From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS22989 209.51.188.0/24
X-Spam-Status: No, score=-3.4 required=3.0 tests=AWL,BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id 4B8FC1F8C6
	for <normalperson@yhbt.net>; Mon,  2 Aug 2021 01:18:54 +0000 (UTC)
Received: from localhost ([::1]:44198 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>)
	id 1mAMbV-0006dt-EW
	for normalperson@yhbt.net; Sun, 01 Aug 2021 21:18:53 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47528)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eggert@cs.ucla.edu>)
 id 1mAMbP-0006Ww-OF
 for bug-gnulib@gnu.org; Sun, 01 Aug 2021 21:18:47 -0400
Received: from zimbra.cs.ucla.edu ([131.179.128.68]:34056)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eggert@cs.ucla.edu>)
 id 1mAMbO-0000cE-3n
 for bug-gnulib@gnu.org; Sun, 01 Aug 2021 21:18:47 -0400
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id AA9791600FA
 for <bug-gnulib@gnu.org>; Sun,  1 Aug 2021 18:18:44 -0700 (PDT)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id TjUOWkG9HU8Q; Sun,  1 Aug 2021 18:18:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id C4E841600F9;
 Sun,  1 Aug 2021 18:18:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id 8uRl2n1ofAUk; Sun,  1 Aug 2021 18:18:43 -0700 (PDT)
Received: from penguin.cs.ucla.edu (Penguin.CS.UCLA.EDU [131.179.64.200])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id A06451600F6;
 Sun,  1 Aug 2021 18:18:43 -0700 (PDT)
From: Paul Eggert <eggert@cs.ucla.edu>
To: bug-gnulib@gnu.org
Subject: [PATCH 03/27] dfa: improve -fanalyzer malloc checking
Date: Sun,  1 Aug 2021 18:17:57 -0700
Message-Id: <20210802011821.1057057-3-eggert@cs.ucla.edu>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210802011821.1057057-1-eggert@cs.ucla.edu>
References: <20210802011821.1057057-1-eggert@cs.ucla.edu>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=131.179.128.68; envelope-from=eggert@cs.ucla.edu;
 helo=zimbra.cs.ucla.edu
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: bug-gnulib@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Gnulib discussion list <bug-gnulib.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnulib>
List-Post: <mailto:bug-gnulib@gnu.org>
List-Help: <mailto:bug-gnulib-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=subscribe>
Cc: Paul Eggert <eggert@cs.ucla.edu>
Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org
Sender: "bug-gnulib" <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>

---
 ChangeLog |  5 ++++-
 lib/dfa.c | 15 +++++++++++++++
 lib/dfa.h |  9 +++++++--
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1af0b926a..d7740df52 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,8 +2,11 @@
=20
 	maint: improve -fanalyzer malloc checking
 	* lib/backup-internal.h, lib/backupfile.h:
-	* lib/canonicalize.h:
+	* lib/canonicalize.h, lib/dfa.h:
 	Add malloc-related attributes and include stdlib.h as needed.
+	* lib/dfa.c: Include verify.h.
+	(assume_nonnull): New macro.
+	(dfamust): Use it to pacify GCC.
=20
 2021-08-01  Jim Meyering  <meyering@fb.com>
=20
diff --git a/lib/dfa.c b/lib/dfa.c
index 7e05a78da..44c3b65c2 100644
--- a/lib/dfa.c
+++ b/lib/dfa.c
@@ -26,6 +26,7 @@
=20
 #include "flexmember.h"
 #include "idx.h"
+#include "verify.h"
=20
 #include <assert.h>
 #include <ctype.h>
@@ -35,6 +36,13 @@
 #include <limits.h>
 #include <string.h>
=20
+/* Pacify gcc -Wanalyzer-null-dereference in areas where GCC
+   understandably cannot deduce that the input comes from a
+   well-formed regular expression.  There's little point to the
+   runtime overhead of 'assert' instead of 'assume_nonnull' when the
+   MMU will check anyway.  */
+#define assume_nonnull(x) assume ((x) !=3D NULL)
+
 static bool
 streq (char const *a, char const *b)
 {
@@ -4090,6 +4098,7 @@ dfamust (struct dfa const *d)
=20
         case STAR:
         case QMARK:
+          assume_nonnull (mp);
           resetmust (mp);
           break;
=20
@@ -4097,7 +4106,9 @@ dfamust (struct dfa const *d)
           {
             char **new;
             must *rmp =3D mp;
+            assume_nonnull (rmp);
             must *lmp =3D mp =3D mp->prev;
+            assume_nonnull (lmp);
             idx_t j, ln, rn, n;
=20
             /* Guaranteed to be.  Unlikely, but ...  */
@@ -4138,10 +4149,12 @@ dfamust (struct dfa const *d)
           break;
=20
         case PLUS:
+          assume_nonnull (mp);
           mp->is[0] =3D '\0';
           break;
=20
         case END:
+          assume_nonnull (mp);
           assert (!mp->prev);
           for (idx_t i =3D 0; mp->in[i] !=3D NULL; i++)
             if (strlen (mp->in[i]) > strlen (result))
@@ -4159,7 +4172,9 @@ dfamust (struct dfa const *d)
         case CAT:
           {
             must *rmp =3D mp;
+            assume_nonnull (rmp);
             must *lmp =3D mp =3D mp->prev;
+            assume_nonnull (lmp);
=20
             /* In.  Everything in left, plus everything in
                right, plus concatenation of
diff --git a/lib/dfa.h b/lib/dfa.h
index 19a4127b6..28f9f6336 100644
--- a/lib/dfa.h
+++ b/lib/dfa.h
@@ -24,6 +24,7 @@
 #include <regex.h>
 #include <stdbool.h>
 #include <stddef.h>
+#include <stdlib.h>
=20
 #ifdef __cplusplus
 extern "C" {
@@ -46,7 +47,9 @@ struct dfa;
=20
 /* Needed when Gnulib is not used.  */
 #ifndef _GL_ATTRIBUTE_MALLOC
-# define  _GL_ATTRIBUTE_MALLOC
+# define _GL_ATTRIBUTE_MALLOC
+# define _GL_ATTRIBUTE_DEALLOC_FREE
+# define _GL_ATTRIBUTE_RETURNS_NONNULL
 #endif
=20
 /* Entry points. */
@@ -55,7 +58,9 @@ struct dfa;
    It should be initialized via dfasyntax or dfacopysyntax before other =
use.
    The returned pointer should be passed directly to free() after
    calling dfafree() on it. */
-extern struct dfa *dfaalloc (void) _GL_ATTRIBUTE_MALLOC;
+extern struct dfa *dfaalloc (void)
+  _GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC_FREE
+  _GL_ATTRIBUTE_RETURNS_NONNULL;
=20
 /* DFA options that can be ORed together, for dfasyntax's 4th arg.  */
 enum
--=20
2.31.1