On 11 September 2022 10:04:51 CEST, David Malcolm via Gcc-patches
<gcc-patches@gcc.gnu.org> wrote:
>> +++ b/gcc/testsuite/gcc.dg/analyzer/pr106845.c
>> @@ -0,0 +1,11 @@
>> +int buf_size;
>> +
>> +int
>> +main (void)
>> +{
>> + char buf[buf_size];
>> +
>> + __builtin_memset (&buf[1], 0, buf_size);
>> +
>> + return 0;
>> +}
>
>...it took me a moment to realize that the analyzer "sees" that this is
>"main", and thus buf_size is 0.
Is this a valid assumption?
What if I have a lib (preloaded maybe) that sets it to 42?
BTW, do we handle -Wl,-init,youre_toast
where main isn't the entry point?
Just curious..
thanks,
>
>Interestingly, if I rename it to not be "main" (and thus buf_size could
>be non-zero), we still don't complain:
> https://godbolt.org/z/PezfTo9Mz
>Presumably this is a known limitation of the symbolic bounds checking?
>
>Thanks
>Dave
>
