@@ -67,7 +67,7 @@ void taint_analysist::instrument(
6767 {
6868 const goto_programt::instructiont &instruction=*it;
6969
70- goto_programt tmp ;
70+ goto_programt insert_before, insert_after ;
7171
7272 switch (instruction.type )
7373 {
@@ -164,15 +164,15 @@ void taint_analysist::instrument(
164164 code_set_may.op0 ()=where;
165165 code_set_may.op1 ()=
166166 address_of_exprt (string_constantt (rule.taint ));
167- goto_programt::targett t=tmp .add_instruction ();
167+ goto_programt::targett t=insert_after .add_instruction ();
168168 t->make_other (code_set_may);
169169 t->source_location =instruction.source_location ;
170170 }
171171 break ;
172172
173173 case taint_parse_treet::rulet::SINK:
174174 {
175- goto_programt::targett t=tmp .add_instruction ();
175+ goto_programt::targett t=insert_before .add_instruction ();
176176 binary_predicate_exprt get_may (" get_may"
177177 get_may.op0 ()=where;
178178 get_may.op1 ()=address_of_exprt (string_constantt (rule.taint ));
@@ -191,7 +191,7 @@ void taint_analysist::instrument(
191191 code_clear_may.op0 ()=where;
192192 code_clear_may.op1 ()=
193193 address_of_exprt (string_constantt (rule.taint ));
194- goto_programt::targett t=tmp .add_instruction ();
194+ goto_programt::targett t=insert_after .add_instruction ();
195195 t->make_other (code_clear_may);
196196 t->source_location =instruction.source_location ;
197197 }
@@ -208,11 +208,17 @@ void taint_analysist::instrument(
208208 }
209209 }
210210
211- if (!tmp .empty ())
211+ if (!insert_before .empty ())
212212 {
213- goto_programt::targett next=it;
214- next++;
215- goto_function.body .destructive_insert (next, tmp);
213+ goto_function.body .insert_before_swap (it, insert_before);
214+ // advance until we get back to the call
215+ while (!it->is_function_call ()) ++it;
216+ }
217+
218+ if (!insert_after.empty ())
219+ {
220+ goto_function.body .destructive_insert (
221+ std::next (it), insert_after);
216222 }
217223 }
218224}
0 commit comments