================
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker<eval::Call> {
} // namespace
+void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call,
+ CheckerContext &C,
+ BinaryOperator::Opcode Op,
+ QualType ResultType) const {
+ // All __builtin_*_overflow functions take 3 argumets.
+ assert(Call.getNumArgs() == 3);
+
+ ProgramStateRef State = C.getState();
+ SValBuilder &SVB = C.getSValBuilder();
+ const Expr *CE = Call.getOriginExpr();
+
+ SVal Arg1 = Call.getArgSVal(0);
+ SVal Arg2 = Call.getArgSVal(1);
+
+ SVal RetVal = SVB.evalBinOp(State, Op, Arg1, Arg2, ResultType);
+
+ // TODO: Handle overflows with values that known to overflow. Like INT_MAX +
1
+ // should not produce state for non-overflow case and threat it as
----------------
NagyDonat wrote:
> `clang_analyzer_eval(a + b < 30); <--- Prints 1 and 0, but why ???`
Assuming that `a` and `b` are signed integers, they can be very negative, and
then their sum can be a positive value above 30 (after an overflow). This means
that both boolean values are possible for the expression `a + b < 30`, and the
analyzer represents this by printing both 1 and 0.
(If I understand this correctly, we get two definite numbers instead of one
range because the on-by-default `eagerlyAssume` mode causes a state split when
it sees the comparison operator in `a + b < 30`, despite the fact that this is
not in a conditional expression.)
https://github.com/llvm/llvm-project/pull/102602
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
