[analyzer] Skip casts when determining taint dependencies + pretty

printing. llvm-svn: 148517
author: Anna Zaks <ganna@apple.com> 2012-01-20 00:11:16 +0000
committer: Anna Zaks <ganna@apple.com> 2012-01-20 00:11:16 +0000
commit: 282dc1437f31630aae1cbec6cfb17b3da11340e3 (patch)
tree: 919dd4979e8f02f8218c8fca9660781b77774f3f /clang/lib/StaticAnalyzer/Core/ProgramState.cpp
parent: 43de767b55c079101a466027bf1c5acab698811d (diff)
download: bcm5719-llvm-282dc1437f31630aae1cbec6cfb17b3da11340e3.tar.gz
bcm5719-llvm-282dc1437f31630aae1cbec6cfb17b3da11340e3.zip
1 files changed, 25 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
index 5eb0e06bca5..a8061e1b404 100644
--- a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
@@ -413,6 +413,22 @@ void ProgramState::dump() const {
   print(llvm::errs());
 }
 
+void ProgramState::printTaint(raw_ostream &Out,
+                              const char *NL, const char *Sep) const {
+  TaintMapImpl TM = get<TaintMap>();
+
+  if (!TM.isEmpty())
+    Out <<"Tainted Symbols:" << NL;
+
+  for (TaintMapImpl::iterator I = TM.begin(), E = TM.end(); I != E; ++I) {
+    Out << I->first << " : " << I->second << NL;
+  }
+}
+
+void ProgramState::dumpTaint() const {
+  printTaint(llvm::errs());
+}
+
 //===----------------------------------------------------------------------===//
 // Generic Data Map.
 //===----------------------------------------------------------------------===//
@@ -602,6 +618,11 @@ const ProgramState* ProgramState::addTaint(const MemRegion *R,
 
 const ProgramState* ProgramState::addTaint(SymbolRef Sym,
                                            TaintTagType Kind) const {
+  // If this is a symbol cast, remove the cast before adding the taint. Taint
+  // is cast agnostic.
+  while (const SymbolCast *SC = dyn_cast<SymbolCast>(Sym))
+    Sym = SC->getOperand();
+
   const ProgramState *NewState = set<TaintMap>(Sym, Kind);
   assert(NewState);
   return NewState;
@@ -662,6 +683,10 @@ bool ProgramState::isTainted(SymbolRef Sym, TaintTagType Kind) const {
     if (const SymbolRegionValue *SRV = dyn_cast<SymbolRegionValue>(*SI))
       Tainted = Tainted || isTainted(SRV->getRegion(), Kind);
 
+    // If If this is a SymbolCast from a tainted value, it's also tainted.
+    if (const SymbolCast *SC = dyn_cast<SymbolCast>(*SI))
+      Tainted = Tainted || isTainted(SC->getOperand(), Kind);
+
     if (Tainted)
       return true;
   }
author	Anna Zaks <ganna@apple.com>	2012-01-20 00:11:16 +0000
committer	Anna Zaks <ganna@apple.com>	2012-01-20 00:11:16 +0000
commit	282dc1437f31630aae1cbec6cfb17b3da11340e3 (patch)
tree	919dd4979e8f02f8218c8fca9660781b77774f3f /clang/lib/StaticAnalyzer/Core/ProgramState.cpp
parent	43de767b55c079101a466027bf1c5acab698811d (diff)
download	bcm5719-llvm-282dc1437f31630aae1cbec6cfb17b3da11340e3.tar.gz bcm5719-llvm-282dc1437f31630aae1cbec6cfb17b3da11340e3.zip