So currently we use the decompiler guesses of call parameters and returns for actual calls and then guessed params and returns for actual rets. We should analyze the locators ourself with more clever analyses. For actual calls, the rets would be reaching definitions from the callee that are used.
So currently we use the decompiler guesses of call parameters and returns for actual calls and then guessed params and returns for actual rets. We should analyze the locators ourself with more clever analyses. For actual calls, the rets would be reaching definitions from the callee that are used.