[cfe-dev] Treating undefined values as tainted
이광무 via cfe-dev
cfe-dev at lists.llvm.org
Tue Feb 19 00:10:02 PST 2019
Hello,
While testing some of the benchmarks on Clang Static Analyzer (CSA), I found out that it doesn't report quite a lot of bugs that actually crash the program with, for example, buffer overruns. (I compared the bugs found on fuzzers with it) Considering that rather it reports a bunch of uninitialized/undefined value warnings, I suppose this is because CSA doesn't treat uninitialized values as symbols or tainted, and quickly gives up on exploration from there on.
My question is, is there any option that instructs CSA to symbolize such uninitialized values, or mark them tainted? I hope I can get the program-crashing bugs to appear in the final report in this way.
Thank you,
Gwangmu Lee.
Gwangmu Lee
Ph.D. Student
+82) 10 4114 7441
Room 615, Bldg 301, Seoul National University, Gwanak-ro 1, Gwanak-gu, Seoul, South Korea.
http://compsec.snu.ac.kr/~gwangmu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190219/7b52e1fa/attachment.html>
More information about the cfe-dev
mailing list