https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119169
Bug ID: 119169
Summary: [[gnu::nonnull_if_nonzero]] False negative of
-Wanalyzer-possible-null-argument with nonzero integer
constant expression
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: alx at kernel dot org
Target Milestone: ---
The most basic code that should trigger a -Wanalyzer-possible-null-argument
diagnostic with [[gnu::nonnull]], doesn't. For comparison, similar
[[gnu::nonnull]] code does diagnose.
alx@devuan:~/tmp$ cat nonzero.c | grep -Tn ^
1: #include <stdlib.h>
2:
3: [[gnu::nonnull]]
4: void f(void *);
5: [[gnu::nonnull_if_nonzero(1, 2)]]
6: void g(void *, int);
7:
8: int
9: main(void)
10: {
11: void *p;
12:
13: p = malloc(1);
14: f(p); // -Wanalyzer-possible-null-argument
15: free(p);
16:
17: p = malloc(1);
18: g(p, 1);
19: free(p);
20: }
alx@devuan:~/tmp$ gcc-15 -Wall -Wextra -fanalyzer -O3 -S nonzero.c
nonzero.c: In function ‘main’:
nonzero.c:14:9: warning: use of possibly-NULL ‘p’ where non-null expected
[CWE-690] [-Wanalyzer-possible-null-argument]
14 | f(p); // -Wanalyzer-possible-null-argument
| ^~~~
‘main’: events 1-2
13 | p = malloc(1);
| ^~~~~~~~~
| |
| (1) this call could return NULL
14 | f(p); // -Wanalyzer-possible-null-argument
| ~~~~
| |
| (2) ⚠️ argument 1 (‘p’) from (1) could be NULL where non-null
expected
nonzero.c:4:6: note: argument 1 of ‘f’ must be non-null
4 | void f(void *);
| ^
alx@devuan:~/tmp$ sed -i 14s,^,//, nonzero.c
alx@devuan:~/tmp$ gcc-15 -Wall -Wextra -fanalyzer -O3 -S nonzero.c
alx@devuan:~/tmp$
