================
@@ -731,33 +731,36 @@ void
CheckerManager::runCheckersForEvalCall(ExplodedNodeSet &Dst,
ExplodedNodeSet checkDst;
NodeBuilder B(Pred, checkDst, Eng.getBuilderContext());
+ ProgramStateRef State = Pred->getState();
+ CallEventRef<> UpdatedCall = Call.cloneWithState(State);
----------------
NagyDonat wrote:
> Why do we need to have an updated call here? The original Call was supposed
> to be wrapping the Pred state, that we wrap here again.
This method is called only once, from
[`ExprEngine::evalCall`](https://github.com/llvm/llvm-project/blob/9552e899e494e619093e8685173a4af0ba73e049/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp#L690)
which passes a `CallEvent` object that may be obsolete even at the start of
`ExprEngine::evalCall` and definitely doesn't follow the state updates that
were done by the PreCall checkers (before this EvalCall step).
> Do we really know that all the nodes in the Src have the same state? Because
> the code lowkey can't function correctly without that.
Although I don't have any concrete example, I'm pretty sure that `Src` can
easily contain multiple nodes with different states and in that case the single
state of `Call` cannot be simultaneously consistent with all the different
`Pred` nodes. (`Pred` is just a loop variable that iterates over the nodes
within the `ExplodedNodeSet &Src`.)
https://github.com/llvm/llvm-project/pull/160707
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
