diff options
| author | Anna Zaks <ganna@apple.com> | 2011-12-06 23:12:33 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2011-12-06 23:12:33 +0000 |
| commit | 1d1d515b2bafb59d624883d8fdda97d4b7dba0cb (patch) | |
| tree | 0c8c329904ac0ab84b28420fd5d4e13e6d163ce2 /lib/StaticAnalyzer/Core/ProgramState.cpp | |
| parent | aace9ef279be3dadd53b481aee568bd7701178b4 (diff) | |
[analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it
for finding dependent symbols for taint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145986 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Core/ProgramState.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Core/ProgramState.cpp | 40 |
1 files changed, 16 insertions, 24 deletions
diff --git a/lib/StaticAnalyzer/Core/ProgramState.cpp b/lib/StaticAnalyzer/Core/ProgramState.cpp index 2dafeeee00..a725d38192 100644 --- a/lib/StaticAnalyzer/Core/ProgramState.cpp +++ b/lib/StaticAnalyzer/Core/ProgramState.cpp @@ -673,29 +673,21 @@ bool ProgramState::isTainted(SVal V, TaintTagType Kind) const { bool ProgramState::isTainted(const SymExpr* Sym, TaintTagType Kind) const { if (!Sym) return false; - - // TODO: Can we use symbol_iterator (like removeDeadBindingsWorker) here? - - // Check taint on derived symbols. - if (const SymbolDerived *SD = dyn_cast<SymbolDerived>(Sym)) - return isTainted(SD->getParentSymbol(), Kind); - - if (const SymbolCast *SC = dyn_cast<SymbolCast>(Sym)) - return (isTainted(SC->getOperand(), Kind)); - - if (const SymIntExpr *SIE = dyn_cast<SymIntExpr>(Sym)) - return isTainted(SIE->getLHS(), Kind); - - if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(Sym)) - return (isTainted(SSE->getLHS(), Kind) || isTainted(SSE->getRHS(), Kind)); - - // Check taint on the current symbol. - if (const SymbolData *SymR = dyn_cast<SymbolData>(Sym)) { - const TaintTagType *Tag = get<TaintMap>(SymR); - return (Tag && *Tag == Kind); + + // Travese all the symbols this symbol depends on to see if any are tainted. + bool Tainted = false; + for (SymExpr::symbol_iterator SI = Sym->symbol_begin(), SE =Sym->symbol_end(); + SI != SE; ++SI) { + assert(isa<SymbolData>(*SI)); + const TaintTagType *Tag = get<TaintMap>(*SI); + Tainted = (Tag && *Tag == Kind); + + // If this is a SymbolDerived with a tainted parent, it's also tainted. + if (const SymbolDerived *SD = dyn_cast<SymbolDerived>(*SI)) + Tainted = Tainted || isTainted(SD->getParentSymbol(), Kind); + if (Tainted) + return true; } - - // TODO: Remove llvm unreachable. - llvm_unreachable("We do not know show to check taint on this symbol."); - return false; + + return Tainted; } |