bap-taint

BAP Taint Analysis Framework
Legend:
Library
Module
Module type
Parameter
Class
Class type
Library taint
Module Bap_taint . Std . Taint . Gc
val taint_finalize : (Object.t * bool) Bap_primus.Std.Primus.observation

taint_finalize (t,live) occurs when a taint object is collected. The parameter live is true if the taint object is alive in some other machine, otherwise it is true.

The precise interpretation of the live flag depends on the execution mode of a machine. If each machine corresponds to an execution path, then live is true when the taint is no longer reachable in that execution path and when live is false then the taint is truly dead and there are no other machines (paths) that contain this taint. Such interpretation could be used to implement may and must analysis.

Note: the event may occur during the GC collection cycle and there could be a significant delay between the actual time when the taint becomes unreachable and the time when the observation is made.

Note: the event is only triggered is systems with a garbage collector.

  • since 2.2.0 the semantics of liveness was refined.

Conservative Garbage Collector.

taint_finalize (t,live) occurs either when the taint t is no longer reachable or when when machine that created this taint finishes. In the former case live would be true in the latter it is false.

The event may occur during the GC collection cycle and there could be a significant delay between the actual time when the taint become unreachable and the time when the observation is made.