granicus.if.org Git - clang/commit

author	Artem Dergachev <artem.dergachev@gmail.com>
	Mon, 29 May 2017 15:42:56 +0000 (15:42 +0000)
committer	Artem Dergachev <artem.dergachev@gmail.com>
	Mon, 29 May 2017 15:42:56 +0000 (15:42 +0000)
commit	1f7848d7f2f49a0a931d4e4aa13714fe47bf373e
tree	2dead7262e8fdd72e11646aa0c8e41cfdc3e670d	tree \| snapshot
parent	ab4ea4570190c32f1e5c00d851680ebd14e94b53	commit \| diff

[analyzer] Support partially tainted records.

The analyzer's taint analysis can now reason about structures or arrays
originating from taint sources in which only certain sections are tainted.

In particular, it also benefits modeling functions like read(), which may
read tainted data into a section of a structure, but RegionStore is incapable of
expressing the fact that the rest of the structure remains intact, even if we
try to model read() directly.

Patch by Vlad Tsyrklevich!

Differential revision: https://reviews.llvm.org/D28445

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@304162 91177308-0d34-0410-b5e6-96231b3b80d8

include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h		diff \| blob \| history
include/clang/StaticAnalyzer/Core/PathSensitive/TaintManager.h		diff \| blob \| history
lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp		diff \| blob \| history
lib/StaticAnalyzer/Core/ProgramState.cpp		diff \| blob \| history
lib/StaticAnalyzer/Core/RegionStore.cpp		diff \| blob \| history
test/Analysis/taint-generic.c		diff \| blob \| history