<div dir="ltr"><span style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">1) I went through GenericTaintChecker.cpp and I am not sure which part of the code propagates the taint.</span><span style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">For example,</span><br><div style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><div>x = getchar();</div><div>char y = x + 1;</div></div><div style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">Which part of the code taints y? Every part of the code i see seem to deal with functions.</div><div style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><br></div><div style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">2) Secondly , how do i use the debugging checkers like TainTesterChecker? I can't quite seem to locate this in the documentation</div><div style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><br></div><div style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">Regards,</div><div style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">Ashwin</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 1, 2016 at 10:31 PM, Artem Dergachev via cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Source for pretty much everything is available. To see what code corresponds to what checker, consult the Checkers.td file; for the TaintPropagation checker, GenericTaintChecker.cpp is the correct code file.<br>
<br>
With clang static analyzer, you don't need to (though you may) implement taint propagation manually in every checker - the TaintPropagation checker already does a pretty good job, just enable it and code parts that it doesn't support out of the box.<br>
<br>
The static analyzer works only with the source code in C/C++/Objective-C.<br>
<br>
You should have no problem dumping all accesses to the tainted values, similarly to TaintTester, though the current diagnostic engine isn't very suitable for massive dumps of big data for further analysis - it was designed to report small numbers of actual bug reports and provides useful facilities for that.<br>
_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
</blockquote></div><br></div>