pgoodman
commented
2 years ago Desirable features:
- Single step based api, enabling the external user to orchestrate. E.g. in a gui, I want to show "the next step" but in an offline analysis, I might want to run until some condition is reached.
- Forwards or backwards.
- Some notion of a path or path state abstraction.
I think a data flow analysis may be a nice foundation, then tainting is built upon a data flow analysis. E.g. the tainting would be a layer on top, that could maintain per-path state, decide if a data flow step is accepted/rejected as a tainting step, etc.
Design and create a taint analysis library on top of vast. It should be inter translation unit analysis.
We need to design API to query the user for possible points in other translation units.