[committed] analyzer: fix wording for assignment from NULL

Sun, 16 Feb 2020 23:25:51 -0800 

This patch improves the wording of the state-transition event (1) in
the -Wanalyzer-null-dereference diagnostic for:

void test (void)
{
  int *p = NULL;
  *p = 1;
}

taking the path description from:

  ‘test’: events 1-2
    |
    |    5 |   int *p = NULL;
    |      |        ^
    |      |        |
    |      |        (1) assuming ‘p’ is NULL
    |    6 |   *p = 1;
    |      |   ~~~~~~
    |      |      |
    |      |      (2) dereference of NULL ‘p’
    |

to:

  ‘test’: events 1-2
    |
    |    5 |   int *p = NULL;
    |      |        ^
    |      |        |
    |      |        (1) ‘p’ is NULL
    |    6 |   *p = 1;
    |      |   ~~~~~~
    |      |      |
    |      |      (2) dereference of NULL ‘p’
    |

since the "assuming" at (1) only makes sense for state transitions
due to comparisons, not for assignments.

Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
Pushed to master as 0993ad65cc4e462223e9337d9b2d3b82a887c6c8.

gcc/analyzer/ChangeLog:
        * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
        transition to the "null" state, only say "assuming" when
        transitioning from the "unchecked" state.

gcc/testsuite/ChangeLog:
        * gcc.dg/analyzer/malloc-1.c (test_48): New.
---
 gcc/analyzer/sm-malloc.cc                | 11 +++++++++--
 gcc/testsuite/gcc.dg/analyzer/malloc-1.c |  6 ++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index bdd0731b5d1..46225b6f700 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -130,8 +130,15 @@ public:
       return change.formatted_print ("assuming %qE is non-NULL",
                                     change.m_expr);
     if (change.m_new_state == m_sm.m_null)
-      return change.formatted_print ("assuming %qE is NULL",
-                                    change.m_expr);
+      {
+       if (change.m_old_state == m_sm.m_unchecked)
+         return change.formatted_print ("assuming %qE is NULL",
+                                        change.m_expr);
+       else
+         return change.formatted_print ("%qE is NULL",
+                                        change.m_expr);
+      }
+
     return label_text ();
   }
 
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c 
b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
index c13170560af..3024e546137 100644
--- a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
@@ -583,3 +583,9 @@ int test_47 (void)
   }
   return p_size;
 }
+
+void test_48 (void)
+{
+  int *p = NULL; /* { dg-message "'p' is NULL" } */
+  *p = 1; /* { dg-warning "dereference of NULL 'p'" } */
+}
-- 
2.21.0

Reply via email to