<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 25, 2015, at 5:59 PM, Francisco Chiotta <<a href="mailto:franchiotta@gmail.com" class="">franchiotta@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><font class="">Thanks Anna. I was taking a look at GenericTaintChecker, and saw you are the main contributor of this module. My idea is to create a checker where the user can define what are the methods in which alert in case of tainted data is passed on them.</font><div class=""><font class=""><br class=""></font></div><div class=""><font class="">It works great when tainting primitives types, e.g. char, but if i want to taint object like std:string, it doesn't work. It uses a getPointedToSymbol method based on GenericTaintChecker, to retrieve the symbolic value, and the passes it to the StateRef.addTaint(...) method:</font></div><div class=""><br class=""></div><div class=""><a href="https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp#L426" class="">https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp#L426</a><br class=""><div class=""><br class=""></div><div class="">But I can hardly understand why this doesn't retrieve any symbol when the arguments are objects.</div><div class=""><br class=""></div></div></div></div></blockquote><br class="">The analyzer's infrastructure for tracking objects passed by value is lagging behind; maybe that's what you are seeing..</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><div class="">Thanks a lot.</div><div class="">Francisco</div><div class=""><br class=""></div></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-04-15 2:26 GMT-03:00 Anna Zaks <span dir="ltr" class=""><<a href="mailto:ganna@apple.com" target="_blank" class="">ganna@apple.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Taint support has not been fully implemented. I suspect this explains why there is no method to clear it.<br class="">
<br class="">
Anna.<br class="">
<div class=""><div class="h5"><br class="">
> On Apr 12, 2015, at 6:54 PM, Francisco Chiotta <<a href="mailto:franchiotta@gmail.com" class="">franchiotta@gmail.com</a>> wrote:<br class="">
><br class="">
> Hi community,<br class="">
><br class="">
> I'm developing a static analyzer checker, and I need to clear the taint mark for a specific symbol/stmt/region. Is that possible?<br class="">
><br class="">
> I'm using the addTaint(..) methods of ProgramState class to add taint information to symbols/stms/regions, but I don't see anything to clear the taint mark to them.<br class="">
><br class="">
> Does Anyone know how to do this?<br class="">
><br class="">
> Thanks!<br class="">
><br class="">
><br class="">
</div></div>> _______________________________________________<br class="">
> cfe-dev mailing list<br class="">
> <a href="mailto:cfe-dev@cs.uiuc.edu" class="">cfe-dev@cs.uiuc.edu</a><br class="">
> <a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank" class="">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br class="">
<br class="">
</blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></body></html>