GCC Value Range Analysis framework


    that's very interesting: doing the range analysis backwardly, they
get some information about variables that are not directly related by
statements, like in the example Andrew gave:

a_2 = b_1 - 20
if (a_2 < 40) {
  // we can learn information not only about a_2, but also about b_1

    We have a traditional implementation of range analysis in LLVM.
The code is available here
for LLVM 3.8, and here
for LLVM 8.0. We have described it in this paper:

Raphael Ernani Rodrigues, Victor Hugo Sperle Campos, Fernando Magno
Quintão Pereira: A fast and low-overhead technique to secure programs
against integer overflows. CGO 2013: 33:1-33:11

    I use this implementation of range analysis as a project
assignment in a course on Static Program Analysis
I believe the implementation is pretty mature. The range analysis
works on a slightly different program representation, in which
variables are renamed after conditionals.