https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96798
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2020-08-29
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0 |1
--- Comment #6 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Thanks! The "memset" call has become a call to "__builtin___memset_chk"
(perhaps due to _FORTIFY_SOURCE, or something similar in Darwin's libc?), and
the analyzer doesn't (yet) know about that builtin.
I can reproduce the issue by hacking this into the test:
#define memset(DST, SRC, LEN) \
__builtin___memset_chk ((DST), (SRC), (LEN), \
__builtin_object_size((DST), 0))
There are at least two issues here:
(a) looks like region_model::on_call_pre is erroneously treating a builtin I
haven't coded yet as a no-op; it should instead conservatively assume that any
escaped/reachable regions are affected
(b) the analyzer should handle that builtin (and probably others)
