[clang] [analyzer] Model overflow builtins (PR #102602)

Pavel Skripkin via cfe-commits cfe-commits at lists.llvm.org
Fri Aug 9 14:13:19 PDT 2024


================
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker<eval::Call> {
 
 } // namespace
 
+void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call,
+                                                   CheckerContext &C,
+                                                   BinaryOperator::Opcode Op,
+                                                   QualType ResultType) const {
+  // All __builtin_*_overflow functions take 3 argumets.
+  assert(Call.getNumArgs() == 3);
----------------
pskrgag wrote:

So.... I've pushed what I came up with for handling overflow, but during test writing I found smth I don't understand. I've decided to push current state, since it's easier to show code than describe it =)

My current problem is following code:
```c
   if (a > 10)
     return;
   if (b > 10)
     return;

   // clang_analyzer_eval(a + b < 30); <--- Prints 1 and 0, but why ???
````
For some reason constraints do not work as expected. And because of that my overflow checker splits state where it shouldn't.... I'd really appreciate tips 

https://github.com/llvm/llvm-project/pull/102602


More information about the cfe-commits mailing list