analyzer: fix wording for assignment from NULL

This patch improves the wording of the state-transition event (1) in the -Wanalyzer-null-dereference diagnostic for: void test (void) { int *p = NULL; *p = 1; } taking the path description from: ‘test’: events 1-2 | | 5 | int *p = NULL; | | ^ | | | | | (1) assuming ‘p’ is NULL | 6 | *p = 1; | | ~~~~~~ | | | | | (2) dereference of NULL ‘p’ | to: ‘test’: events 1-2 | | 5 | int *p = NULL; | | ^ | | | | | (1) ‘p’ is NULL | 6 | *p = 1; | | ~~~~~~ | | | | | (2) dereference of NULL ‘p’ | since the "assuming" at (1) only makes sense for state transitions due to comparisons, not for assignments. gcc/analyzer/ChangeLog: * sm-malloc.cc (malloc_diagnostic::describe_state_change): For transition to the "null" state, only say "assuming" when transitioning from the "unchecked" state. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/malloc-1.c (test_48): New.
author: David Malcolm <dmalcolm@redhat.com> 2020-02-12 10:56:28 -0500
committer: David Malcolm <dmalcolm@redhat.com> 2020-02-17 02:15:00 -0500
commit: 0993ad65cc4e462223e9337d9b2d3b82a887c6c8 (patch)
tree: 58de32ad6c3843318a600fa639a1450fd5bd1317
parent: 670987874d2aa043a454e112291931e32f4ca8cc (diff)
download: gcc-0993ad65cc4e462223e9337d9b2d3b82a887c6c8.zip
gcc-0993ad65cc4e462223e9337d9b2d3b82a887c6c8.tar.gz
gcc-0993ad65cc4e462223e9337d9b2d3b82a887c6c8.tar.bz2
4 files changed, 25 insertions, 2 deletions
diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog
index 9f1e25d..5945abc 100644
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@@ -1,5 +1,11 @@
 2020-02-17  David Malcolm  <dmalcolm@redhat.com>
 
+	* sm-malloc.cc (malloc_diagnostic::describe_state_change): For
+	transition to the "null" state, only say "assuming" when
+	transitioning from the "unchecked" state.
+
+2020-02-17  David Malcolm  <dmalcolm@redhat.com>
+
 	* diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
 	Add const overload.
 	* engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index bdd0731..46225b6 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -130,8 +130,15 @@ public:
       return change.formatted_print ("assuming %qE is non-NULL",
 				     change.m_expr);
     if (change.m_new_state == m_sm.m_null)
-      return change.formatted_print ("assuming %qE is NULL",
-				     change.m_expr);
+      {
+	if (change.m_old_state == m_sm.m_unchecked)
+	  return change.formatted_print ("assuming %qE is NULL",
+					 change.m_expr);
+	else
+	  return change.formatted_print ("%qE is NULL",
+					 change.m_expr);
+      }
+
     return label_text ();
   }
 
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 83c581c..a08ad2e 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,7 @@
+2020-02-17  David Malcolm  <dmalcolm@redhat.com>
+
+	* gcc.dg/analyzer/malloc-1.c (test_48): New.
+
 2020-02-17  Jiufu Guo  <guojiufu@linux.ibm.com>
 
 	PR target/93047
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
index c131705..3024e546 100644
--- a/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-1.c
@@ -583,3 +583,9 @@ int test_47 (void)
   }
   return p_size;
 }
+
+void test_48 (void)
+{
+  int *p = NULL; /* { dg-message "'p' is NULL" } */
+  *p = 1; /* { dg-warning "dereference of NULL 'p'" } */
+}
author	David Malcolm <dmalcolm@redhat.com>	2020-02-12 10:56:28 -0500
committer	David Malcolm <dmalcolm@redhat.com>	2020-02-17 02:15:00 -0500
commit	0993ad65cc4e462223e9337d9b2d3b82a887c6c8 (patch)
tree	58de32ad6c3843318a600fa639a1450fd5bd1317
parent	670987874d2aa043a454e112291931e32f4ca8cc (diff)
download	gcc-0993ad65cc4e462223e9337d9b2d3b82a887c6c8.zip gcc-0993ad65cc4e462223e9337d9b2d3b82a887c6c8.tar.gz gcc-0993ad65cc4e462223e9337d9b2d3b82a887c6c8.tar.bz2