[cfe-dev] Clear taint mark - static analyzer checker

Anna Zaks ganna at apple.com
Mon Apr 27 09:44:57 PDT 2015


> On Apr 25, 2015, at 5:59 PM, Francisco Chiotta <franchiotta at gmail.com> wrote:
> 
> Thanks Anna. I was taking a look at GenericTaintChecker, and saw you are the main contributor of this module. My idea is to create a checker where the user can define what are the methods in which alert in case of tainted data is passed on them.
> 
> It works great when tainting primitives types, e.g. char, but if i want to taint object like std:string, it doesn't work. It uses a getPointedToSymbol method based on GenericTaintChecker, to retrieve the symbolic value, and the passes it to the StateRef.addTaint(...) method:
> 
> https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp#L426 <https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp#L426>
> 
> But I can hardly understand why this doesn't retrieve any symbol when the arguments are objects.
> 

The analyzer's infrastructure for tracking objects passed by value is lagging behind; maybe that's what you are seeing..

> Thanks a lot.
> Francisco
> 
> 
> 2015-04-15 2:26 GMT-03:00 Anna Zaks <ganna at apple.com <mailto:ganna at apple.com>>:
> Taint support has not been fully implemented. I suspect this explains why there is no method to clear it.
> 
> Anna.
> 
> > On Apr 12, 2015, at 6:54 PM, Francisco Chiotta <franchiotta at gmail.com <mailto:franchiotta at gmail.com>> wrote:
> >
> > Hi community,
> >
> > I'm developing a static analyzer checker, and I need to clear the taint mark for a specific symbol/stmt/region. Is that possible?
> >
> > I'm using the addTaint(..) methods of ProgramState class to add taint information to symbols/stms/regions, but I don't see anything to clear the taint mark to them.
> >
> > Does Anyone know how to do this?
> >
> > Thanks!
> >
> >
> > _______________________________________________
> > cfe-dev mailing list
> > cfe-dev at cs.uiuc.edu <mailto:cfe-dev at cs.uiuc.edu>
> > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev <http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev>
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150427/64bfcea0/attachment.html>


More information about the cfe-dev mailing list