[analyzer] We were silently stopping exploring the path after

visiting 'return;' statement!

This most likely caused us to skip a bunch of code when analyzing with
inlining.

llvm-svn: 151368

clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp

@@ -432,7 +432,4 @@ void ExprEngine::VisitReturnStmt(const ReturnStmt *RS, ExplodedNode *Pred,
       B.generateNode(RS, *it, (*it)->getState());
     }
   }
-  else {
-    B.takeNodes(dstPreVisit);
-  }
 }

clang/test/Analysis/malloc-interprocedural.c

@@ -69,3 +69,19 @@ void test5() {
   int *data;
   my_free1((int*)data);
 }
+
+// Test that we keep processing after 'return;'
+void fooWithEmptyReturn(int x) {
+  if (x)
+    return;
+  x++;
+  return;
+}
+
+int uafAndCallsFooWithEmptyReturn() {
+  int *x = (int*)malloc(12);
+  free(x);
+  fooWithEmptyReturn(12);
+  return *x; // expected-warning {{Use of memory after it is freed}}
+}
+