[clang] [NFC][analyzer] Remove NodeBuilders around defaultEvalCall (PR #203923)

Wed, 24 Jun 2026 05:24:28 -0700 

================
@@ -87,23 +84,22 @@ void ExprEngine::performTrivialCopy(NodeBuilder &Bldr, 
ExplodedNode *Pred,
     evalLocation(Tmp, CallExpr, VExpr, Pred, Pred->getState(), V,
                  /*isLoad=*/true);
     for (ExplodedNode *N : Tmp)
-      evalBind(Dst, CallExpr, N, ThisVal, V, !AlwaysReturnsLValue);
+      evalBind(DstEval, CallExpr, N, ThisVal, V, !AlwaysReturnsLValue);
   } else {
     // We can't copy empty classes because of empty base class optimization.
     // In that case, copying the empty base class subobject would overwrite the
     // object that it overlaps with - so let's not do that.
     // See issue-157467.cpp for an example.
-    Dst.insert(Pred);
+    DstEval.insert(Pred);
   }
 
-  PostStmt PS(CallExpr, SF);
-  for (ExplodedNode *N : Dst) {
+  for (ExplodedNode *N : DstEval) {
     ProgramStateRef State = N->getState();
     if (AlwaysReturnsLValue)
       State = State->BindExpr(CallExpr, SF, ThisVal);
     else
       State = bindReturnValue(Call, SF, State);
-    Bldr.generateNode(PS, State, N);
+    Dst.insert(Engine.makePostStmtNode(CallExpr, State, Pred));
----------------
NagyDonat wrote:

Yes, and the existing tests are passing both with the logically correct and the 
logically incorrect code...

I tried to construct a new testcase that would demonstrate that the logically 
incorrect code produces faulty end results, but I wasn't able to do so quickly 
and I feel that spending more time on this would be a waste of time.

These "using a stale `ExplodedNode`" errors could happen anywhere in the 
analyzer codebase (before introducing this one, I fixed one or two others 
within the last few months) and creating regression tests (as LIT tests) is a 
very awkward and insufficient tools for preventing them.

I was thinking about creating a less error-prone coding pattern where it is 
impossible (or at least difficult) to reference the old stale nodes in the 
engine code. Once I'm done with the `NodeBuilder` removal (and incidentally, I 
have reviewed all the code that manipulates node sets) I'll write up a proposal 
about this.

https://github.com/llvm/llvm-project/pull/203923
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to