analyzer: fix wording for assignment from NULL

This patch improves the wording of the state-transition event (1) in the -Wanalyzer-null-dereference diagnostic for: void test (void) { int *p = NULL; *p = 1; } taking the path description from: ‘test’: events 1-2 | | 5 | int *p = NULL; | | ^ | | | | | (1) assuming ‘p’ is NULL | 6 | *p = 1; | | ~~~~~~ | | | | | (2) dereference of NULL ‘p’ | to: ‘test’: events 1-2 | | 5 | int *p = NULL; | | ^ | | | | | (1) ‘p’ is NULL | 6 | *p = 1; | | ~~~~~~ | | | | | (2) dereference of NULL ‘p’ | since the "assuming" at (1) only makes sense for state transitions due to comparisons, not for assignments. gcc/analyzer/ChangeLog: * sm-malloc.cc (malloc_diagnostic::describe_state_change): For transition to the "null" state, only say "assuming" when transitioning from the "unchecked" state. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/malloc-1.c (test_48): New.

analyzer: fix wording for assignment from NULL
This patch improves the wording of the state-transition event (1) in the -Wanalyzer-null-dereference diagnostic for: void test (void) { int *p = NULL; *p = 1; } taking the path description from: ‘test’: events 1-2 | | 5 | int *p = NULL; | | ^ | | | | | (1) assuming ‘p’ is NULL | 6 | *p = 1; | | ~~~~~~ | | | | | (2) dereference of NULL ‘p’ | to: ‘test’: events 1-2 | | 5 | int *p = NULL; | | ^ | | | | | (1) ‘p’ is NULL | 6 | *p = 1; | | ~~~~~~ | | | | | (2) dereference of NULL ‘p’ | since the "assuming" at (1) only makes sense for state transitions due to comparisons, not for assignments. gcc/analyzer/ChangeLog: * sm-malloc.cc (malloc_diagnostic::describe_state_change): For transition to the "null" state, only say "assuming" when transitioning from the "unchecked" state. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/malloc-1.c (test_48): New.
0993ad65 · David Malcolm · 67098787 · 0993ad65 · 0993ad65 · 0993ad65
Commit 0993ad65 authored Feb 12, 2020 by David Malcolm
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 2 deletions

gcc/analyzer/ChangeLog
+6 -0

gcc/analyzer/sm-malloc.cc
+9 -2

gcc/testsuite/ChangeLog
+4 -0

gcc/testsuite/gcc.dg/analyzer/malloc-1.c
+6 -0

No files found.
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
 2020-02-17  David Malcolm  <dmalcolm@redhat.com>

+	* sm-malloc.cc (malloc_diagnostic::describe_state_change): For
+	transition to the "null" state, only say "assuming" when
+	transitioning from the "unchecked" state.
+
+2020-02-17  David Malcolm  <dmalcolm@redhat.com>
+
 	* diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
 	Add const overload.
 	* engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.

--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -130,8 +130,15 @@ public:
      return change.formatted_print ("assuming %qE is non-NULL",
 				     change.m_expr);
    if (change.m_new_state == m_sm.m_null)
-      return change.formatted_print ("assuming %qE is NULL",
-				     change.m_expr);
+      {
+	if (change.m_old_state == m_sm.m_unchecked)
+	  return change.formatted_print ("assuming %qE is NULL",
+					 change.m_expr);
+	else
+	  return change.formatted_print ("%qE is NULL",
+					 change.m_expr);
+      }
+
    return label_text ();
  }


--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
+2020-02-17  David Malcolm  <dmalcolm@redhat.com>
+
+	* gcc.dg/analyzer/malloc-1.c (test_48): New.
+
 2020-02-17  Jiufu Guo  <guojiufu@linux.ibm.com>

 	PR target/93047

--- a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
@@ -583,3 +583,9 @@ int test_47 (void)
  }
  return p_size;
 }
+
+void test_48 (void)
+{
+  int *p = NULL; /* { dg-message "'p' is NULL" } */
+  *p = 1; /* { dg-warning "dereference of NULL 'p'" } */
+}