Add support for flow through content of global variables #16667
Conversation
|
The failing case already exists-- it's the one that still has the MISSING: tag where the others are removed. |
|
(Will DCA then QA) |
|
DCA: one new result (TP, stack trace exposure), no performance effects. Proceeding to QA. |
smowton
force-pushed
the
smowton/fix/global-variable-side-effect
branch
from
8527054
to
b440ae2
Compare
|
There are too many new results to sensibly check them all, but I checked a sample result from each of the 5 repositories with the most new results, and found they were all doing as intended. Some appeared to be TPs, and some FPs for unrelated reasons, e.g. taint-tracking losing sight of the fact that only one field of a struct carried tainted data, that don't reflect on the change made here. Performance results were unremarkable. Therefore I recommend merging this. |
smowton
force-pushed
the
smowton/fix/global-variable-side-effect
branch
from
b440ae2
to
4da5d66
Compare
|
@owen-mc I've rebased to re-test and added test expectation changes and a change note. Please review and merge if you're happy. |
|
I've made an issue to follow up the missing pointer content store step. |
Note flow via something like
sideEffect(&x)is still broken. I think this is because we're lacking a store-step for*x = source(), which should result inxhaving taint with access path[PointerContent]. This might also involve address operations being able to read taint (i.e. to note that if&xis tainted with[PointerContent]thenxis tainted without an access path), but I'm not sure -- in any event I don't address the matter here. I'd suggest tackling that issue by cribbing off C/C++, which has surely addressed (no pun intended) this exact issue.