https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105958
Bug ID: 105958 Summary: Stray events emitted by state machine tests (e.g. "'VAR' is NULL") Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- Given: #include <stddef.h> int main (void) { int *p = NULL; *p = 42; int *q = NULL; return 0; } -fanalyzer trunk emits: <source>: In function 'main': <source>:5:8: warning: dereference of NULL 'p' [CWE-476] [-Wanalyzer-null-dereference] 5 | *p = 42; | ~~~^~~~ 'main': events 1-3 | | 4 | int *p = NULL; | | ^ | | | | | (1) 'p' is NULL | 5 | *p = 42; | | ~~~~~~~ | | | | | (3) dereference of NULL 'p' | 6 | | 7 | int *q = NULL; | | ~ | | | | | (2) 'p' is NULL | In the above, event (2) is redundant, and misleading; presumably it happens due to the way sm-state-change events are implemented. https://godbolt.org/z/76K4668dn Tim Lange reports seeing an extra event here with gcc 12.1: https://gcc.gnu.org/pipermail/gcc/2022-June/238867.html for four events in total (rather than two): /home/tim/Projects/simple_c/main.c: In function ‘main’: /home/tim/Projects/simple_c/main.c:12:6: warning: dereference of NULL ‘p’ [CWE-476] [-Wanalyzer-null-dereference] 12 | *p = 42; | ~~~^~~~ ‘main’: events 1-4 | | 11 | int *p = NULL; | | ^ | | | | | (1) ‘p’ is NULL | 12 | *p = 42; | | ~~~~~~~ | | | | | (4) dereference of NULL ‘p’ | 13 | | 14 | int *q = NULL; | | ~ | | | | | (2) ‘p’ is NULL | | (3) ‘p’ is NULL gcc 10.3 only has: <source>: In function 'main': <source>:5:8: warning: dereference of NULL 'p' [CWE-690] [-Wanalyzer-null-dereference] 5 | *p = 42; | ~~~^~~~ 'main': events 1-2 | | 4 | int *p = NULL; | | ^ | | | | | (1) 'p' is NULL | 5 | *p = 42; | | ~~~~~~~ | | | | | (2) dereference of NULL 'p' | This seems to have regressed with gcc 11.