From bc62bfb0f43eeada02cb924e3cb5457a399b01c0 Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Mon, 31 Aug 2020 11:55:34 -0400
Subject: [PATCH] analyzer: handle __builtin___memset_chk [PR96798]

gcc/analyzer/ChangeLog:
	PR analyzer/96798
	* region-model.cc (region_model::on_call_pre): Handle
	BUILT_IN_MEMSET_CHK.

gcc/testsuite/ChangeLog:
	PR analyzer/96798
	* gcc.dg/analyzer/memset-1.c (test_5a): New.
---
 gcc/analyzer/region-model.cc             |  1 +
 gcc/testsuite/gcc.dg/analyzer/memset-1.c | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index ec5094c..d47e896 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -673,6 +673,7 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt)
 	  case BUILT_IN_MALLOC:
 	    return impl_call_malloc (cd);
 	  case BUILT_IN_MEMSET:
+	  case BUILT_IN_MEMSET_CHK:
 	    impl_call_memset (cd);
 	    return false;
 	    break;
diff --git a/gcc/testsuite/gcc.dg/analyzer/memset-1.c b/gcc/testsuite/gcc.dg/analyzer/memset-1.c
index 830c110..5748aa1 100644
--- a/gcc/testsuite/gcc.dg/analyzer/memset-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/memset-1.c
@@ -68,6 +68,20 @@ void test_5 (int n)
   __analyzer_eval (buf[42] == '\0'); /* { dg-warning "UNKNOWN" } */
 }
 
+/* As test_5, but with "__builtin___memset_chk".  */
+
+void test_5a (int n)
+{
+  char buf[256];
+  buf[42] = 'A';
+  __analyzer_eval (buf[42] == 'A'); /* { dg-warning "TRUE" } */
+  __builtin___memset_chk (buf, 0, n, __builtin_object_size (buf, 0));
+
+  /* We can't know if buf[42] was written to or not.  */
+  __analyzer_eval (buf[42] == 'A'); /* { dg-warning "UNKNOWN" } */
+  __analyzer_eval (buf[42] == '\0'); /* { dg-warning "UNKNOWN" } */
+}
+
 /* A "memset" with unknown value, but with zero size.  */
 
 static size_t __attribute__((noinline))
-- 
2.7.4