https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105103
Bug ID: 105103 Summary: RFE: detect bogus use of varargs in analyzer Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- The analyzer doesn't yet have any handling for the types, macros, functions from <stdarg.h>: https://en.cppreference.com/w/c/variadic https://www.man7.org/linux/man-pages/man3/stdarg.3.html It would be nice to e.g. detect the various undefined behaviors listed in the above e.g. "If ap is passed to a function that uses va_arg(ap,type), then the value of ap is undefined after the return of that function." etc. We could also implement __builtin_va_start, __builtin_va_end, etc and have region_model unpack variadic args in interprocedural calls, effectively inlining the analysis.