public override Cmd VisitAssignCmd(AssignCmd node)
{
// gather state from all predecesors
Block currBlock = worklist.cmdBlocks[node];
var predTaintSet = worklist.GatherPredecessorsState(node, currBlock);
var taintSet = new TaintSet(predTaintSet);
// the assignment has the potential to cleanse the taint
taintSet.RemoveWhere(v => node.Lhss.Exists(l => Utils.VariableUtils.ExtractVars(l).Contains(v)));
if (changedProcs.Contains(nodeToImpl[node].Proc) || changedBlocks.Contains(currBlock) || // native taint
InferDominatorTaint(currBlock)) // control taint
{
node.Lhss.Iter(lhs => taintSet.Add(Utils.VariableUtils.ExtractVars(lhs).First()));
}
else // data taint
{
for (int i = 0; i < node.Lhss.Count; ++i)
{
var lhs = Utils.VariableUtils.ExtractVars(node.Lhss[i]).First(); // TODO: stuff like: Mem_T.INT4[in_prio] := out_tempBoogie0
var rhsVars = Utils.VariableUtils.ExtractVars(node.Rhss[i]);
if (rhsVars.Intersect(predTaintSet).Count() > 0) // if RHS is tainted
{
taintSet.Add(lhs); // so is LHS
}
}
}
if (worklist.Assign(node, taintSet))
{
worklist.Propagate(node);
}
return(node);
}
public override Cmd VisitHavocCmd(HavocCmd node)
{
Block currBlock = worklist.cmdBlocks[node];
Dependencies dependencies = worklist.GatherPredecessorsState(node, currBlock);
// Havoc x translates to x <- *
foreach (var v in node.Vars.Select(x => x.Decl))
{
dependencies[v] = new VarSet();
dependencies[v].Add(Utils.VariableUtils.NonDetVar);
InferDominatorDependency(currBlock, dependencies[v]);
if (changedProcs.Contains(nodeToImpl[node].Proc) || changedBlocks.Contains(currBlock)) // native taint
{
if (Analysis.DacMerged == null || IsImpactedSummary(nodeToImpl[node].Proc, v))
{
dependencies[v].Add(Utils.VariableUtils.BottomUpTaintVar);
}
}
}
if (worklist.Assign(node, dependencies))
{
worklist.Propagate(node);
}
return(node);
}