Author: DonĂ¡t Nagy Date: 2026-06-25T15:06:27+02:00 New Revision: 0c540b9dcd041a2574f744144bb894b5862344b1
URL: https://github.com/llvm/llvm-project/commit/0c540b9dcd041a2574f744144bb894b5862344b1 DIFF: https://github.com/llvm/llvm-project/commit/0c540b9dcd041a2574f744144bb894b5862344b1.diff LOG: [analyzer] Fix unjustified early return in processCallExit (#205656) In `ExprEngine::processCallExit` step 3 may theoretically split the state because it calls `removeDead`, which activates `LiveSymbols` and `DeadSymbols` callbacks of various checkers. (However, in practice it is likely that these checker callbacks never actually split the state -- at least, no such state splits happen in the LIT tests.) The nodes produced by `removeDead` are placed in the set `CleanedNodes`; in theory the different execution paths should be handled in parallel, independently of each other. However, the loop `for (ExplodedNode *N : CleanedNodes)` contained an early return statement, which meant that if the creation of `CEENode` failed for a node `N`, then the subsequent iterations were skipped altogether. This commit replaces the `return` with a `continue` to ensure that the nodes in `CleanedNodes` are handled independently (if there are several such nodes). This logic error is present in the codebase since 2012 (!) when commit 7e53bd6fb01b062ece426252fb94c76bcce58941 introduced the `removeDead` step into `processCallExit`. Given that nobody noticed this error within the last 14 years, I very strongly suspect that it doesn't have any observable functional effects, i.e. this change is essentially NFC. Added: Modified: clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp index 4cbcaa2721639..97c655c103b0a 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp @@ -384,7 +384,7 @@ void ExprEngine::processCallExit(ExplodedNode *CEBNode) { ExplodedNode *CEENode = Engine.makeNode(Loc, CEEState, N); if (!CEENode) - return; + continue; // Step 5: Perform the post-condition check of the CallExpr and enqueue the // result onto the work list. _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
