[cfe-dev] Clang GenericTaintChecker limitations
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Thu Aug 11 11:34:52 PDT 2016
Woohoo, i found something. The taint starts propagating correctly as
soon as I add
global_item_list = NULL;
to the beginning of main().
It is true that the analyzer doesn't assume globals are initialized to
their initializers. But i never noticed that it is so even when the
analysis starts from main(). I think it'd be a nice feature to improve
upon (not hard, but will need some coding - in RegionStore, add a
special mode that completely changes its behavior on denoting
non-bindings with symbols whenever we think the analysis starts from the
very beginning of the program; probably assume C++ global constructors
fire at that time as well, but for that scenario we'd only be able to
support static globals).
Will keep investigating, because i don't feel as if i understand what's
going on yet.
On 8/11/16 8:07 PM, Divya Muthukumaran wrote:
> I'm not sure what the protocol is for posting code here.
I think attachments is the most comfortable and reliable way of posting
code.
More information about the cfe-dev
mailing list