https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108403
Bug ID: 108403
Summary: -Wanalyzer-null-dereference false negative with *q ==
0
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: mengli.ming at outlook dot com
Target Milestone: ---
I got a false negative error when compiling the following program with
gcc(trunk) `-O0 -fanalyzer` in https://godbolt.org/z/4f7e3z8dE.
In this case, after entering the first if branch, the result of eval on line 10
is TRUE. At this time, the fact known to the analyzer is that the pointer `q`
is NULL, and then, for `*q == 0` on line 11, analyzer does not generate an NPD
warning, which is a little odd.
Here is the analysis results of the case. Thank you for taking the time to
review this case.
Input:
```c
#include "stdio.h"
void __analyzer_eval(int);
int *f(int *);
int *f(int *q)
{
__analyzer_eval(q == 0);
if (q == 0)
{
__analyzer_eval(q == 0);
if (*q == 0)
{
printf("Hello World!");
}
}
}
```
Output:
```bash
<source>: In function 'f':
<source>:7:5: warning: UNKNOWN
7 | __analyzer_eval(q == 0);
| ^~~~~~~~~~~~~~~~~~~~~~~
<source>:10:9: warning: TRUE
10 | __analyzer_eval(q == 0);
| ^~~~~~~~~~~~~~~~~~~~~~~
```
