Fix: <rdar://problem/6776949> Branch condition evaluates to an uninitialized value (argc is guaranteed to be >= 1)

The analyzer now adds the precondition that the first argument of 'main' is > 0.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68757 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 25 insertions, 1 deletions

diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp
index 1d1100a55a..46d1f798cf 100644
--- a/lib/Analysis/GRExprEngine.cpp
+++ b/lib/Analysis/GRExprEngine.cpp
@@ -161,7 +161,31 @@ void GRExprEngine::AddCheck(GRSimpleAPICheck *A) {
 }
 
 const GRState* GRExprEngine::getInitialState() {
-  return StateMgr.getInitialState();
+  const GRState *state = StateMgr.getInitialState();
+  
+  // Precondition: the first argument of 'main' is an integer guaranteed
+  //  to be > 0.
+  // FIXME: It would be nice if we had a more general mechanism to add
+  // such preconditions.  Some day.
+  if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(&StateMgr.getCodeDecl()))
+    if (strcmp(FD->getIdentifier()->getName(), "main") == 0 &&
+        FD->getNumParams() > 0) {
+      const ParmVarDecl *PD = FD->getParamDecl(0);
+      QualType T = PD->getType();
+      if (T->isIntegerType())
+        if (const MemRegion *R = StateMgr.getRegion(PD)) {
+          SVal V = GetSVal(state, loc::MemRegionVal(R));
+          SVal Constraint = EvalBinOp(BinaryOperator::GT, V,
+                                      ValMgr.makeZeroVal(T),
+                                      getContext().IntTy);          
+          bool isFeasible = false;          
+          const GRState *newState = Assume(state, Constraint, true,
+                                           isFeasible);
+          if (newState) state = newState;
+        }
+    }
+  
+  return state;
 }
 
 //===----------------------------------------------------------------------===//