ROSE  0.11.145.0
Public Member Functions | Protected Member Functions | Static Protected Member Functions | Protected Attributes | List of all members
TaintAnalysis Class Reference

Description

Definition at line 137 of file taintAnalysis.h.

Inheritance diagram for TaintAnalysis:
Inheritance graph
[legend]
Collaboration diagram for TaintAnalysis:
Collaboration graph
[legend]

Public Member Functions

 TaintAnalysis (LiveDeadVarsAnalysis *ldv_analysis)
 
void genInitState (const Function &func, const DataflowNode &node, const NodeState &state, std::vector< Lattice * > &initLattices, std::vector< NodeFact * > &initFacts)
 Generate initial lattice state. More...
 
bool transfer (const Function &func, const DataflowNode &node_, NodeState &state, const std::vector< Lattice * > &dfInfo)
 Adjust a result vertex pointer. More...
 
std::ostream * get_debug () const
 Accessor for debug settings. More...
 
void set_debug (std::ostream *os)
 Accessor for debug settings. More...
 
- Public Member Functions inherited from IntraFWDataflow
NodeStateinitializeFunctionNodeState (const Function &func, NodeState *fState)
 
VirtualCFG::dataflowgetInitialWorklist (const Function &func, bool firstVisit, bool analyzeDueToCallers, const set< Function > &calleesUpdated, NodeState *fState)
 
vector< Lattice * > getLatticeAnte (NodeState *state)
 
vector< Lattice * > getLatticePost (NodeState *state)
 
void transferFunctionCall (const Function &func, const DataflowNode &n, NodeState *state)
 
vector< DataflowNodegetDescendants (const DataflowNode &n)
 
DataflowNode getUltimate (const Function &func)
 
- Public Member Functions inherited from IntraUniDirectionalDataflow
bool runAnalysis (const Function &func, NodeState *state, bool analyzeDueToCallers, std::set< Function > calleesUpdated)
 
- Public Member Functions inherited from IntraUnitDataflow
virtual boost::shared_ptr< IntraDFTransferVisitorgetTransferVisitor (const Function &func, const DataflowNode &n, NodeState &state, const std::vector< Lattice * > &dfInfo)
 
- Public Member Functions inherited from IntraProceduralDataflow
void setInterAnalysis (InterProceduralDataflow *interDataflowAnalysis)
 
void setInterAnalysis (IntraProceduralDataflow *intraDFAnalysis)
 
bool runAnalysis (const Function &func, NodeState *state)
 
InterProceduralDataflowgetInterAnalysis () const
 
- Public Member Functions inherited from IntraProceduralAnalysis
void setInterAnalysis (InterProceduralAnalysis *interAnalysis)
 
- Public Member Functions inherited from Analysis
 Analysis (bool(*f)(CFGNode)=defaultFilter)
 

Protected Member Functions

bool magic_tainted (SgNode *node, FiniteVarsExprsProductLattice *prodLat)
 Make certain variables always tainted. More...
 
- Protected Member Functions inherited from IntraUniDirectionalDataflow
bool propagateStateToNextNode (const std::vector< Lattice * > &curNodeState, DataflowNode curDFNode, int nodeIndex, const std::vector< Lattice * > &nextNodeState, DataflowNode nextDFNode)
 
std::vector< DataflowNodegatherDescendants (std::vector< DataflowEdge > edges, DataflowNode(DataflowEdge::*edgeFn)() const)
 

Static Protected Member Functions

static std::string lattice_info (const TaintLattice *lattice)
 Helps print lattice pointers. More...
 

Protected Attributes

LiveDeadVarsAnalysisldv_analysis
 
std::ostream * debug
 
- Protected Attributes inherited from IntraProceduralAnalysis
InterProceduralAnalysisinterAnalysis
 

Additional Inherited Members

- Public Attributes inherited from IntraProceduralDataflow
std::set< Functionvisited
 
- Public Attributes inherited from Analysis
bool(* filter )(CFGNode cfgn)
 

Member Function Documentation

std::ostream* TaintAnalysis::get_debug ( ) const
inline

Accessor for debug settings.

If a non-null output stream is supplied, then debugging information will be sent to that stream; otherwise debugging information is suppressed. Debugging is disabled by default.

Definition at line 152 of file taintAnalysis.h.

void TaintAnalysis::set_debug ( std::ostream *  os)
inline

Accessor for debug settings.

If a non-null output stream is supplied, then debugging information will be sent to that stream; otherwise debugging information is suppressed. Debugging is disabled by default.

Definition at line 153 of file taintAnalysis.h.

void TaintAnalysis::genInitState ( const Function func,
const DataflowNode node,
const NodeState state,
std::vector< Lattice * > &  initLattices,
std::vector< NodeFact * > &  initFacts 
)
virtual

Generate initial lattice state.

Generates the initial lattice state for the given dataflow node, in the given function, with the given node state.

Implements IntraProceduralDataflow.

bool TaintAnalysis::transfer ( const Function func,
const DataflowNode node_,
NodeState state,
const std::vector< Lattice * > &  dfInfo 
)
virtual

Adjust a result vertex pointer.

This function has an opportunity to adjust the result lattice vertex pointer based on input lattice vertices at a particular AST node at a particular time in the data flow. For instance, if the AST node is an SgAddOp binry operation then we can obtain the vertices to which the two operands point (say, VERTEX_TAINTED and VERTEX_UNTAINTED) and adjust the result so it points to a particular vertex (say, VERTEX_TAINTED).

This method returns true if it changed where the result points, and false otherwise. For example, if the result originally pointed to VERTEX_BOTTOM but now points to VERTEX_TAINTED then we would return true.

Implements IntraUnitDataflow.

static std::string TaintAnalysis::lattice_info ( const TaintLattice lattice)
inlinestaticprotected

Helps print lattice pointers.

Like std::cout <<"lhs lattice is " <<lattice_info(lhs) <<"\n". Convenient because the live/dead analysis causes some lattices to be missing (null).

Definition at line 192 of file taintAnalysis.h.

References TaintLattice::to_string().

bool TaintAnalysis::magic_tainted ( SgNode node,
FiniteVarsExprsProductLattice prodLat 
)
protected

Make certain variables always tainted.

Variables whose names begin with the string "TAINTED" are assumed to be tainted regardless of their situation. This is our currently kludgy way of introducing taint into a specimen – the user modifies the specimen and introduces taint with these specially named variables. E.g.,

ORIGINAL MODIFIED
------------------------------------ ------------------------------------
int specimen() { int specimen() {
extern int TAINTED;
int a = 2 * foo(); int a = 2 * foo() + TAINTED;
return a; return a;
} }

The documentation for this class was generated from the following file: