[cfe-dev] Static Analyzer Rocks Hard

Holger Schurig hs4233 at mail.mn-solutions.de
Tue Jun 24 00:04:47 PDT 2008

> The more complete way to catch these bugs (and potentially
> verify their absence) is to flag dangerous uses of untrusted
> data: using it as a size parameter to malloc, using it as an
> array index, and so on.

It would be cool if, e.g. at an checker-level, a variable or 
memory object could have something like the perl "taint" bit.


In perl, you untaint via a regexp. In checker, you might untaint 
by checking a variable, e.g. for upper/lower bounds (signed) or 
upper bounds only (unsigned variable).

If you then use the tainted variable to system function (how do 
we define this?), you could get a tainted warning from the 

More information about the cfe-dev mailing list