Fabian Schiebel

icon company @Fraunhofer-IEM @secure-software-engineering icon location Paderborn, Germany

Results 42 comments of Fabian Schiebel

Get data flow for leaks in taint analysis

Your question seems to have multiple parts. Let's answer them one by one. 1. Getting the source function for a taint leak: We are not propagating this information and as...

Redesign ProjectIRDB

After merging, this branch can be deleted

Redesign ProjectIRDB

To reduce merge conflicts, we should first merge #516. However, comments are also welcome before^^

Will the SPDS(POPL19) be incorporated in phasar?

Yes, internally we are already working on it, so eventually it will be part of phasar. However, it will take quite some time due to the inherent complexity of the...

OpenSSL Typestate analysis Secure Memory check bug

Hi @Ayohbk, I could reproduce your bug. It appears that the analysis is indeed correct here. This is, because it cannot know that the function `CRYPTO_malloc` is a memory allocator...

how can i get a taint path in ifds-taint/ide-xtaint analysis?

Hi @JJ2nu, there is currently no way of getting path information from PhASAR's analyses. However, we are working on a path sensitive analysis. We will eventually integrate it into open-source...

Is there a tutorial for taint analysis?

Yes, unfortunately, we didn't have time for creating a documentation regarding this yet.

Create thread safe version of llvm::CFLAndersAA and llvm::CFLSteensAA

LLVM removed CFLAndersAA and CFLSteensAA for LLVM15, so we will get rid of them as well (#610). Theremaining BasicAA and TBAA should be easier to get thread-safe

plugin make file

Plugins were removed from phasar

Document when to use forward declarations versus #includes

See https://github.com/secure-software-engineering/phasar/wiki/Coding-Conventions#include-vs-forward-declaration