[PATCH] D30909: [Analyzer] Finish taint propagation to derived symbols of tainted regions
Vlad Tsyrklevich via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Mar 13 14:12:19 PDT 2017
vlad.tsyrklevich created this revision.
This is the second part of https://reviews.llvm.org/D28445, it extends taint propagation to cases where the tainted region is a sub-region and we can't taint a conjured symbol entirely. This required adding a new map in the GDM that maps tainted parent symbols to tainted sub-regions (in order to avoid a linear scan looking for appropriate symbols in the current TaintMap.) With this change, tainting of structs and unions should work as expected.
https://reviews.llvm.org/D30909
Files:
include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
include/clang/StaticAnalyzer/Core/PathSensitive/TaintManager.h
lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
lib/StaticAnalyzer/Core/ProgramState.cpp
lib/StaticAnalyzer/Core/RegionStore.cpp
test/Analysis/taint-generic.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D30909.91612.patch
Type: text/x-patch
Size: 7887 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170313/eb3112ab/attachment-0001.bin>
More information about the cfe-commits
mailing list