Merge pull request #5609 from hwisungi/main

Update C26430 rule with heuristics that were unclear in the original documentation

Author: Jill Grant

docs/code-quality/c26430.md

@@ -27,8 +27,6 @@ A variable is marked as checked for null when it's used in the following context
 - in non-bitwise logical operations;
 - in comparison operations where one operand is a constant expression that evaluates to zero.
 
-The rule doesn't have full data flow tracking. It can produce incorrect results in cases where indirect checks are used (such as when an intermediate variable holds a null value and is later used in a comparison).
-
 Implicit null checks are assumed when a pointer value is assigned from:
 
 - an allocation performed with throwing `operator new`;
@@ -67,3 +65,36 @@ void merge_states(gsl::not_null<const state *> left, gsl::not_null<const state *
     }
 }
 ```
+
+## Heuristics
+
+When ensuring that a dereference of a pointer isn't null, this rule doesn't require *every* dereference to have a prior null check. Instead, it requires a null check before *first* dereference of the pointer. The following function doesn't trigger C26430:
+
+```cpp
+void f(int* p)
+{
+    if (p)
+        *p = 1;
+    *p = 2;
+}
+```
+
+The following function generates C26430 because there's a path to assign `*p` without a null check:
+
+```cpp
+void f(bool b, int* p)
+{
+    if (b && p)
+        *p = 1;
+    *p = 2;
+}
+```
+
+Rules [C26822](c26822.md) and [C26823](c26823.md) apply to dereferencing a (possibly) null pointer.  
+
+This rule doesn't do full data flow tracking. It can produce incorrect results in cases where indirect checks are used, such as when an intermediate variable holds a null value and is later used in a comparison.
+
+## See also
+
+[C26822](c26822.md)\
+[C26823](c26823.md)