review.tizen.org Git - platform/upstream/llvm.git/commit

author	Artem Dergachev <artem.dergachev@gmail.com>
	Mon, 29 May 2017 15:42:56 +0000 (15:42 +0000)
committer	Artem Dergachev <artem.dergachev@gmail.com>
	Mon, 29 May 2017 15:42:56 +0000 (15:42 +0000)
commit	eed7a3102c51d863ff9035d31a33313e77364692
tree	1513579135006000236c91d69cbe271a2995f7e5	tree \| snapshot
parent	4c4baf5093c808f41044f32ddef0c62855f1b39c	commit \| diff

[analyzer] Support partially tainted records.

The analyzer's taint analysis can now reason about structures or arrays
originating from taint sources in which only certain sections are tainted.

In particular, it also benefits modeling functions like read(), which may
read tainted data into a section of a structure, but RegionStore is incapable of
expressing the fact that the rest of the structure remains intact, even if we
try to model read() directly.

Patch by Vlad Tsyrklevich!

Differential revision: https://reviews.llvm.org/D28445

llvm-svn: 304162

clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h		diff \| blob \| history
clang/include/clang/StaticAnalyzer/Core/PathSensitive/TaintManager.h		diff \| blob \| history
clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp		diff \| blob \| history
clang/lib/StaticAnalyzer/Core/ProgramState.cpp		diff \| blob \| history
clang/lib/StaticAnalyzer/Core/RegionStore.cpp		diff \| blob \| history
clang/test/Analysis/taint-generic.c		diff \| blob \| history