polytracker
polytracker copied to clipboard
trailofbits
An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.
These are currently uninstrumented functions that we should probably support: - [x] `bcmp` - [x] `bindtextdomain` - [x] `dirname` - [x] `fgetc` - [x] `fseeko` - [x] `mbtowc` - [...
As requested by @carsonharmon, trace collection for `libsndfile` is stalling + the DB is getting pretty huge with/without `POLYTRACE=1`.
Its not optimal to check if we've hit main to start tracking, it adds additional branches on all of our logging. There are probably some systems level things we can...
Peter pointed out that there might be a need for stack unwinding for setjmp/longjmp. We also have cases like in jq where pthread_once calls instrumented code creating a mismatch in...
Peter had a really good catch, that in places like logFunctionExit I had const references which would push constant values into memory. This prevents further optimizations the compiler could do.
I think when reasoning about dataflow this is important, its more overhead, but worth it and low hanging fruit.
Create FunctionCall event for reasoning about uninstrumented code in post processing
- [ ] Add documentation showing how to write custom wrappers for target functions ~- [ ] Create an interface for creating new custom taint wrappers without modifying polytracker/dfsan code~...
Every time a program reads past the end of a file, return a special taint with a new label associated with that `EOF`.
Metadata
Owner
Metadata
An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.