<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/56433>56433</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [analyzer] getenv() state split should be stateful.
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          haoNoQ
      </td>
    </tr>
</table>

<pre>
    I still don't like the new getenv() warnings. Most of them that I see are of the form
```
if (getenv("X"))     // assuming the variable is in the environment
  str = getenv("X"); // assuming the variable is not in the environment
```
Even if we don't assume controlled environment, a process's environment isn't that easy to change once it's started. You can do it by attaching the debugger to the process but in this case that's the least of your problems. Or you can do it from a different thread, like a global variable, which we don't assume can ever happen. The code isn't great but there's no good reason for us to warn either. Time-of-check-time-of-use race conditions of this kind are fairly unrealistic.

So I think there's no way around having the checker keep track of its prior decisions. This probably means a full-featured path-sensitive check with a state map, modeling of `putenv`, etc.

@martong @steakhal WDYT?
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyFVMGO2zYU_Br58mBBkWxrfdAh6XaBHNIiaIA2R4p6EllTpEBSNpyv75D2bnaDBDVs2eQj580Mh-7dcO0-UojaGBqcLeo2ktEnpqiYLF9o4sj2XNQPRX2ki_BW2ymU9MmFSG5My2Y8RCSgMJPwfJ-m0fm5qB6L6n1xqO7vPNQjAe8VcP0PPsBPLdKrqJ_wJhHCOqNdRjsLr0VvmHQgbfMUtmvv7Mw23oAJQjwVzSP9DLz58L_A1sVfgv8g4vczW4KSC7_4lmGZpLPRO2N4eANS_0aCFu8kh4Dl4XURvW8Q2UkW4UrRkVTCTrDTSpCLeU-IwkceSvrqVpLCojdK1F9JxCikehY1cL9OE_sEk8b3vtSvd4EQK0Xg3DAjp1UGnfOpXt3q0x7YMuOw__Rp5lW_0bsZagY9juwT_6g8iyFpzOERNBnXC_NibqpclJbqZ34Bls_gqsSysC3pi0omDvziygTwmLmDpefM1zqanBsIpeBsChutIclNGSXWaSWg9MxbN26lYnnaxvtohXAvZD6qQUftbLiFFq6ctB1yikehvbnSatHBaNwQWd6DkJ9_OSQeO-zpLamLwFl4twJFifPzeeT-kHhiXiii9yk11DHAZQ3qA0sdEo-kXofsPXy70swC5ASNqzHbETasHrlaRFTbwDaA_PmOThdoxkpEJDLNYkmez7DRJBLohugua74WyDBqHN8qKnbVjHQ5rMbPEFmcFI7w78evX4rmaTN0zXBsjmITdTTcFfsPwgpz_ca-2D--_Zu4UQiLQVSCcqsZqOfbLHSUm9WbTsW4hKJ5f7uSE7ivfSndjIEx5-evLYz4lyUi-qSRFsbNedofdk2zUd3D4YH3VSXbd8y7_tg3fVU1ohkP1XEc27beGNGzCYkpGG50V1d1XbVVW1f7fX0s63Z_GHbjjkf5rpWHFqJ5FtqUqXHp_LTxXeaAqxRQTCEI34tIr54s8zO-WKNyvlPC_eE-bzLbLlP9DyaFzE0">