[committed] analyzer: handle __builtin___memset_chk [PR96798]

David Malcolm dmalcolm@redhat.com
Mon Aug 31 22:39:38 GMT 2020


Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as r11-2957-gbc62bfb0f43eeada02cb924e3cb5457a399b01c0.

gcc/analyzer/ChangeLog:
	PR analyzer/96798
	* region-model.cc (region_model::on_call_pre): Handle
	BUILT_IN_MEMSET_CHK.

gcc/testsuite/ChangeLog:
	PR analyzer/96798
	* gcc.dg/analyzer/memset-1.c (test_5a): New.
---
 gcc/analyzer/region-model.cc             |  1 +
 gcc/testsuite/gcc.dg/analyzer/memset-1.c | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index ec5094cac28..d47e8960296 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -673,6 +673,7 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt)
 	  case BUILT_IN_MALLOC:
 	    return impl_call_malloc (cd);
 	  case BUILT_IN_MEMSET:
+	  case BUILT_IN_MEMSET_CHK:
 	    impl_call_memset (cd);
 	    return false;
 	    break;
diff --git a/gcc/testsuite/gcc.dg/analyzer/memset-1.c b/gcc/testsuite/gcc.dg/analyzer/memset-1.c
index 830c1105f46..5748aa1af84 100644
--- a/gcc/testsuite/gcc.dg/analyzer/memset-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/memset-1.c
@@ -68,6 +68,20 @@ void test_5 (int n)
   __analyzer_eval (buf[42] == '\0'); /* { dg-warning "UNKNOWN" } */
 }
 
+/* As test_5, but with "__builtin___memset_chk".  */
+
+void test_5a (int n)
+{
+  char buf[256];
+  buf[42] = 'A';
+  __analyzer_eval (buf[42] == 'A'); /* { dg-warning "TRUE" } */
+  __builtin___memset_chk (buf, 0, n, __builtin_object_size (buf, 0));
+
+  /* We can't know if buf[42] was written to or not.  */
+  __analyzer_eval (buf[42] == 'A'); /* { dg-warning "UNKNOWN" } */
+  __analyzer_eval (buf[42] == '\0'); /* { dg-warning "UNKNOWN" } */
+}
+
 /* A "memset" with unknown value, but with zero size.  */
 
 static size_t __attribute__((noinline))
-- 
2.26.2



More information about the Gcc-patches mailing list