Typedefs
using	TaintTagType = unsigned
	The type of taint, which helps to differentiate between different types of taint.

Functions
ProgramStateRef	addTaint (ProgramStateRef State, const Stmt S, const LocationContext LCtx, TaintTagType Kind=TaintTagGeneric)
	Create a new state in which the value of the statement is marked as tainted.

ProgramStateRef	addTaint (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric)
	Create a new state in which the value is marked as tainted.

ProgramStateRef	addTaint (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric)
	Create a new state in which the symbol is marked as tainted.

ProgramStateRef	addTaint (ProgramStateRef State, const MemRegion *R, TaintTagType Kind=TaintTagGeneric)
	Create a new state in which the pointer represented by the region is marked as tainted.

ProgramStateRef	removeTaint (ProgramStateRef State, SVal V)

ProgramStateRef	removeTaint (ProgramStateRef State, const MemRegion *R)

ProgramStateRef	removeTaint (ProgramStateRef State, SymbolRef Sym)

ProgramStateRef	addPartialTaint (ProgramStateRef State, SymbolRef ParentSym, const SubRegion *SubRegion, TaintTagType Kind=TaintTagGeneric)
	Create a new state in a which a sub-region of a given symbol is tainted.

bool	isTainted (ProgramStateRef State, const Stmt S, const LocationContext LCtx, TaintTagType Kind=TaintTagGeneric)
	Check if the statement has a tainted value in the given state.

bool	isTainted (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric)
	Check if the value is tainted in the given state.

bool	isTainted (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric)
	Check if the symbol is tainted in the given state.

bool	isTainted (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric)
	Check if the pointer represented by the region is tainted in the given state.

std::vector< SymbolRef >	getTaintedSymbols (ProgramStateRef State, const Stmt S, const LocationContext LCtx, TaintTagType Kind=TaintTagGeneric)
	Returns the tainted Symbols for a given Statement and state.

std::vector< SymbolRef >	getTaintedSymbols (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric)
	Returns the tainted Symbols for a given SVal and state.

std::vector< SymbolRef >	getTaintedSymbols (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric)
	Returns the tainted Symbols for a SymbolRef and state.

std::vector< SymbolRef >	getTaintedSymbols (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric)
	Returns the tainted (index, super/sub region, symbolic region) symbols for a given memory region.

std::vector< SymbolRef >	getTaintedSymbolsImpl (ProgramStateRef State, const Stmt S, const LocationContext LCtx, TaintTagType Kind, bool returnFirstOnly)

std::vector< SymbolRef >	getTaintedSymbolsImpl (ProgramStateRef State, SVal V, TaintTagType Kind, bool returnFirstOnly)

std::vector< SymbolRef >	getTaintedSymbolsImpl (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind, bool returnFirstOnly)

std::vector< SymbolRef >	getTaintedSymbolsImpl (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind, bool returnFirstOnly)

void	printTaint (ProgramStateRef State, raw_ostream &Out, const char nl="\n", const char sep="")

LLVM_DUMP_METHOD void	dumpTaint (ProgramStateRef State)

Variables
static constexpr TaintTagType	TaintTagGeneric = 0

Typedef Documentation

◆ TaintTagType

using clang::ento::taint::TaintTagType = typedef unsigned

The type of taint, which helps to differentiate between different types of taint.

Definition at line 25 of file Taint.h.

Function Documentation

◆ addPartialTaint()

ProgramStateRef clang::ento::taint::addPartialTaint	(	ProgramStateRef	State,
		SymbolRef	ParentSym,
		const SubRegion *	SubRegion,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Create a new state in a which a sub-region of a given symbol is tainted.

This might be necessary when referring to regions that can not have an individual symbol, e.g. if they are represented by the default binding of a LazyCompoundVal.

Definition at line 124 of file Taint.cpp.

References addTaint(), and clang::ento::MemRegion::getBaseRegion().

Referenced by addTaint().

◆ addTaint() [1/4]

ProgramStateRef clang::ento::taint::addTaint	(	ProgramStateRef	State,
		const MemRegion *	R,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Create a new state in which the pointer represented by the region is marked as tainted.

Definition at line 79 of file Taint.cpp.

References addTaint().

◆ addTaint() [2/4]

ProgramStateRef clang::ento::taint::addTaint	(	ProgramStateRef	State,
		const Stmt *	S,
		const LocationContext *	LCtx,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Create a new state in which the value of the statement is marked as tainted.

Definition at line 45 of file Taint.cpp.

References addTaint().

Referenced by addPartialTaint(), and addTaint().

◆ addTaint() [3/4]

ProgramStateRef clang::ento::taint::addTaint	(	ProgramStateRef	State,
		SVal	V,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Create a new state in which the value is marked as tainted.

Definition at line 51 of file Taint.cpp.

References addPartialTaint(), addTaint(), and V.

◆ addTaint() [4/4]

ProgramStateRef clang::ento::taint::addTaint	(	ProgramStateRef	State,
		SymbolRef	Sym,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Create a new state in which the symbol is marked as tainted.

Definition at line 86 of file Taint.cpp.

◆ dumpTaint()

void clang::ento::taint::dumpTaint ( ProgramStateRef State )

Definition at line 41 of file Taint.cpp.

References printTaint().

◆ getTaintedSymbols() [1/4]

std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols	(	ProgramStateRef	State,
		const MemRegion *	Reg,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Returns the tainted (index, super/sub region, symbolic region) symbols for a given memory region.

Definition at line 187 of file Taint.cpp.

References getTaintedSymbolsImpl().

◆ getTaintedSymbols() [2/4]

std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols	(	ProgramStateRef	State,
		const Stmt *	S,
		const LocationContext *	LCtx,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Returns the tainted Symbols for a given Statement and state.

Definition at line 169 of file Taint.cpp.

References getTaintedSymbolsImpl().

◆ getTaintedSymbols() [3/4]

std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols	(	ProgramStateRef	State,
		SVal	V,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Returns the tainted Symbols for a given SVal and state.

Definition at line 176 of file Taint.cpp.

References getTaintedSymbolsImpl(), and V.

◆ getTaintedSymbols() [4/4]

std::vector< SymbolRef > clang::ento::taint::getTaintedSymbols	(	ProgramStateRef	State,
		SymbolRef	Sym,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Returns the tainted Symbols for a SymbolRef and state.

Definition at line 181 of file Taint.cpp.

References getTaintedSymbolsImpl().

◆ getTaintedSymbolsImpl() [1/4]

std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl	(	ProgramStateRef	State,
		const MemRegion *	Reg,
		TaintTagType	Kind,
		bool	returnFirstOnly
	)

Definition at line 212 of file Taint.cpp.

References getTaintedSymbolsImpl().

◆ getTaintedSymbolsImpl() [2/4]

std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl	(	ProgramStateRef	State,
		const Stmt *	S,
		const LocationContext *	LCtx,
		TaintTagType	Kind,
		bool	returnFirstOnly
	)

Definition at line 193 of file Taint.cpp.

References getTaintedSymbolsImpl().

Referenced by getTaintedSymbols(), getTaintedSymbolsImpl(), and isTainted().

◆ getTaintedSymbolsImpl() [3/4]

std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl	(	ProgramStateRef	State,
		SVal	V,
		TaintTagType	Kind,
		bool	returnFirstOnly
	)

Definition at line 202 of file Taint.cpp.

References getTaintedSymbolsImpl(), and V.

◆ getTaintedSymbolsImpl() [4/4]

std::vector< SymbolRef > clang::ento::taint::getTaintedSymbolsImpl	(	ProgramStateRef	State,
		SymbolRef	Sym,
		TaintTagType	Kind,
		bool	returnFirstOnly
	)

Definition at line 253 of file Taint.cpp.

References getTaintedSymbolsImpl(), clang::ento::SubRegion::isSubRegionOf(), clang::ento::SymExpr::symbol_begin(), and clang::ento::SymExpr::symbol_end().

◆ isTainted() [1/4]

bool clang::ento::taint::isTainted	(	ProgramStateRef	State,
		const MemRegion *	Reg,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Check if the pointer represented by the region is tainted in the given state.

Definition at line 158 of file Taint.cpp.

References getTaintedSymbolsImpl().

◆ isTainted() [2/4]

bool clang::ento::taint::isTainted	(	ProgramStateRef	State,
		const Stmt *	S,
		const LocationContext *	LCtx,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Check if the statement has a tainted value in the given state.

Definition at line 147 of file Taint.cpp.

References getTaintedSymbolsImpl().

◆ isTainted() [3/4]

bool clang::ento::taint::isTainted	(	ProgramStateRef	State,
		SVal	V,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Check if the value is tainted in the given state.

Definition at line 153 of file Taint.cpp.

References getTaintedSymbolsImpl(), and V.

◆ isTainted() [4/4]

bool clang::ento::taint::isTainted	(	ProgramStateRef	State,
		SymbolRef	Sym,
		TaintTagType	Kind = `TaintTagGeneric`
	)

Check if the symbol is tainted in the given state.

Definition at line 164 of file Taint.cpp.

References getTaintedSymbolsImpl().

◆ printTaint()

void clang::ento::taint::printTaint	(	ProgramStateRef	State,
		raw_ostream &	Out,
		const char *	nl = `"\n"`,
		const char *	sep = `""`
	)

Referenced by dumpTaint().

◆ removeTaint() [1/3]

ProgramStateRef clang::ento::taint::removeTaint	(	ProgramStateRef	State,
		const MemRegion *	R
	)

Definition at line 107 of file Taint.cpp.

References removeTaint().

◆ removeTaint() [2/3]

ProgramStateRef clang::ento::taint::removeTaint	(	ProgramStateRef	State,
		SVal	V
	)

Definition at line 98 of file Taint.cpp.

References removeTaint(), and V.

Referenced by removeTaint().

◆ removeTaint() [3/3]

ProgramStateRef clang::ento::taint::removeTaint	(	ProgramStateRef	State,
		SymbolRef	Sym
	)

Definition at line 113 of file Taint.cpp.

Variable Documentation

◆ TaintTagGeneric

constexpr TaintTagType clang::ento::taint::TaintTagGeneric = 0

staticconstexpr

Definition at line 27 of file Taint.h.

Typedefs

Functions

Variables

Typedef Documentation

◆ TaintTagType

Function Documentation

◆ addPartialTaint()

◆ addTaint() [1/4]

◆ addTaint() [2/4]

◆ addTaint() [3/4]

◆ addTaint() [4/4]

◆ dumpTaint()

◆ getTaintedSymbols() [1/4]

◆ getTaintedSymbols() [2/4]

◆ getTaintedSymbols() [3/4]

◆ getTaintedSymbols() [4/4]

◆ getTaintedSymbolsImpl() [1/4]

◆ getTaintedSymbolsImpl() [2/4]

◆ getTaintedSymbolsImpl() [3/4]

◆ getTaintedSymbolsImpl() [4/4]

◆ isTainted() [1/4]

◆ isTainted() [2/4]

◆ isTainted() [3/4]

◆ isTainted() [4/4]

◆ printTaint()

◆ removeTaint() [1/3]

◆ removeTaint() [2/3]

◆ removeTaint() [3/3]

Variable Documentation

◆ TaintTagGeneric