typedef std::unique_ptr<StoreManager>(*StoreManagerCreator)(
ProgramStateManager &);
typedef llvm::ImmutableMap<const SubRegion*, TaintTagType> TaintedSubRegions;
-typedef llvm::ImmutableMapRef<const SubRegion*, TaintTagType>
- TaintedSubRegionsRef;
//===----------------------------------------------------------------------===//
// ProgramStateTrait - Traits used by the Generic Data Map of a ProgramState.
Store store; // Maps a location to its current value.
GenericDataMap GDM; // Custom data stored by a client of this class.
unsigned refCount;
- TaintedSubRegions::Factory TSRFactory;
/// makeWithStore - Return a ProgramState with the same values as the current
/// state with the exception of using the specified Store.
std::unique_ptr<ConstraintManager> ConstraintMgr;
ProgramState::GenericDataMap::Factory GDMFactory;
+ TaintedSubRegions::Factory TSRFactory;
typedef llvm::DenseMap<void*,std::pair<void*,void (*)(void*)> > GDMContextsTy;
GDMContextsTy GDMContexts;
/// underlying regions. This is used to efficiently check whether a symbol is
/// tainted when it represents a sub-region of a tainted symbol.
struct DerivedSymTaint {};
-typedef llvm::ImmutableMap<SymbolRef, TaintedSubRegionsRef> DerivedSymTaintImpl;
+typedef llvm::ImmutableMap<SymbolRef, TaintedSubRegions> DerivedSymTaintImpl;
template<> struct ProgramStateTrait<DerivedSymTaint>
: public ProgramStatePartialTrait<DerivedSymTaintImpl> {
static void *GDMIndex() { static int index; return &index; }
if (SubRegion == SubRegion->getBaseRegion())
return addTaint(ParentSym, Kind);
- TaintedSubRegionsRef TaintedSubRegions(0, TSRFactory.getTreeFactory());
- if (const TaintedSubRegionsRef *SavedTaintedRegions =
- get<DerivedSymTaint>(ParentSym))
- TaintedSubRegions = *SavedTaintedRegions;
+ const TaintedSubRegions *SavedRegs = get<DerivedSymTaint>(ParentSym);
+ TaintedSubRegions Regs =
+ SavedRegs ? *SavedRegs : stateMgr->TSRFactory.getEmptyMap();
- TaintedSubRegions = TaintedSubRegions.add(SubRegion, Kind);
- ProgramStateRef NewState = set<DerivedSymTaint>(ParentSym, TaintedSubRegions);
+ Regs = stateMgr->TSRFactory.add(Regs, SubRegion, Kind);
+ ProgramStateRef NewState = set<DerivedSymTaint>(ParentSym, Regs);
assert(NewState);
return NewState;
}
// If this is a SymbolDerived with the same parent symbol as another
// tainted SymbolDerived and a region that's a sub-region of that tainted
// symbol, it's also tainted.
- if (const TaintedSubRegionsRef *SymRegions =
- get<DerivedSymTaint>(SD->getParentSymbol())) {
+ if (const TaintedSubRegions *Regs =
+ get<DerivedSymTaint>(SD->getParentSymbol())) {
const TypedValueRegion *R = SD->getRegion();
- for (TaintedSubRegionsRef::iterator I = SymRegions->begin(),
- E = SymRegions->end();
- I != E; ++I) {
+ for (auto I : *Regs) {
// FIXME: The logic to identify tainted regions could be more
// complete. For example, this would not currently identify
// overlapping fields in a union as tainted. To identify this we can
// check for overlapping/nested byte offsets.
- if (Kind == I->second &&
- (R == I->first || R->isSubRegionOf(I->first)))
+ if (Kind == I.second &&
+ (R == I.first || R->isSubRegionOf(I.first)))
return true;
}
}
projects / clang / commitdiff