Package pascal.taie.analysis.pta.plugin.taint

Class TaintAnalysis

java.lang.Object

pascal.taie.analysis.pta.plugin.CompositePlugin

pascal.taie.analysis.pta.plugin.taint.TaintAnalysis

All Implemented Interfaces:

Plugin

public class TaintAnalysis
extends CompositePlugin

Taint Analysis composites plugins SourceHandler, TransferHandler and SanitizerHandler to handle the logic associated with Source, TaintTransfer, and Sanitizer respectively. The analysis finally gathers taint flows from Sink through SinkHandler and generates reports.
The following diagram illustrates the workflow of the taint analysis:

     ┌───────────────────────────┐   ┌─────────────────────────────┐
 ┌──►│       initialize()        ├───┤Clean Up                     │
 │   └─────────────┬─────────────┘   │                             │
 │      on-the-fly │with PTA         │ 1.Clear composited handlers │
 │                 ▼                 │ 2.Remove taint objects      │
 │   ┌───────────────────────────┐   │   from points-to set        │
 │   │      onPhaseFinish()      │   │ 3.Remove taint transfer     │
 │Yes│ ┌───────────────────────┐ │   │   edge from pointer flow    │
 │ ┌─┼─┤In interactive mode and│ │   │   graph                     │
 └─┼─┼─┤Enter 'r' from console?│ │   │                             │
   │ │ └───────────┬───────────┘ │   │Start Up                     │
   │ │             │             │   │                             │
   │ └─────────────┼─────────────┘   │ 4. Load taint configuration │
   │               │No               │ 5. Create Source/Transfer/  │
   │               ▼                 │    Sanitizer handlers       │
   │ ┌───────────────────────────┐   │ 6. Create taint objects     │
   │ │         onFinish()        │   └─────────────────────────────┘
   │ └─────────────┬─────────────┘
   │               │
   │               ▼                 ┌─────────────────────────────┐
   │ ┌───────────────────────────┐   │Collect taint analysis result│
   └►│     reportTaintFlows()    ├───┤and report taint flows       │
     └───────────────────────────┘   └─────────────────────────────┘
 

Field Summary

Fields inherited from interface pascal.taie.analysis.pta.plugin.Plugin

DUMMY

Constructor Summary

Constructors

Constructor	Description
TaintAnalysis()

Method Summary

Modifier and Type	Method	Description
void	onFinish()	Invoked when pointer analysis finishes.
void	onPhaseFinish()	Invoked when pointer analysis has processed all entries in the work list.
void	setSolver(Solver solver)	Sets pointer analysis solver which will be used later by the plugin.

Methods inherited from class pascal.taie.analysis.pta.plugin.CompositePlugin

addPlugin, clearPlugins, onNewCallEdge, onNewCSMethod, onNewMethod, onNewPointsToSet, onNewStmt, onStart, onUnresolvedCall

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TaintAnalysis

public TaintAnalysis()

Method Details

setSolver

public void setSolver(Solver solver)

Description copied from interface: Plugin

Sets pointer analysis solver which will be used later by the plugin.

Specified by:

setSolver in interface Plugin

Overrides:

setSolver in class CompositePlugin

onPhaseFinish

public void onPhaseFinish()

Description copied from interface: Plugin

Invoked when pointer analysis has processed all entries in the work list. Some plugins need to perform certain computation at this stage (so that it can collect enough points-to information in the program), and may further add entries to the work list to "restart" the pointer analysis.

Specified by:

onPhaseFinish in interface Plugin

Overrides:

onPhaseFinish in class CompositePlugin

onFinish

public void onFinish()

Description copied from interface: Plugin

Invoked when pointer analysis finishes. Pointer analysis is supposed to have been finished at this stage, thus this call back should NOT modify pointer analysis results.

Specified by:

onFinish in interface Plugin

Overrides:

onFinish in class CompositePlugin