analyzer: fix ICE with -Wanalyzer-null-dereference [PR 93950]

PR analyzer/93950 reports an ICE when pruning the path of a
-Wanalyzer-null-dereference diagnostic.

The root cause is a bug in the state-tracking code, in which the
variable of interest is tracked from the callee to a "nullptr" param
at the caller, whereupon we have an INTEGER_CST "variable", and
the attempt to look up its lvalue fails.

This code could use a rewrite; in the meantime this patch extends
the bulletproofing from g:8525d1f5f57b11fe04a97674cc2fc2b7727621d0
for PR analyzer/93544 to all of the various places where var can
be updated, fixing the ICE.

gcc/analyzer/ChangeLog:
	PR analyzer/93950
	* diagnostic-manager.cc
	(diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
	either NULL or not a constant.  When updating var, bulletproof
	against constant values.

gcc/testsuite/ChangeLog:
	PR analyzer/93950
	* g++.dg/analyzer/pr93950.C: New test.

1 files changed, 8 insertions, 0 deletions

diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog
index 92377be..5fbaec3 100644
--- a/gcc/analyzer/ChangeLog
+++ b/gcc/analyzer/ChangeLog
@@ -1,5 +1,13 @@
 2020-02-26  David Malcolm  <dmalcolm@redhat.com>
 
+	PR analyzer/93950
+	* diagnostic-manager.cc
+	(diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
+	either NULL or not a constant.  When updating var, bulletproof
+	against constant values.
+
+2020-02-26  David Malcolm  <dmalcolm@redhat.com>
+
 	PR analyzer/93947
 	* region-model.cc (region_model::get_fndecl_for_call): Gracefully
 	fail for fn_decls that don't have a cgraph_node.