[PATCH] D32642: [Analyzer] Iterator Checker - Part 2: Increment, decrement operators and ahead-of-begin checks

[Artem Dergachev via Phabricator via cfe-commits]

NoQ added a comment.

I think this looks good. There's a problem with missing construction contexts, but i guess that's not the checker's fault, so let's add a FIXME and commit.



================
Comment at: lib/StaticAnalyzer/Checkers/IteratorChecker.cpp:454-455
+      return;
+    const auto OldState = C.getPredecessor()->getFirstPred()->getState();
+    const auto OldThis = OldState->getSVal(ThisExpr, LCtx);
+    const auto *Pos = getIteratorPosition(OldState, OldThis);
----------------
This deserves a FIXME because that's definitely unreliable (i.e. if another checker subscribes to the operator call and adds a transition before you, you'll break because you'd have to ascend two nodes above, not one).

The proper fix is to make the CFG provide a `ConstructionContext` for the `CXXOperatorCallExpr`, which would turn the corresponding `CFGStmt` element into a `CFGCXXRecordTypedCall` element, which will allow `ExprEngine` to foresee that the `begin()`/`end()` call constructs the object directly in the temporary region that `CXXOperatorCallExpr` takes as its implicit object argument.

The proper fix is not hard, but there are still a lot of simpler and more common cases that we don't handle.


================
Comment at: lib/StaticAnalyzer/Checkers/IteratorChecker.cpp:476-502
+void IteratorChecker::checkLiveSymbols(ProgramStateRef State,
+                                       SymbolReaper &SR) const {
+  // Keep symbolic expressions of iterator positions, container begins and ends
+  // alive
+  auto RegionMap = State->get<IteratorRegionMap>();
+  for (const auto Reg : RegionMap) {
+    const auto Pos = Reg.second;
----------------
I guess we'll have this sorted out in another patch.


https://reviews.llvm.org/D32642