I wanted to know if clang analyzer can be made to work directly on bitcode (*.bc) files? Following this post about identification of integer variables that can only have the values 0 or 1, I've started exploring the clang analyzer, and it gave me good results.
For example, when I used the following C code with:
$ scan-build clang -O3 ./main.c
it found out that division by zero is indeed not feasible:
int should_expand(char *s)
{
int tmp = 0;
int ret = 0;
char *p;
for (p = s; p && *p; p++)
{
if (*p == '\\') { p++; }
else if (*p == '&') { ret = 1; }
}
if (!((0 <= ret) && (ret <= 1)))
{
int j = 0;
ret = 5 / j;
}
return ret;
}
int main(int argc, char **argv)
{
if (should_expand(argv[1]))
{
return -1;
}
return 0;
}
I thought I'd insert an if (!((0 <= _) && (_ <= 1))) statement
for every integer variable, and then feed the resulting bitcode files
to clang analyzer. Problem is, I can't seem to find if it can handle
bitcode files or just c source files? any help is very much appreciated, thanks!
clang static analyzer works on clang AST. It cannot use bitcode as input – it's low-level for the analyzer.