[cfe-dev] Help with Taint analysis
章磊
ioripolo at gmail.com
Wed Jan 13 18:09:02 PST 2010
I don't know if clang now has a right engine for taint analysis.
Of course you can create a new checker to track all taint information using
GRExprEngine as Zhongxing said, but GRExprEngine is path sensitive. Maybe
flow sensitive analysis for taint analysis is enough?
Otherwise, i think the result from taint analysis may be useful for other
checkers. So can we implement it like LiveVariable analysis?
Phoenix is a framework for build compilers or program analysis tools from
MS. You can find an taint analysis example from the phoenix SDK docs.Maybe
you can borrow some ideas from it.
2010/1/13 Juan Carlos Martinez Santos <juanc.martinez.santos at gmail.com>
> Hello clang,
>
> I am interested in doing taint analysis. My idea is get a complete list of
> all variables which are potentially influenced by outside input. Checking
> the mail list, I found that a way to do this is walking into GRExprEngine
> and his friends (SVals and MemRegion).
>
> However, I don't know how to start.
>
> Thanks in advance,
>
> --
> Juan Carlos
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20100114/ca6ba516/attachment.html>
More information about the cfe-dev
mailing list