From 47ee2f6424393f7a1a0b9732985d2326882337c9 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@linaro.org>
Date: Fri, 22 Mar 2024 13:36:22 +0300
Subject: [PATCH] db: fix splitting implications

How this looks like to the user, is that you end up losing some return
states.  In one particular example, Smatch said that xt_mttg_seq_next()
always dereferences  *ppos, but actually there is a if statement.  We lost
those states.

Originally ->merged states were not leaf states but then when we started
faking states that changed and now we have ->leaf and is_leaf() to mark
leaf states.  This code should be using is_leaf() too look for leaf states
instead of checking ->merged.

Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 smatch_db.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/smatch_db.c b/smatch_db.c
index ca7a0782..bc3de851 100644
--- a/smatch_db.c
+++ b/smatch_db.c
@@ -1919,7 +1919,7 @@ static int split_possible_helper(struct sm_state *sm, struct expression *expr)
 	/* bail if it gets too complicated */
 	nr_possible = 0;
 	FOR_EACH_PTR(sm->possible, tmp) {
-		if (tmp->merged)
+		if (!is_leaf(tmp))
 			continue;
 		if (ptr_in_list(tmp, already_handled))
 			continue;
@@ -2348,7 +2348,7 @@ static int split_on_bool_sm(struct sm_state *sm, struct expression *expr)
 		return 0;
 
 	FOR_EACH_PTR(sm->possible, tmp) {
-		if (tmp->merged)
+		if (!is_leaf(tmp))
 			continue;
 		if (ptr_in_list(tmp, already_handled))
 			continue;
-- 
2.11.4.GIT