================
@@ -2515,9 +2518,13 @@ bool ExprEngine::replayWithoutInlining(ExplodedNode *N,
BeforeProcessingCall->getLocationContext(), CE, nullptr, &PT);
// Add the special flag to GDM to signal retrying with no inlining.
// Note, changing the state ensures that we are not going to cache out.
+ // NOTE: This stores the call site (CE) in the state trait, but only the
+ // the actual pointer value is only checked by an assertion; for the analysis
+ // only the presence or absence of this trait matters.
+ // FIXME: I suspect that CE may be a nullpointer, which will be interpreted
+ // as the absence of this state trait (and does not prevent caching out).
----------------
steakhal wrote:
I'm pretty sure a CallExpr can never be null. The callee expr also can't be
null.
What can be null is the direct callee decl (for example, when calling function
pointers to unkown callees; or some other expression creates the callable
object we are about to call).
BTW, there was a missing comma that tripped me when parsing this. `for the
analysis` + comma + `only the presence`...
https://github.com/llvm/llvm-project/pull/188319
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
