Ada: Add new aspects for CodePeer's taint analysis.
The Ada compiler now accepts, but ignores, taint-related aspects for use by CodePeer, a static analysis tool.
The Ada compiler now parses and accepts three new aspects: Taint_Sanitizer, Taint_Sink, and Taint_Source. These aspects are intended for use with CodePeer, a static analysis tool, to perform taint analysis. The compiler front end ignores these aspects during semantic analysis, and they are not documented in the GNAT RM.
In Details
This change introduces three new aspects to the Aspect_Id enumeration type in aspects.ads: Taint_Sanitizer, Taint_Sink, and Taint_Source. The compiler accepts aspect specifications for these aspects, but they are not semantically analyzed. The primary changes are in aspects.ads, exp_prag.adb, sem_ch13.adb, sem_util.adb, and snames.ads-tmpl.
For Context
Static analysis tools can help find bugs and security vulnerabilities by examining code without running it. One technique is taint analysis: tracking data from potentially untrusted sources (e.g. user input) as it flows through the program. This commit adds support for new 'aspects' (annotations) to the Ada language that will be used by the CodePeer static analysis tool to perform taint analysis. The compiler will recognize these aspects but ignore them, allowing CodePeer to use them for its analysis.