[PATCH] D28445: [Analyzer] Extend taint propagation and checking
Vlad Tsyrklevich via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Jan 10 07:23:08 PST 2017
vlad.tsyrklevich added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:443
+ if (auto LCV = Val.getAs<nonloc::LazyCompoundVal>())
+ return C.getSymbolManager().getRegionValueSymbol(LCV->getRegion());
+
----------------
zaks.anna wrote:
> This might create a new symbol. Is this what we want?
I'm not sure how to turn an LCV into a proper symbol, so without creating new symbols the best approach I can see is changing `getPointedToSymbol()` to `getPointedToSval()` and also update `addTaint()` and `isTainted()` to accept SVals. Then you could have separate TaintMaps that include both symbols and regions and check both for taintedness. Does that sound like the correct approach to you?
https://reviews.llvm.org/D28445
More information about the cfe-commits
mailing list