https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90905
--- Comment #6 from Martin Sebor <msebor at gcc dot gnu.org> ---
With str being a local (non-reference) variable this should be diagnosed
because of the str.D.28972._M_local_buf(12):
# _47 = PHI <_59(9), &str.D.28972._M_local_buf(12), _59(8)>
str ={v} {CLOBBER};
return _47;
In your example a is a reference argument but in this modified version:
struct A { char *p; char c[13]; };
void* f (struct A a, _Bool b)
{
a.p = b ? a.c : (char*)__builtin_malloc (13);
__builtin_memcpy (a.p, "hello world!", 12);
a.p[12] = 0;
return a.p;
}
and the IL:
<bb 3> [local count: 354334802]:
iftmp.0_7 = __builtin_malloc (13);
<bb 4> [local count: 1073741824]:
# iftmp.0_2 = PHI <iftmp.0_7(3), &a.c(2)>
a.p = iftmp.0_2;
__builtin_memcpy (iftmp.0_2, "hello world!", 12);
_1 = a.p;
MEM[(char *)_1 + 12B] = 0;
return _1;
the only challenge with detecting the bug that I see is making a record of the
rhs of the assignment to _1 = a.p (and others like that) and then checking the
prior assignment to a.p (et al.). With that in place the "may return" warning
will trigger.
