GenericTaintChecker now uses CallDescriptionMap to describe the possible
operation in code which trigger the introduction (sources), the removal
(filters), the passing along (propagations) and detection (sinks) of
tainted values.
Details
Diff Detail
- Repository
- rG LLVM Github Monorepo
Unit Tests
Event Timeline
I haven't read this whole patch with full scrutiny but it sure looks lovely. I now also see what the problem is with non-static strings in call descriptions.
Sweet stuff!
clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp | ||
---|---|---|
39–40 | ||
39–40 | typo | |
287–288 | I would expect this in plural form. | |
288 | Definitely reads oddly. The return type is singular but the function parses name parts. | |
632–633 | A comment like this would make it cleaner: | |
729–730 | It's unfortunate that we don't shortcircuit after the patch. | |
852–853 | Use inclusive terms. |
Applied typo and naming fixes, introduced 2 move operations, and re-introduced short circuiting.