https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105958
Bug ID: 105958
Summary: Stray events emitted by state machine tests (e.g.
"'VAR' is NULL")
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Given:
#include <stddef.h>
int main (void)
{
int *p = NULL;
*p = 42;
int *q = NULL;
return 0;
}
-fanalyzer trunk emits:
<source>: In function 'main':
<source>:5:8: warning: dereference of NULL 'p' [CWE-476]
[-Wanalyzer-null-dereference]
5 | *p = 42;
| ~~~^~~~
'main': events 1-3
|
| 4 | int *p = NULL;
| | ^
| | |
| | (1) 'p' is NULL
| 5 | *p = 42;
| | ~~~~~~~
| | |
| | (3) dereference of NULL 'p'
| 6 |
| 7 | int *q = NULL;
| | ~
| | |
| | (2) 'p' is NULL
|
In the above, event (2) is redundant, and misleading; presumably it happens due
to the way sm-state-change events are implemented.
https://godbolt.org/z/76K4668dn
Tim Lange reports seeing an extra event here with gcc 12.1:
https://gcc.gnu.org/pipermail/gcc/2022-June/238867.html
for four events in total (rather than two):
/home/tim/Projects/simple_c/main.c: In function ‘main’:
/home/tim/Projects/simple_c/main.c:12:6: warning: dereference of NULL
‘p’ [CWE-476] [-Wanalyzer-null-dereference]
12 | *p = 42;
| ~~~^~~~
‘main’: events 1-4
|
| 11 | int *p = NULL;
| | ^
| | |
| | (1) ‘p’ is NULL
| 12 | *p = 42;
| | ~~~~~~~
| | |
| | (4) dereference of NULL ‘p’
| 13 |
| 14 | int *q = NULL;
| | ~
| | |
| | (2) ‘p’ is NULL
| | (3) ‘p’ is NULL
gcc 10.3 only has:
<source>: In function 'main':
<source>:5:8: warning: dereference of NULL 'p' [CWE-690]
[-Wanalyzer-null-dereference]
5 | *p = 42;
| ~~~^~~~
'main': events 1-2
|
| 4 | int *p = NULL;
| | ^
| | |
| | (1) 'p' is NULL
| 5 | *p = 42;
| | ~~~~~~~
| | |
| | (2) dereference of NULL 'p'
|
This seems to have regressed with gcc 11.
