Add analyzer to suggest provenance annotations for intptr_t

[brooksdavis]

In intptr_t expressions llvm generally picks the left hand side as providing provenance and warns about it. It would be nice if an analyzer could look deeper (across function boundaries, etc) and determine:

• if the result of the expression is ever used in a context where provenance is required
• which arguments could carry provenance in practice
• determine which subtractions would produce ptrdiff_t is the expressions were char * rather than intptr_t

It could then use that too suggest changes to clarify the programmer's intent rather than just saying it's ambiguous.

Note: this needs to be a static analyzer (possibly whole-program) rather than the compiler, because compiler analysis will depend too much on optimization levels at the like.

[eupharina]

Hi!

I now have a CSA checker that can detect the first two issues (PR https://github.com/CTSRD-CHERI/llvm-project/pull/675). I don't quite understand the third suggestion though (about ptrdiff_t), what the pattern is and why this can be a problem. Could you please give an example or share the link to the commit that addresses this issue in some ported project?