|
clang 20.0.0git
|
Typedefs | |
| using | TaintTagType = unsigned |
| The type of taint, which helps to differentiate between different types of taint. | |
Functions | |
| ProgramStateRef | addTaint (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in which the value of the statement is marked as tainted. | |
| ProgramStateRef | addTaint (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in which the value is marked as tainted. | |
| ProgramStateRef | addTaint (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in which the symbol is marked as tainted. | |
| ProgramStateRef | addTaint (ProgramStateRef State, const MemRegion *R, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in which the pointer represented by the region is marked as tainted. | |
| ProgramStateRef | removeTaint (ProgramStateRef State, SVal V) |
| ProgramStateRef | removeTaint (ProgramStateRef State, const MemRegion *R) |
| ProgramStateRef | removeTaint (ProgramStateRef State, SymbolRef Sym) |
| ProgramStateRef | addPartialTaint (ProgramStateRef State, SymbolRef ParentSym, const SubRegion *SubRegion, TaintTagType Kind=TaintTagGeneric) |
| Create a new state in a which a sub-region of a given symbol is tainted. | |
| bool | isTainted (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric) |
| Check if the statement has a tainted value in the given state. | |
| bool | isTainted (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric) |
| Check if the value is tainted in the given state. | |
| bool | isTainted (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric) |
| Check if the symbol is tainted in the given state. | |
| bool | isTainted (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) |
| Check if the pointer represented by the region is tainted in the given state. | |
| std::vector< SymbolRef > | getTaintedSymbols (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric) |
| Returns the tainted Symbols for a given Statement and state. | |
| std::vector< SymbolRef > | getTaintedSymbols (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric) |
| Returns the tainted Symbols for a given SVal and state. | |
| std::vector< SymbolRef > | getTaintedSymbols (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric) |
| Returns the tainted Symbols for a SymbolRef and state. | |
| std::vector< SymbolRef > | getTaintedSymbols (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric) |
| Returns the tainted (index, super/sub region, symbolic region) symbols for a given memory region. | |
| std::vector< SymbolRef > | getTaintedSymbolsImpl (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind, bool returnFirstOnly) |
| std::vector< SymbolRef > | getTaintedSymbolsImpl (ProgramStateRef State, SVal V, TaintTagType Kind, bool returnFirstOnly) |
| std::vector< SymbolRef > | getTaintedSymbolsImpl (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind, bool returnFirstOnly) |
| std::vector< SymbolRef > | getTaintedSymbolsImpl (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind, bool returnFirstOnly) |
| void | printTaint (ProgramStateRef State, raw_ostream &Out, const char *nl="\n", const char *sep="") |
| LLVM_DUMP_METHOD void | dumpTaint (ProgramStateRef State) |
Variables | |
| static constexpr TaintTagType | TaintTagGeneric = 0 |
| using clang::ento::taint::TaintTagType = typedef unsigned |
| ProgramStateRef clang::ento::taint::addPartialTaint | ( | ProgramStateRef | State, |
| SymbolRef | ParentSym, | ||
| const SubRegion * | SubRegion, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Create a new state in a which a sub-region of a given symbol is tainted.
This might be necessary when referring to regions that can not have an individual symbol, e.g. if they are represented by the default binding of a LazyCompoundVal.
Definition at line 125 of file Taint.cpp.
References addTaint(), clang::ento::MemRegion::getBaseRegion(), and clang::T.
Referenced by addTaint().
| ProgramStateRef clang::ento::taint::addTaint | ( | ProgramStateRef | State, |
| const MemRegion * | R, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Create a new state in which the pointer represented by the region is marked as tainted.
Definition at line 80 of file Taint.cpp.
References addTaint().
| ProgramStateRef clang::ento::taint::addTaint | ( | ProgramStateRef | State, |
| const Stmt * | S, | ||
| const LocationContext * | LCtx, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Create a new state in which the value of the statement is marked as tainted.
Definition at line 46 of file Taint.cpp.
References addTaint().
Referenced by addPartialTaint(), and addTaint().
| ProgramStateRef clang::ento::taint::addTaint | ( | ProgramStateRef | State, |
| SVal | V, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Create a new state in which the value is marked as tainted.
Definition at line 52 of file Taint.cpp.
References addPartialTaint(), addTaint(), and V.
| ProgramStateRef clang::ento::taint::addTaint | ( | ProgramStateRef | State, |
| SymbolRef | Sym, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
| void clang::ento::taint::dumpTaint | ( | ProgramStateRef | State | ) |
Definition at line 42 of file Taint.cpp.
References printTaint().
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols | ( | ProgramStateRef | State, |
| const MemRegion * | Reg, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Returns the tainted (index, super/sub region, symbolic region) symbols for a given memory region.
Definition at line 188 of file Taint.cpp.
References getTaintedSymbolsImpl().
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols | ( | ProgramStateRef | State, |
| const Stmt * | S, | ||
| const LocationContext * | LCtx, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Returns the tainted Symbols for a given Statement and state.
Definition at line 170 of file Taint.cpp.
References getTaintedSymbolsImpl().
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols | ( | ProgramStateRef | State, |
| SVal | V, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Returns the tainted Symbols for a given SVal and state.
Definition at line 177 of file Taint.cpp.
References getTaintedSymbolsImpl(), and V.
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols | ( | ProgramStateRef | State, |
| SymbolRef | Sym, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Returns the tainted Symbols for a SymbolRef and state.
Definition at line 182 of file Taint.cpp.
References getTaintedSymbolsImpl().
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl | ( | ProgramStateRef | State, |
| const MemRegion * | Reg, | ||
| TaintTagType | Kind, | ||
| bool | returnFirstOnly | ||
| ) |
Definition at line 213 of file Taint.cpp.
References getTaintedSymbolsImpl().
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl | ( | ProgramStateRef | State, |
| const Stmt * | S, | ||
| const LocationContext * | LCtx, | ||
| TaintTagType | Kind, | ||
| bool | returnFirstOnly | ||
| ) |
Definition at line 194 of file Taint.cpp.
References getTaintedSymbolsImpl().
Referenced by getTaintedSymbols(), getTaintedSymbolsImpl(), and isTainted().
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl | ( | ProgramStateRef | State, |
| SVal | V, | ||
| TaintTagType | Kind, | ||
| bool | returnFirstOnly | ||
| ) |
Definition at line 203 of file Taint.cpp.
References getTaintedSymbolsImpl(), and V.
| std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl | ( | ProgramStateRef | State, |
| SymbolRef | Sym, | ||
| TaintTagType | Kind, | ||
| bool | returnFirstOnly | ||
| ) |
Definition at line 252 of file Taint.cpp.
References clang::ento::SymExpr::computeComplexity(), getTaintedSymbolsImpl(), I, clang::ento::SubRegion::isSubRegionOf(), SRV, and clang::ento::SymExpr::symbols().
| bool clang::ento::taint::isTainted | ( | ProgramStateRef | State, |
| const MemRegion * | Reg, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Check if the pointer represented by the region is tainted in the given state.
Definition at line 159 of file Taint.cpp.
References getTaintedSymbolsImpl().
| bool clang::ento::taint::isTainted | ( | ProgramStateRef | State, |
| const Stmt * | S, | ||
| const LocationContext * | LCtx, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Check if the statement has a tainted value in the given state.
Definition at line 148 of file Taint.cpp.
References getTaintedSymbolsImpl().
| bool clang::ento::taint::isTainted | ( | ProgramStateRef | State, |
| SVal | V, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Check if the value is tainted in the given state.
Definition at line 154 of file Taint.cpp.
References getTaintedSymbolsImpl(), and V.
| bool clang::ento::taint::isTainted | ( | ProgramStateRef | State, |
| SymbolRef | Sym, | ||
| TaintTagType | Kind = TaintTagGeneric |
||
| ) |
Check if the symbol is tainted in the given state.
Definition at line 165 of file Taint.cpp.
References getTaintedSymbolsImpl().
| void clang::ento::taint::printTaint | ( | ProgramStateRef | State, |
| raw_ostream & | Out, | ||
| const char * | nl = "\n", |
||
| const char * | sep = "" |
||
| ) |
Referenced by dumpTaint().
| ProgramStateRef clang::ento::taint::removeTaint | ( | ProgramStateRef | State, |
| const MemRegion * | R | ||
| ) |
Definition at line 108 of file Taint.cpp.
References removeTaint().
| ProgramStateRef clang::ento::taint::removeTaint | ( | ProgramStateRef | State, |
| SVal | V | ||
| ) |
Definition at line 99 of file Taint.cpp.
References removeTaint(), and V.
Referenced by removeTaint().
| ProgramStateRef clang::ento::taint::removeTaint | ( | ProgramStateRef | State, |
| SymbolRef | Sym | ||
| ) |
|
staticconstexpr |
1.9.6