================
@@ -297,17 +297,19 @@ void ExprEngine::processCallExit(ExplodedNode *CEBNode) {
if (CE) {
if (const ReturnStmt *RS = dyn_cast_or_null<ReturnStmt>(LastSt)) {
const LocationContext *LCtx = CEBNode->getLocationContext();
+ // FIXME: This tries to look up the return statement in the environment,
+ // which is special cased to look up the subexpression RS->getRetValue()
+ // in environment. Instead of relying on this hack, pass
+ // RS->getRetValue() to getSVal() after checking it for nullness.
----------------
steakhal wrote:
I think the engine should just look into what CallExpr made us to the current
function and bind our return value directly there - basically shortcuting what
we probably already use the return statement for.
However, it might not be that easy if there is some internal invariant about
the order of operations around returning from a function; thus we would need to
be extra careful changing any of this. Especially with analyzing C++, RVO,
NRVO, guard object dtors.
https://github.com/llvm/llvm-project/pull/188319
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
