<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/61098>61098</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Clang's static analyzer should be able to warn when memset()/memmove()/memcpy() are optimized away by dead store elimination
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          ryao
      </td>
    </tr>
</table>

<pre>
    `memset()` is often used for data sanitization in encryption code. In a project that I regularly scan with Clang's static analyzer, we recently found some memset() operations meant to protect against information leaks in encryption code were optimized away by dead store elimination.

The optional [security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C)](https://clang.llvm.org/docs/analyzer/checkers.html#id87) check will warn about any usage of `memset()`/`memmove()`/`memcpy()`, but this seems extreme since there are no safe alternatives to `memmove()`/`memcpy()` and for initialization, `memset()` is perfectly safe to use. It would be more useful if a check were made that warns whenever dead store optimization should eliminate a memset()/memcpy()/memmove() operation. The commercial static analyzer, PVS Studio, already does this, but it is prohibitively expensive for open source projects.

https://pvs-studio.com/en/docs/warnings/v570/
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyMlM-O4ygQxp-GXEptOaTjOAcf-o-i7dOONLt7L0PZZgeDReFk3E-_giSbjqZH6ksCWFBV3_erQmbTO6JGbJ_F9nWFcxx8aMKCftV6vTSiKkcamaKQtZB7UZVgGHwXycHMpKHzATRGBEZnonnHaLwD44CcCsuUd8prKuDNAcIU_L-kIsQBI7xBoH62GOwCrNDBycQBXiy6XsgdA0eMRgE6tMs7BSFf4EQQSJGLdoHOz04D-5HgY47gJwo5DYaR0EWIPsWNKS72aBxHMK7zYTwnawl_8Ccpw4kCgZ-iGc07acATLtAuoAk1cPSBgKwZjcvPFKJ8FeXT-fev4XzRO7Qgts9Mag4mLoVxeUlP396KV5oCKYyk_wx_O8aOnueuo_AHOm2N60HI-iWJvn0Vsh5inFhsnoQ8CHlQSaTC2uNY-NALedBesZCHm1YHNZD6QYGLIY5WyI3R9S7Jk8_hZKyFEwYH2Po5AroFZsaewHfwq-spaj4c_ZF-PVXT8uHwBdo5WWwYmGhkoJ8x0EjAximCOCRdMRA4D6lsQBspJBmPxMmtr4YCdGcCTWIP7QW_lMHn4E4UOlIJnhw3-gRxAW8RTn62GlqCMfk6M3WzBdMBXvVKOY-o6YxuUo7hNJCjI4WPSFx4OaPFQ372igkB3qEq5OGuory9lX0juYBElPLjSEEZtJ-1xrd_vsP3OGvj0w5tINQLaJ8kHQxfbTExCxH8YFqTFLcL0M-JHJsjZTH9RA7Yz0HRtV_5ju57FKcjP3COWyg_Cnkgd-Mx6WRcn5bH7S65uNLNRu83e1xRs652u2pflptyNTSPlex0V2tdU71pdV3tq52uVCu3co0ay5VpZCk35aZcr3fpTlFvdnWrNGpZVl23l-KxpBGN_b8vVoZ5pqZal_t6ZbEly3nSSenoBPmjkDINvtCkOw_t3LN4LK3hyLdXoomWmt_OpavLLQG2NlOVGyvR8YndH7C-tz-3xFfHzWoOtrk3ojdxmNuLCSn5y9_DxUQhD7nkZEaW5L8AAAD__2eLBJA">