analyzer: fix false NULL deref warning after previous deref [PR96792]

gcc/analyzer/ChangeLog:
	PR analyzer/96792
	* region-model.cc (region_model::deref_rvalue): Add the constraint
	that PTR_SVAL is non-NULL.

gcc/testsuite/ChangeLog:
	PR analyzer/96792
	* gcc.dg/analyzer/pr96792.c: New test.

1 files changed, 9 insertions, 0 deletions

diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index d47e896..a7bc481 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1398,6 +1398,15 @@ region_model::deref_rvalue (const svalue *ptr_sval, tree ptr_tree,
 {
   gcc_assert (ptr_sval);
 
+  /* If we're dereferencing PTR_SVAL, assume that it is non-NULL; add this
+     as a constraint.  This suppresses false positives from
+     -Wanalyzer-null-dereference for the case where we later have an
+     if (PTR_SVAL) that would occur if we considered the false branch
+     and transitioned the malloc state machine from start->null.  */
+  tree null_ptr_cst = build_int_cst (ptr_sval->get_type (), 0);
+  const svalue *null_ptr = m_mgr->get_or_create_constant_svalue (null_ptr_cst);
+  m_constraints->add_constraint (ptr_sval, NE_EXPR, null_ptr);
+
   switch (ptr_sval->get_kind ())
     {
     default: