Typedefs | |
| using | TaintTagType = unsigned |
| The type of taint, which helps to differentiate between different types of taint. | |
Functions | |
| ProgramStateRef | addTaint (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in which the value of the statement is marked as tainted. | |
| ProgramStateRef | addTaint (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in which the value is marked as tainted. | |
| ProgramStateRef | addTaint (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in which the symbol is marked as tainted. | |
| ProgramStateRef | addTaint (ProgramStateRef State, const MemRegion *R, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in which the pointer represented by the region is marked as tainted. | |
| ProgramStateRef | removeTaint (ProgramStateRef State, SVal V) |
| ProgramStateRef | removeTaint (ProgramStateRef State, const MemRegion *R) |
| ProgramStateRef | removeTaint (ProgramStateRef State, SymbolRef Sym) |
| ProgramStateRef | addPartialTaint (ProgramStateRef State, SymbolRef ParentSym, const SubRegion *SubRegion, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in a which a sub-region of a given symbol is tainted. | |
| bool | isTainted (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric) |
| Check if the statement has a tainted value in the given state. | |
| bool | isTainted (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric) |
| Check if the value is tainted in the given state. | |
| bool | isTainted (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric) |
| Check if the symbol is tainted in the given state. | |
| bool | isTainted (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) |
| Check if the pointer represented by the region is tainted in the given state. | |
| std::vector< SymbolRef > | getTaintedSymbols (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric) |
| Returns the tainted Symbols for a given Statement and state. | |
| std::vector< SymbolRef > | getTaintedSymbols (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric) |
| Returns the tainted Symbols for a given SVal and state. | |
| std::vector< SymbolRef > | getTaintedSymbols (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric) |
| Returns the tainted Symbols for a SymbolRef and state. | |
| std::vector< SymbolRef > | getTaintedSymbols (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) |
| Returns the tainted (index, super/sub region, symbolic region) symbols for a given memory region. | |
| std::vector< SymbolRef > | getTaintedSymbolsImpl (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind, bool returnFirstOnly) |
| std::vector< SymbolRef > | getTaintedSymbolsImpl (ProgramStateRef State, SVal V, TaintTagType Kind, bool returnFirstOnly) |
| std::vector< SymbolRef > | getTaintedSymbolsImpl (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind, bool returnFirstOnly) |
| std::vector< SymbolRef > | getTaintedSymbolsImpl (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind, bool returnFirstOnly) |
| void | printTaint (ProgramStateRef State, raw_ostream &Out, const char *nl="\n", const char *sep="") |
| LLVM_DUMP_METHOD void | dumpTaint (ProgramStateRef State) |
Variables | |
| static constexpr TaintTagType | TaintTagGeneric = 0 |
Typedef Documentation
◆ TaintTagType
Function Documentation
◆ addPartialTaint()
|
nodiscard |
Create a new state in a which a sub-region of a given symbol is tainted.
This might be necessary when referring to regions that can not have an individual symbol, e.g. if they are represented by the default binding of a LazyCompoundVal.
Definition at line 125 of file Taint.cpp.
References addTaint(), clang::ento::MemRegion::getBaseRegion(), and clang::T.
Referenced by addTaint().
◆ addTaint() [1/4]
|
nodiscard |
Create a new state in which the pointer represented by the region is marked as tainted.
Definition at line 80 of file Taint.cpp.
References addTaint().
◆ addTaint() [2/4]
|
nodiscard |
Create a new state in which the value of the statement is marked as tainted.
Definition at line 46 of file Taint.cpp.
References addTaint().
Referenced by addPartialTaint(), addTaint(), addTaint(), and addTaint().
◆ addTaint() [3/4]
|
nodiscard |
Create a new state in which the value is marked as tainted.
Definition at line 52 of file Taint.cpp.
References addPartialTaint(), addTaint(), and V.
◆ addTaint() [4/4]
|
nodiscard |
◆ dumpTaint()
| void clang::ento::taint::dumpTaint | ( | ProgramStateRef | State | ) |
Definition at line 42 of file Taint.cpp.
References printTaint().
◆ getTaintedSymbols() [1/4]
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols | ( | ProgramStateRef | State, |
| const MemRegion * | Reg, | ||
| TaintTagType | Kind = TaintTagGeneric ) |
Returns the tainted (index, super/sub region, symbolic region) symbols for a given memory region.
Definition at line 188 of file Taint.cpp.
References getTaintedSymbolsImpl().
◆ getTaintedSymbols() [2/4]
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols | ( | ProgramStateRef | State, |
| const Stmt * | S, | ||
| const LocationContext * | LCtx, | ||
| TaintTagType | Kind = TaintTagGeneric ) |
Returns the tainted Symbols for a given Statement and state.
Definition at line 170 of file Taint.cpp.
References getTaintedSymbolsImpl().
◆ getTaintedSymbols() [3/4]
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols | ( | ProgramStateRef | State, |
| SVal | V, | ||
| TaintTagType | Kind = TaintTagGeneric ) |
Returns the tainted Symbols for a given SVal and state.
Definition at line 177 of file Taint.cpp.
References getTaintedSymbolsImpl(), and V.
◆ getTaintedSymbols() [4/4]
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols | ( | ProgramStateRef | State, |
| SymbolRef | Sym, | ||
| TaintTagType | Kind = TaintTagGeneric ) |
Returns the tainted Symbols for a SymbolRef and state.
Definition at line 182 of file Taint.cpp.
References getTaintedSymbolsImpl().
◆ getTaintedSymbolsImpl() [1/4]
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl | ( | ProgramStateRef | State, |
| const MemRegion * | Reg, | ||
| TaintTagType | Kind, | ||
| bool | returnFirstOnly ) |
Definition at line 221 of file Taint.cpp.
References getTaintedSymbolsImpl().
◆ getTaintedSymbolsImpl() [2/4]
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl | ( | ProgramStateRef | State, |
| const Stmt * | S, | ||
| const LocationContext * | LCtx, | ||
| TaintTagType | Kind, | ||
| bool | returnFirstOnly ) |
Definition at line 194 of file Taint.cpp.
References getTaintedSymbolsImpl().
Referenced by getTaintedSymbols(), getTaintedSymbols(), getTaintedSymbols(), getTaintedSymbols(), getTaintedSymbolsImpl(), getTaintedSymbolsImpl(), getTaintedSymbolsImpl(), getTaintedSymbolsImpl(), isTainted(), isTainted(), isTainted(), and isTainted().
◆ getTaintedSymbolsImpl() [3/4]
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl | ( | ProgramStateRef | State, |
| SVal | V, | ||
| TaintTagType | Kind, | ||
| bool | returnFirstOnly ) |
Definition at line 203 of file Taint.cpp.
References clang::ento::StoreManager::getDefaultBinding(), getTaintedSymbolsImpl(), and V.
◆ getTaintedSymbolsImpl() [4/4]
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl | ( | ProgramStateRef | State, |
| SymbolRef | Sym, | ||
| TaintTagType | Kind, | ||
| bool | returnFirstOnly ) |
Definition at line 260 of file Taint.cpp.
References clang::ento::SymExpr::computeComplexity(), getTaintedSymbolsImpl(), clang::isa(), clang::ento::SubRegion::isSubRegionOf(), and clang::ento::SymExpr::symbols().
◆ isTainted() [1/4]
| bool clang::ento::taint::isTainted | ( | ProgramStateRef | State, |
| const MemRegion * | Reg, | ||
| TaintTagType | Kind = TaintTagGeneric ) |
Check if the pointer represented by the region is tainted in the given state.
Definition at line 159 of file Taint.cpp.
References getTaintedSymbolsImpl().
◆ isTainted() [2/4]
| bool clang::ento::taint::isTainted | ( | ProgramStateRef | State, |
| const Stmt * | S, | ||
| const LocationContext * | LCtx, | ||
| TaintTagType | Kind = TaintTagGeneric ) |
Check if the statement has a tainted value in the given state.
Definition at line 148 of file Taint.cpp.
References getTaintedSymbolsImpl().
◆ isTainted() [3/4]
| bool clang::ento::taint::isTainted | ( | ProgramStateRef | State, |
| SVal | V, | ||
| TaintTagType | Kind = TaintTagGeneric ) |
Check if the value is tainted in the given state.
Definition at line 154 of file Taint.cpp.
References getTaintedSymbolsImpl(), and V.
◆ isTainted() [4/4]
| bool clang::ento::taint::isTainted | ( | ProgramStateRef | State, |
| SymbolRef | Sym, | ||
| TaintTagType | Kind = TaintTagGeneric ) |
Check if the symbol is tainted in the given state.
Definition at line 165 of file Taint.cpp.
References getTaintedSymbolsImpl().
◆ printTaint()
| void clang::ento::taint::printTaint | ( | ProgramStateRef | State, |
| raw_ostream & | Out, | ||
| const char * | nl = "\n", | ||
| const char * | sep = "" ) |
Referenced by dumpTaint(), and REGISTER_MAP_FACTORY_WITH_PROGRAMSTATE().
◆ removeTaint() [1/3]
|
nodiscard |
Definition at line 108 of file Taint.cpp.
References removeTaint().
◆ removeTaint() [2/3]
|
nodiscard |
Definition at line 99 of file Taint.cpp.
References removeTaint(), and V.
Referenced by removeTaint(), and removeTaint().
◆ removeTaint() [3/3]
|
nodiscard |
Variable Documentation
◆ TaintTagGeneric
|
staticconstexpr |
Generated on for clang by
1.14.0