On the following program tst.c: extern int *const s; int main (void) { return s[0]; } I get under Debian/unstable: zira:~> gcc-snapshot -fanalyzer -c tst.c tst.c: In function 'main': tst.c:4:11: warning: dereference of NULL '0' [CWE-690] [-Wanalyzer-null-dereference] 4 | return s[0]; | ~^~~ 'main': event 1 | | This occurs with: gcc (Debian 20201023-1) 11.0.0 20201023 (experimental) [master revision d08d481912b:b3da6ca6235:9e3b9ddb996f18d541a3e03611d46c3a6c0c0b5f] There was no such issue with: gcc (Debian 20201002-1) 11.0.0 20201002 (experimental) [master revision 05d39f0de9e:767e018251e:1d3e12c469e5f5627c2e271232e1a3d8a88783be]
The bug has been introduced by commit af66094d037793773eb8a49597866457f2f6a104.
Thanks for filing this; confirmed. I'm working on a fix.
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:16ad9ae85bb5b9acf80f9d1cf2be5a989ef7ba49 commit r11-4437-g16ad9ae85bb5b9acf80f9d1cf2be5a989ef7ba49 Author: David Malcolm <dmalcolm@redhat.com> Date: Tue Oct 27 09:54:25 2020 -0400 analyzer: don't assume extern const vars are zero-initialized [PR97568] gcc/analyzer/ChangeLog: PR analyzer/97568 * region-model.cc (region_model::get_initial_value_for_global): Move check that !DECL_EXTERNAL from here to... * region.cc (decl_region::get_svalue_for_initializer): ...here, using it to reject zero initialization. gcc/testsuite/ChangeLog: PR analyzer/97568 * gcc.dg/analyzer/pr97568.c: New test.
Should be fixed by the above commit.