[cfe-dev] Adding taint sources to GenericTaintChecker
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Tue Apr 12 09:05:32 PDT 2016
On 12.04.2016 08:35, Ashwin Ganesh wrote:
> when I use float instead of int, the taint doesn't propagate at all
Umm yeah, and then we run into a bit of an issue - the analyzer does not
use symbols for floats yet. The problem was that constraints on floats
are not yet supported, otherwise there shouldn't be a problem to replace
UnknownVal's with float-type symbols. This is item #2 in
http://clang-analyzer.llvm.org/open_projects.html . Maybe we should go
ahead and produce symbols anyway, and ignore them in the constraint
manager, solely for the purposes of taint analysis, before we have
anything better? Not sure right now what kinds of false positives we may
unleash this way.
More information about the cfe-dev
mailing list