From 1d1d515b2bafb59d624883d8fdda97d4b7dba0cb Mon Sep 17 00:00:00 2001
From: Anna Zaks <ganna@apple.com>
Date: Tue, 6 Dec 2011 23:12:33 +0000
Subject: [analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use
 it for finding dependent symbols for taint.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145986 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/StaticAnalyzer/Core/ProgramState.cpp | 40 +++++++++++++-------------------
 1 file changed, 16 insertions(+), 24 deletions(-)

(limited to 'lib/StaticAnalyzer/Core/ProgramState.cpp')

diff --git a/lib/StaticAnalyzer/Core/ProgramState.cpp b/lib/StaticAnalyzer/Core/ProgramState.cpp
index 2dafeeee00..a725d38192 100644
--- a/lib/StaticAnalyzer/Core/ProgramState.cpp
+++ b/lib/StaticAnalyzer/Core/ProgramState.cpp
@@ -673,29 +673,21 @@ bool ProgramState::isTainted(SVal V, TaintTagType Kind) const {
 bool ProgramState::isTainted(const SymExpr* Sym, TaintTagType Kind) const {
   if (!Sym)
     return false;
-
-  // TODO: Can we use symbol_iterator (like removeDeadBindingsWorker) here?
-
-  // Check taint on derived symbols.
-  if (const SymbolDerived *SD = dyn_cast<SymbolDerived>(Sym))
-    return isTainted(SD->getParentSymbol(), Kind);
-
-  if (const SymbolCast *SC = dyn_cast<SymbolCast>(Sym))
-    return (isTainted(SC->getOperand(), Kind));
-
-  if (const SymIntExpr *SIE = dyn_cast<SymIntExpr>(Sym))
-    return isTainted(SIE->getLHS(), Kind);
-
-  if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(Sym))
-    return (isTainted(SSE->getLHS(), Kind) || isTainted(SSE->getRHS(), Kind));
-
-  // Check taint on the current symbol.
-  if (const SymbolData *SymR = dyn_cast<SymbolData>(Sym)) {
-    const TaintTagType *Tag = get<TaintMap>(SymR);
-    return (Tag && *Tag == Kind);
+  
+  // Travese all the symbols this symbol depends on to see if any are tainted.
+  bool Tainted = false;
+  for (SymExpr::symbol_iterator SI = Sym->symbol_begin(), SE =Sym->symbol_end();
+       SI != SE; ++SI) {
+    assert(isa<SymbolData>(*SI));
+    const TaintTagType *Tag = get<TaintMap>(*SI);
+    Tainted = (Tag && *Tag == Kind);
+
+    // If this is a SymbolDerived with a tainted parent, it's also tainted.
+    if (const SymbolDerived *SD = dyn_cast<SymbolDerived>(*SI))
+      Tainted = Tainted || isTainted(SD->getParentSymbol(), Kind);
+    if (Tainted)
+      return true;
   }
-
-  // TODO: Remove llvm unreachable.
-  llvm_unreachable("We do not know show to check taint on this symbol.");
-  return false;
+  
+  return Tainted;
 }
-- 
cgit v1.2.3-18-g5258