analyzer: fix wording for assignment from NULL

This patch improves the wording of the state-transition event (1) in
the -Wanalyzer-null-dereference diagnostic for:

void test (void)
{
  int *p = NULL;
  *p = 1;
}

taking the path description from:

  ‘test’: events 1-2
    |
    |    5 |   int *p = NULL;
    |      |        ^
    |      |        |
    |      |        (1) assuming ‘p’ is NULL
    |    6 |   *p = 1;
    |      |   ~~~~~~
    |      |      |
    |      |      (2) dereference of NULL ‘p’
    |

to:

  ‘test’: events 1-2
    |
    |    5 |   int *p = NULL;
    |      |        ^
    |      |        |
    |      |        (1) ‘p’ is NULL
    |    6 |   *p = 1;
    |      |   ~~~~~~
    |      |      |
    |      |      (2) dereference of NULL ‘p’
    |

since the "assuming" at (1) only makes sense for state transitions
due to comparisons, not for assignments.

gcc/analyzer/ChangeLog:
	* sm-malloc.cc (malloc_diagnostic::describe_state_change): For
	transition to the "null" state, only say "assuming" when
	transitioning from the "unchecked" state.

gcc/testsuite/ChangeLog:
	* gcc.dg/analyzer/malloc-1.c (test_48): New.

diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog
index 9f1e25d..5945abc 100644 (file)
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@@ -1,5 +1,11 @@
 2020-02-17  David Malcolm  <dmalcolm@redhat.com>
 
+       * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
+       transition to the "null" state, only say "assuming" when
+       transitioning from the "unchecked" state.
+
+2020-02-17  David Malcolm  <dmalcolm@redhat.com>
+
        * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
        Add const overload.
        * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.

diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index bdd0731..46225b6 100644 (file)
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -130,8 +130,15 @@ public:
       return change.formatted_print ("assuming %qE is non-NULL",
                                     change.m_expr);
     if (change.m_new_state == m_sm.m_null)
-      return change.formatted_print ("assuming %qE is NULL",
-                                    change.m_expr);
+      {
+       if (change.m_old_state == m_sm.m_unchecked)
+         return change.formatted_print ("assuming %qE is NULL",
+                                        change.m_expr);
+       else
+         return change.formatted_print ("%qE is NULL",
+                                        change.m_expr);
+      }
+
     return label_text ();
   }
 

diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 83c581c..a08ad2e 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,7 @@
+2020-02-17  David Malcolm  <dmalcolm@redhat.com>
+
+       * gcc.dg/analyzer/malloc-1.c (test_48): New.
+
 2020-02-17  Jiufu Guo  <guojiufu@linux.ibm.com>
 
        PR target/93047

diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
index c131705..3024e54 100644 (file)
--- a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
@@ -583,3 +583,9 @@ int test_47 (void)
   }
   return p_size;
 }
+
+void test_48 (void)
+{
+  int *p = NULL; /* { dg-message "'p' is NULL" } */
+  *p = 1; /* { dg-warning "dereference of NULL 'p'" } */
+}