[analyzer] Handle [[assume(cond)]] as __builtin_assume(cond)

[vortex73]

• Handle [[assume(cond)]] as __builtin_assume(cond) [analyzer] Handle [[assume(cond)]] as __builtin_assume(cond) #100762

[vortex73]

@steakhal Kinda stuck... It builds properly but doesn't detect the assume attribute.

[github-actions]

⚠️ C/C++ code formatter, clang-format found issues in your code. ⚠️

You can test this locally with the following command:

git-clang-format --diff 13996378d81c8fa9a364aeaafd7382abbc1db83a 97de745341dfc17e7ad9c595d239346a9114a4c6 --extensions cpp -- clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp

View the diff from clang-format here.

diff --git a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
index 1a4eb88fb6..8ab8b97d8e 100644
--- a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
@@ -83,23 +83,23 @@ bool BuiltinFunctionChecker::evalCall(const CallEvent &Call,
   const Expr *CE = Call.getOriginExpr();
 
   if (const auto *AttrStmt = dyn_cast<AttributedStmt>(CE)) {
-      for (const Attr *I : AttrStmt->getAttrs()) {
-          if (const auto *AssumeAttr = dyn_cast<CXXAssumeAttr>(I)) {
-              const Expr *AssumeExpr = AssumeAttr->getAssumption();
-              SVal Arg = C.getSVal(AssumeExpr);
-              if (Arg.isUndef())
-                  return true;
-
-              state = state->assume(Arg.castAs<DefinedOrUnknownSVal>(), true);
-              if (!state) {
-                  C.generateSink(C.getState(), C.getPredecessor());
-                  return true;
-              }
-
-              C.addTransition(state);
-              return true;
-          } 
+    for (const Attr *I : AttrStmt->getAttrs()) {
+      if (const auto *AssumeAttr = dyn_cast<CXXAssumeAttr>(I)) {
+        const Expr *AssumeExpr = AssumeAttr->getAssumption();
+        SVal Arg = C.getSVal(AssumeExpr);
+        if (Arg.isUndef())
+          return true;
+
+        state = state->assume(Arg.castAs<DefinedOrUnknownSVal>(), true);
+        if (!state) {
+          C.generateSink(C.getState(), C.getPredecessor());
+          return true;
+        }
+
+        C.addTransition(state);
+        return true;
       }
+    }
   }
 
   if (isBuiltinLikeFunction(Call)) {

[steakhal]

No, its cool. You are on the right track. Ill come back to you tomorrow.

[steakhal]

Alright, It's not as easy as I first thought.
There are multiple obstacles: We can't really use PostStmt<AttributedStmt> as the ExprEngine::Visit does not visit them. Now, if we would add support for them, the next problem would be that the CFG does not spell them, thus the ExprEngine still won't visit them :D

We could also patch the CFG, as it already has the CFGBuilder::VisitAttributedStmt function, but it doesn't seem to be that straight forward, as the comment suggests there:

// AttributedStmts for [[likely]] can have arbitrary statements as children,
// and the current visitation order here would add the AttributedStmts
// for [[likely]] after the child nodes, which is undesirable: For example,
// if the child contains an unconditional return, the [[likely]] would be
// considered unreachable.
// So only add the AttributedStmt for FallThrough, which has CFG effects and
// also no children, and omit the others. None of the other current StmtAttrs
// have semantic meaning for the CFG.

And for us, we would need to evaluate the operands of the AttributedStmt before we would evaluate the AttributedStmt itself - because the assumption probably refers to values of expression of child AST nodes.

So, it doesn't look easy :D My bad.
We could likely still make it work, but now I'm busy with something else.