clang  17.0.0git
Classes | Typedefs | Functions | Variables
clang::ento::taint Namespace Reference

Classes

class  TaintBugVisitor
 The bug visitor prints a diagnostic message at the location where a given variable was tainted. More...
 

Typedefs

using TaintTagType = unsigned
 The type of taint, which helps to differentiate between different types of taint. More...
 

Functions

ProgramStateRef addTaint (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric)
 Create a new state in which the value of the statement is marked as tainted. More...
 
ProgramStateRef addTaint (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric)
 Create a new state in which the value is marked as tainted. More...
 
ProgramStateRef addTaint (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric)
 Create a new state in which the symbol is marked as tainted. More...
 
ProgramStateRef addTaint (ProgramStateRef State, const MemRegion *R, TaintTagType Kind=TaintTagGeneric)
 Create a new state in which the pointer represented by the region is marked as tainted. More...
 
ProgramStateRef removeTaint (ProgramStateRef State, SVal V)
 
ProgramStateRef removeTaint (ProgramStateRef State, const MemRegion *R)
 
ProgramStateRef removeTaint (ProgramStateRef State, SymbolRef Sym)
 
ProgramStateRef addPartialTaint (ProgramStateRef State, SymbolRef ParentSym, const SubRegion *SubRegion, TaintTagType Kind=TaintTagGeneric)
 Create a new state in a which a sub-region of a given symbol is tainted. More...
 
bool isTainted (ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric)
 Check if the statement has a tainted value in the given state. More...
 
bool isTainted (ProgramStateRef State, SVal V, TaintTagType Kind=TaintTagGeneric)
 Check if the value is tainted in the given state. More...
 
bool isTainted (ProgramStateRef State, SymbolRef Sym, TaintTagType Kind=TaintTagGeneric)
 Check if the symbol is tainted in the given state. More...
 
bool isTainted (ProgramStateRef State, const MemRegion *Reg, TaintTagType Kind=TaintTagGeneric)
 Check if the pointer represented by the region is tainted in the given state. More...
 
void printTaint (ProgramStateRef State, raw_ostream &Out, const char *nl="\n", const char *sep="")
 
LLVM_DUMP_METHOD void dumpTaint (ProgramStateRef State)
 

Variables

static constexpr TaintTagType TaintTagGeneric = 0
 

Typedef Documentation

◆ TaintTagType

using clang::ento::taint::TaintTagType = typedef unsigned

The type of taint, which helps to differentiate between different types of taint.

Definition at line 25 of file Taint.h.

Function Documentation

◆ addPartialTaint()

ProgramStateRef clang::ento::taint::addPartialTaint ( ProgramStateRef  State,
SymbolRef  ParentSym,
const SubRegion SubRegion,
TaintTagType  Kind = TaintTagGeneric 
)

Create a new state in a which a sub-region of a given symbol is tainted.

This might be necessary when referring to regions that can not have an individual symbol, e.g. if they are represented by the default binding of a LazyCompoundVal.

◆ addTaint() [1/4]

ProgramStateRef clang::ento::taint::addTaint ( ProgramStateRef  State,
const MemRegion R,
TaintTagType  Kind = TaintTagGeneric 
)

Create a new state in which the pointer represented by the region is marked as tainted.

◆ addTaint() [2/4]

ProgramStateRef clang::ento::taint::addTaint ( ProgramStateRef  State,
const Stmt S,
const LocationContext LCtx,
TaintTagType  Kind = TaintTagGeneric 
)

Create a new state in which the value of the statement is marked as tainted.

◆ addTaint() [3/4]

ProgramStateRef clang::ento::taint::addTaint ( ProgramStateRef  State,
SVal  V,
TaintTagType  Kind = TaintTagGeneric 
)

Create a new state in which the value is marked as tainted.

◆ addTaint() [4/4]

ProgramStateRef clang::ento::taint::addTaint ( ProgramStateRef  State,
SymbolRef  Sym,
TaintTagType  Kind = TaintTagGeneric 
)

Create a new state in which the symbol is marked as tainted.

◆ dumpTaint()

LLVM_DUMP_METHOD void clang::ento::taint::dumpTaint ( ProgramStateRef  State)

◆ isTainted() [1/4]

bool clang::ento::taint::isTainted ( ProgramStateRef  State,
const MemRegion Reg,
TaintTagType  Kind = TaintTagGeneric 
)

Check if the pointer represented by the region is tainted in the given state.

◆ isTainted() [2/4]

bool clang::ento::taint::isTainted ( ProgramStateRef  State,
const Stmt S,
const LocationContext LCtx,
TaintTagType  Kind = TaintTagGeneric 
)

Check if the statement has a tainted value in the given state.

Referenced by clang::ento::taint::TaintBugVisitor::VisitNode().

◆ isTainted() [3/4]

bool clang::ento::taint::isTainted ( ProgramStateRef  State,
SVal  V,
TaintTagType  Kind = TaintTagGeneric 
)

Check if the value is tainted in the given state.

◆ isTainted() [4/4]

bool clang::ento::taint::isTainted ( ProgramStateRef  State,
SymbolRef  Sym,
TaintTagType  Kind = TaintTagGeneric 
)

Check if the symbol is tainted in the given state.

◆ printTaint()

void clang::ento::taint::printTaint ( ProgramStateRef  State,
raw_ostream &  Out,
const char *  nl = "\n",
const char *  sep = "" 
)

◆ removeTaint() [1/3]

ProgramStateRef clang::ento::taint::removeTaint ( ProgramStateRef  State,
const MemRegion R 
)

◆ removeTaint() [2/3]

ProgramStateRef clang::ento::taint::removeTaint ( ProgramStateRef  State,
SVal  V 
)

◆ removeTaint() [3/3]

ProgramStateRef clang::ento::taint::removeTaint ( ProgramStateRef  State,
SymbolRef  Sym 
)

Variable Documentation

◆ TaintTagGeneric

constexpr TaintTagType clang::ento::taint::TaintTagGeneric = 0
staticconstexpr

Definition at line 27 of file Taint.h.

Generated on Thu Jan 26 2023 21:01:49 for clang by   doxygen 1.8.17