<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/70711>70711</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang][StaticAnalyzer] no option to re-analyse functions which are already analysed in a different context
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          kalaskow
      </td>
    </tr>
</table>

<pre>
    Hello,

let's imagine we have a library with the following code:

```cpp
int foo(int index) {
    int tab[100];
    if (index < -1000 || index > 1000)
        return tab[index];
    return tab[index-200];
}

int foo2() {
    return foo(205);
}
```
We don't have an access to all callers of this library. Because of this we would like to make its code bullet proof. We run:
```
clang -cc1 -analyze library.cpp -analyzer-checker=alpha.security.ArrayBoundV2
```
Unfortunately, it won't warn about the obvious out of bound access because it first analyzed `root->foo2->foo` which correcly accessed `tab` array and it didn't pick up on `root->foo` path. 

I found out that it is controlled by `shouldSkipFunction` function defined in `clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp`:
```cpp
static bool shouldSkipFunction(const Decl *D,
 const SetOfConstDecls &Visited,
                               const SetOfConstDecls &VisitedAsTopLevel) {
  if (VisitedAsTopLevel.count(D))
    return true;
...
  // Otherwise, if we visited the function before, do not reanalyze it.
  return Visited.count(D);
}
```

In order to enable analyzing `root->foo` path I changed it to:

```cpp
  return false;
}
```
and rerunning `clang -cc1 -analyze library.cpp -analyzer-checker=alpha.security.ArrayBoundV2` gives:
```
library.cpp:4:16: warning: Out of bound memory access (access exceeds upper limit of memory block) [alpha.security.ArrayBoundV2]
        return tab[index];
 ^~~~~~~~~~
librarycpp:4:16: warning: Out of bound memory access (accessed memory precedes memory block) [alpha.security.ArrayBoundV2]
        return tab[index];
```

My question is: do you think it is a good idea to add an option to clang frontend to control this behavior? If it is can it be added?
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy0Vk2T4jYT_jXi0gVly2MMBw4wLPVu1Zvawya7Z1lqYwWhdiQZhhzy21OSDcN8ZKdSSVxTgyx1P-rPpy2813uLuGLlhpXbiehDS251EEb4A50nNanL6n9oDDH-yLIty9bDf4OB8cqDPoq9tghnhFacEAQYXTvhLnDWoYXQIjRkDJ213YMkhaxY3-OweTb8ya4bdrQN0BAxvogrbRU-Mb4EVm2GcwCAeBJEzcpNnmWs3LLi_rCBpKzwCVjxCNM8yzJg1SOrHuG6_QniLuPLZ734OAy9syP2cPcr9LcSU_7SBlZt7z0c_eGML974MYIN7vKsjPa8hbmGaHj9jqDIMl6FMeIWhJToPQQCYQxIYQw6D9RAaLW_JmQGG5Si93g7OCOcqTcKjD5g1D6KA4IOPiUK6t4YDNA5omYG3xFcb5-z99IoaYTdw1TKHKbCCnP5HW_3yq67bbqpbFEe0LFiK0zXiplH2TsdLrO1c-Kyod6qb_zdO36xDbnQWxHQXBh_BB3gPEbiLJwFUVMfUslRfdLUe4jv1EAdUa9Rqsco6ACNdj7AaJoCNs8cUZiy4lNM2PjL5hmcWy1bkOQcSnMZkQaNWAjzDES0HoRVEVdpNZjVaXmAvgOyr8CjSidCO4P7UvkMTbJ0cEOEiKVjNmxwZAwqqC8RyLcxbV8Putv1VgZNNuI14xoUNtqiAp1uTalhfGd0zfjuaxBBy_WYDcZ3O0c2oFWM79Ku1_6RrO-P6GLmYvTf5PzWqz6hQU1k4B2j-EKS9QG2KA0wvt7eSASGg68YvjTxuhBFPDA-_6a9DqieJX_8fISz9j9T9388oXnVfANLvJGaSeptYHyxjb14Tw_Xxnc93np0NptdBRjfMb6DL6FFd9YeU4E2scdOwx0DF15zVGNDLgkpAksBHF77Rocb6HjnaOVL2z7iibGkLJBT6GJ7oxW1wbHeIx-_X5PwGWQr7B5TLQf6kLGfeUwYjx8aFpvEoeutHW34t8ljnsFen9D_FVndYbNi_cCKdT5nxTqRiLb7uPxyTxxHPJK7dn2smnGFTxJReei7Dh0YfdRJaRSvDclDKrpy8yNry-3fGkGs_PTH9Xnhzj_0Bm8nnUOJCv1_68i71frTBX7r0acO0TF_sTsu1Md5ZQ8jHQrYEynQCkUaeUrFGUhd0goEQzk1I6-lnYFAh6lXYytOmhwrdvC5uVKssHFVY4RDxYrdRK0KtSyWYoKrfL5czJdlwReTdiWWlawakS2zPC-rgtdlUallUedZUfOFlBO94hkv8qzI8uXD4qGaLXOFRVOUXKIqBF-yhwyPQpuZMafjjNx-or3vcVVlVZ5PjKjR-PRBxvlI3jG4E7eK8tO633v2kBntg39GCDqY9BU3aJRbVm5ecX25BUt3cXI4NJZ_piU_TjrhEIRxKNQFRpk0TgQo3TTo0IYUVHwKk96ZVRtCl9otkeBeh7avZ5KOceyY0_Vn2jn6FWVgfJcc9ozvks9_BgAA__-0U0lR">