analyzer: casting all zeroes should give all zeroes [PR113333]

In particular, accessing the result of *calloc (1, SZ) (if non-NULL)
should be known to be all zeroes.

gcc/analyzer/ChangeLog:
	PR analyzer/113333
	* region-model-manager.cc
	(region_model_manager::maybe_fold_unaryop): Casting all zeroes
	should give all zeroes.

gcc/testsuite/ChangeLog:
	PR analyzer/113333
	* c-c++-common/analyzer/calloc-1.c: Add tests.
	* c-c++-common/analyzer/pr96639.c: Update expected results.
	* gcc.dg/analyzer/data-model-9.c: Likewise.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

4 files changed, 43 insertions, 5 deletions

diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc
index fc3523f..62f808a 100644
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@@ -457,6 +457,12 @@ region_model_manager::maybe_fold_unaryop (tree type, enum tree_code op,
 	      && region_sval->get_type ()
 	      && POINTER_TYPE_P (region_sval->get_type ()))
 	    return get_ptr_svalue (type, region_sval->get_pointee ());
+
+	/* Casting all zeroes should give all zeroes.  */
+	if (type
+	    && arg->all_zeroes_p ()
+	    && (INTEGRAL_TYPE_P (type) || POINTER_TYPE_P (type)))
+	  return get_or_create_int_cst (type, 0);
       }
       break;
     case TRUTH_NOT_EXPR:
diff --git a/gcc/testsuite/c-c++-common/analyzer/calloc-1.c b/gcc/testsuite/c-c++-common/analyzer/calloc-1.c
index 6bd658e..cb93fa8 100644
--- a/gcc/testsuite/c-c++-common/analyzer/calloc-1.c
+++ b/gcc/testsuite/c-c++-common/analyzer/calloc-1.c
@@ -22,3 +22,37 @@ char *test_1 (size_t sz)
 
   return p;
 }
+
+char **
+test_pr113333_1 (void)
+{
+  char **p = (char **)calloc (1, sizeof(char *));
+  if (p)
+    {
+      __analyzer_eval (*p == 0); /* { dg-warning "TRUE" } */
+      __analyzer_eval (p[0] == 0); /* { dg-warning "TRUE" } */
+    }
+  return p;
+}
+
+char **
+test_pr113333_2 (void)
+{
+  char **p = (char **)calloc (2, sizeof(char *));
+  if (p)
+    {
+      __analyzer_eval (*p == 0); /* { dg-warning "TRUE" } */
+      __analyzer_eval (p[0] == 0); /* { dg-warning "TRUE" } */
+      __analyzer_eval (p[1] == 0); /* { dg-warning "TRUE" } */
+    }
+  return p;
+}
+
+char **
+test_pr113333_3 (void)
+{
+  char **vec = (char **)calloc (1, sizeof(char *));
+  if (vec)
+    for (char **p=vec ; *p ; p++); /* { dg-bogus "heap-based buffer over-read" } */
+  return vec;
+}
diff --git a/gcc/testsuite/c-c++-common/analyzer/pr96639.c b/gcc/testsuite/c-c++-common/analyzer/pr96639.c
index b95217d..2610ce8 100644
--- a/gcc/testsuite/c-c++-common/analyzer/pr96639.c
+++ b/gcc/testsuite/c-c++-common/analyzer/pr96639.c
@@ -6,5 +6,5 @@ x7 (void)
   int **md = (int **) calloc (1, sizeof (void *));
 
   return md[0][0]; /* { dg-warning "possibly-NULL" "unchecked deref" } */
-  /* { dg-warning "leak of 'md'" "leak" { target *-*-* } .-1 } */
+  /* { dg-warning "Wanalyzer-null-dereference" "deref of NULL" { target *-*-* } .-1 } */
 }
diff --git a/gcc/testsuite/gcc.dg/analyzer/data-model-9.c b/gcc/testsuite/gcc.dg/analyzer/data-model-9.c
index 159bc61..2121f20 100644
--- a/gcc/testsuite/gcc.dg/analyzer/data-model-9.c
+++ b/gcc/testsuite/gcc.dg/analyzer/data-model-9.c
@@ -14,8 +14,7 @@ void test_1 (void)
   struct foo *f = calloc (1, sizeof (struct foo));
   if (f == NULL)
     return;
-  __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" "desired" { xfail *-*-* } } */
-  /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */
+  __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" } */
   free (f);
 }
 
@@ -27,7 +26,6 @@ void test_2 (void)
   if (f == NULL)
     return;
   memset (f, 0, sizeof (struct foo));
-  __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" "desired" { xfail *-*-* } } */
-  /* { dg-bogus "UNKNOWN" "status quo" { xfail *-*-* } .-1 } */
+  __analyzer_eval (f->i == 0); /* { dg-warning "TRUE" } */
   free (f);
 }