[clang] [clang] [Static analyzer]: add initial support for builtin overflow (PR #102602)

[Donát Nagy via cfe-commits]

================
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker<eval::Call> {
 
 } // namespace
 
+void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call,
+                                                   CheckerContext &C,
+                                                   BinaryOperator::Opcode Op,
+                                                   QualType ResultType) const {
+  // All __builtin_*_overflow functions take 3 argumets.
+  assert(Call.getNumArgs() == 3);
----------------
NagyDonat wrote:

The use of `assert()` should be limited to situations where we realize that the _analyzer code_ is buggy (we reached an "impossible" situation). If the _analyzed code_ contains an invalid call like `__builtin_add_overflow(10, 20, &res, "spam")`, then the analyzer _may_ report an error, but must not crash with an assertion failure.

Unfortunately, this particular checker is a so-called "modeling" checker, so it is hidden from the user (as an undocumented implementation detail), and therefore it cannot create bug reports.

This means that if we encounter an invalid `__builtin_*_overflow` call, then we should probably just ignore it, because we should not assert and we cannot create a bug report. I'd assume that this is an extremely rare situation (if someone uses these builtin function, they're unlikely to mess up the argument count), so a more complex solution (e.g. introducing a new non-modeling checker which creates bug reports) is probably not worth the effort.

https://github.com/llvm/llvm-project/pull/102602