<div dir="ltr"><p style="margin:0px"><font face="arial, helvetica, sans-serif">Does it not work even if the argument passed on is a pointer?</font></p>
<p style="margin:0px;min-height:22px"><font face="arial, helvetica, sans-serif"><br></font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif">This is an example:</font></p>
<p style="margin:0px;min-height:22px"><font face="arial, helvetica, sans-serif"><br></font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif">void source(string* str){}</font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif">void destination(string* str){}</font></p>
<p style="margin:0px;min-height:22px"><font face="arial, helvetica, sans-serif"><br></font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif">void somemethod(string* str){</font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif"><span class="" style="white-space:pre"> </span>source(str);</font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif"><span class="" style="white-space:pre"> </span>destination(str);<span class="" style="white-space:pre"> </span></font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif">}</font></p>
<p style="margin:0px;min-height:22px"><font face="arial, helvetica, sans-serif"><br></font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif">When I try to get the SVal associated to the argument in the ‘source’ method, I got a LazyCompoundVal class, and I can’t get the Symbol of it to mark it as tainted.</font></p></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-27 13:44 GMT-03:00 Anna Zaks <span dir="ltr"><<a href="mailto:ganna@apple.com" target="_blank">ganna@apple.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><br><div><span class=""><blockquote type="cite"><div>On Apr 25, 2015, at 5:59 PM, Francisco Chiotta <<a href="mailto:franchiotta@gmail.com" target="_blank">franchiotta@gmail.com</a>> wrote:</div><br><div><div dir="ltr"><font>Thanks Anna. I was taking a look at GenericTaintChecker, and saw you are the main contributor of this module. My idea is to create a checker where the user can define what are the methods in which alert in case of tainted data is passed on them.</font><div><font><br></font></div><div><font>It works great when tainting primitives types, e.g. char, but if i want to taint object like std:string, it doesn't work. It uses a getPointedToSymbol method based on GenericTaintChecker, to retrieve the symbolic value, and the passes it to the StateRef.addTaint(...) method:</font></div><div><br></div><div><a href="https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp#L426" target="_blank">https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp#L426</a><br><div><br></div><div>But I can hardly understand why this doesn't retrieve any symbol when the arguments are objects.</div><div><br></div></div></div></div></blockquote><br></span>The analyzer's infrastructure for tracking objects passed by value is lagging behind; maybe that's what you are seeing..</div><span class=""><div><br><blockquote type="cite"><div><div dir="ltr"><div><div>Thanks a lot.</div><div>Francisco</div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-15 2:26 GMT-03:00 Anna Zaks <span dir="ltr"><<a href="mailto:ganna@apple.com" target="_blank">ganna@apple.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Taint support has not been fully implemented. I suspect this explains why there is no method to clear it.<br>
<br>
Anna.<br>
<div><div><br>
> On Apr 12, 2015, at 6:54 PM, Francisco Chiotta <<a href="mailto:franchiotta@gmail.com" target="_blank">franchiotta@gmail.com</a>> wrote:<br>
><br>
> Hi community,<br>
><br>
> I'm developing a static analyzer checker, and I need to clear the taint mark for a specific symbol/stmt/region. Is that possible?<br>
><br>
> I'm using the addTaint(..) methods of ProgramState class to add taint information to symbols/stms/regions, but I don't see anything to clear the taint mark to them.<br>
><br>
> Does Anyone know how to do this?<br>
><br>
> Thanks!<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> cfe-dev mailing list<br>
> <a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br>
> <a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
<br>
</blockquote></div><br></div>
</div></blockquote></div><br></span></div></blockquote></div><br></div>