[committed] analyzer: fix wording for assignment from NULL

Message ID 20200217072536.25689-1-dmalcolm@redhat.com
State New
Headers show
Series
  • [committed] analyzer: fix wording for assignment from NULL
Related show

Commit Message

David Malcolm Feb. 17, 2020, 7:25 a.m.
This patch improves the wording of the state-transition event (1) in
the -Wanalyzer-null-dereference diagnostic for:

void test (void)
{
  int *p = NULL;
  *p = 1;
}

taking the path description from:

  ‘test’: events 1-2
    |
    |    5 |   int *p = NULL;
    |      |        ^
    |      |        |
    |      |        (1) assuming ‘p’ is NULL
    |    6 |   *p = 1;
    |      |   ~~~~~~
    |      |      |
    |      |      (2) dereference of NULL ‘p’
    |

to:

  ‘test’: events 1-2
    |
    |    5 |   int *p = NULL;
    |      |        ^
    |      |        |
    |      |        (1) ‘p’ is NULL
    |    6 |   *p = 1;
    |      |   ~~~~~~
    |      |      |
    |      |      (2) dereference of NULL ‘p’
    |

since the "assuming" at (1) only makes sense for state transitions
due to comparisons, not for assignments.

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as 0993ad65cc4e462223e9337d9b2d3b82a887c6c8.

gcc/analyzer/ChangeLog:
	* sm-malloc.cc (malloc_diagnostic::describe_state_change): For
	transition to the "null" state, only say "assuming" when
	transitioning from the "unchecked" state.

gcc/testsuite/ChangeLog:
	* gcc.dg/analyzer/malloc-1.c (test_48): New.
---
 gcc/analyzer/sm-malloc.cc                | 11 +++++++++--
 gcc/testsuite/gcc.dg/analyzer/malloc-1.c |  6 ++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

-- 
2.21.0

Patch

diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index bdd0731b5d1..46225b6f700 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -130,8 +130,15 @@  public:
       return change.formatted_print ("assuming %qE is non-NULL",
 				     change.m_expr);
     if (change.m_new_state == m_sm.m_null)
-      return change.formatted_print ("assuming %qE is NULL",
-				     change.m_expr);
+      {
+	if (change.m_old_state == m_sm.m_unchecked)
+	  return change.formatted_print ("assuming %qE is NULL",
+					 change.m_expr);
+	else
+	  return change.formatted_print ("%qE is NULL",
+					 change.m_expr);
+      }
+
     return label_text ();
   }
 
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
index c13170560af..3024e546137 100644
--- a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
@@ -583,3 +583,9 @@  int test_47 (void)
   }
   return p_size;
 }
+
+void test_48 (void)
+{
+  int *p = NULL; /* { dg-message "'p' is NULL" } */
+  *p = 1; /* { dg-warning "dereference of NULL 'p'" } */
+}