> Thank you very much for your response,
>>>
>>> I'm reading GenericTaintChecker and in its document "The taint
>>> information produced by it might be useful to other checkers". I wonder how
>>> I can get the information from GenericTaintChecker or is it better to add
>>> my own analysis to it?
>>>
>>> ----------------
>>> Best regards,
>>> Thien Tran.
>>>
>>>
>>> On Wed, 2 Sep 2020 at 10:06, Gábor Márton <martongabesz at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Checkers which emit bug reports are ought to be independent. So in this
>>>> sense, no, you cannot "launch" another checker inside the current checker.
>>>>
>>>> Hope this helps,
>>>> Gábor
>>>>
>>>> On Tue, 1 Sep 2020, 08:25 Thien Tran via cfe-dev, <
>>>> cfe-dev at lists.llvm.org> wrote:
>>>>
>>>>> Hello all,
>>>>>
>>>>> I'm writing a checker to analyze function calls in the body. Please
>>>>> let me know if we can launch another checker in the context of the current
>>>>> checker?
>>>>>
>>>>> Thank you very much!
>>>>>
>>>>> ----------------
>>>>> Best regards,
>>>>> Thien Tran.
>>>>> _______________________________________________
>>>>> cfe-dev mailing list
>>>>> cfe-dev at lists.llvm.org
>>>>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>>>>
>>>> _______________________________________________
>>> cfe-dev mailing list
>>> cfe-dev at lists.llvm.org
>>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200902/05b8da42/attachment.html>
More information about the cfe-dev
mailing list