Index: include/clang/StaticAnalyzer/Checkers/Checkers.td =================================================================== --- include/clang/StaticAnalyzer/Checkers/Checkers.td +++ include/clang/StaticAnalyzer/Checkers/Checkers.td @@ -99,6 +99,10 @@ HelpText<"Check for dereferences of null pointers">, DescFile<"DereferenceChecker.cpp">; +def ModelBuiltinsChecker : Checker<"ModelBuiltins">, + HelpText<"Model some compiler builtin functions">, + DescFile<"ModelBuiltinChecker.cpp">; + def CallAndMessageChecker : Checker<"CallAndMessage">, HelpText<"Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)">, DescFile<"CallAndMessageChecker.cpp">; Index: lib/StaticAnalyzer/Checkers/CMakeLists.txt =================================================================== --- lib/StaticAnalyzer/Checkers/CMakeLists.txt +++ lib/StaticAnalyzer/Checkers/CMakeLists.txt @@ -49,6 +49,7 @@ MallocOverflowSecurityChecker.cpp MallocSizeofChecker.cpp MisusedMovedObjectChecker.cpp + ModelBuiltinChecker.cpp MPI-Checker/MPIBugReporter.cpp MPI-Checker/MPIChecker.cpp MPI-Checker/MPIFunctionClassifier.cpp Index: lib/StaticAnalyzer/Checkers/ModelBuiltinChecker.cpp =================================================================== --- /dev/null +++ lib/StaticAnalyzer/Checkers/ModelBuiltinChecker.cpp @@ -0,0 +1,59 @@ +//=== ModelBuiltinChecker.cpp --------- Model builtin functions -*- C++ -*-===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// This checker improves modeling of a few builtin compiler functions. +// It does not generate warnings. +// +//===----------------------------------------------------------------------===// + +#include "ClangSACheckers.h" +#include "clang/StaticAnalyzer/Core/Checker.h" +#include "clang/StaticAnalyzer/Core/CheckerManager.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" + +using namespace clang; +using namespace clang::ento; + +namespace { +class ModelBuiltinsChecker : public Checker { +public: + bool evalCall(const CallExpr *CE, CheckerContext &C) const { + const FunctionDecl *FD = + dyn_cast_or_null(CE->getCalleeDecl()); + if (!FD) + return false; + if (!FD->getIdentifier()) + return false; + + StringRef Name = FD->getName(); + if (Name.empty() || !C.isCLibraryFunction(FD, Name) || + Name != "__builtin_assume") + return false; + + ProgramStateRef State = C.getState(); + const LocationContext *LC = C.getLocationContext(); + SVal ArgSVal = State->getSVal(CE->getArg(0), LC); + if (ArgSVal.isUndef()) + return false; + + State = State->assume(ArgSVal.castAs(), true); + // FIXME: do we want to warn here? + if (!State) + return false; + + C.addTransition(State); + return true; + } +}; +} // end of anonymous namespace + +void ento::registerModelBuiltinsChecker(CheckerManager &mgr) { + mgr.registerChecker(); +} Index: test/Analysis/builtin-assume.c =================================================================== --- /dev/null +++ test/Analysis/builtin-assume.c @@ -0,0 +1,8 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s + +void clang_analyzer_eval(int); + +void f(int i) { + __builtin_assume(i < 10); + clang_analyzer_eval(i < 15); // expected-warning {{TRUE}} +}