branch not taken analysis does not handle switch statement

[tim-hoffman]

Analyze/instrument the following code with -controlTrack option:

private static void switchBranchNotTaken() {
    final String mark = "TAG";
    char input = MultiTainter.taintedChar('9', mark);
    char output = '-';

    switch (input) {
        case '0':
            output = '0';
            break;
        case '1':
            output = '1';
            break;
    }
    Taint t = MultiTainter.getTaint(output);
    assert t != null && t.containsOnlyLabels(new Object[]{mark});
}

When running the instrumented code, the assertion fails because output is not tainted. However, if you change the input initial value to '0' or '1' the assertion succeeds as expected.

[jon-bell]

Control flow propagation (and in particular branch not taken flows) are very loosely defined right now; our long term goal is to clean up all of the loose ends like this. If you would like pointer into the code for where to start working on a patch I'm happy to direct you there, but otherwise it will probably be at least 4-5 weeks before I can get to this.