[clang] [analyzer] Switch to PostStmt callbacks in ArrayBoundV2 (PR #72107)

Mon Nov 13 16:22:47 PST 2023

DonatNagyE wrote:

I ran an analysis that compares this commit with its parent on many open source projects. The results revealed that this commit "converts" many alpha.security.ArrayBound (V1) results into alpha.security.ArrayBoundV2 results because (if I understand it correctly) the new `PostStmt` callbacks fire before the `Location` callback used by the V1 checker (while it seems that previously the order of the tied `Location` callbacks was resolved in the favor of the V1 checker).

This is a mostly irrelevant effect because I presume that the users don't want to enable both of the ArrayBound checkers at the same time (I was testing with options that enable almost all alpha checkers, but that's not a "normal" config). 

For the sake of completeness I'm pasting the result links for this first run where the diff is polluted by all the "lost report for V1, new report for V2" differences; but I started a clean run with `-d alpha.security.ArrayBound` (I'll post the results soon) and I'll do a more detailed evaluation on that.
| Project | New Reports | Lost Reports |
|---------|-------------|--------------|
| memcached | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=memcached_1.6.8_baseline&newcheck=memcached_1.6.8_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=memcached_1.6.8_baseline&newcheck=memcached_1.6.8_new&is-unique=on&diff-mode=Resolved) |
| tmux | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tmux_2.6_baseline&newcheck=tmux_2.6_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tmux_2.6_baseline&newcheck=tmux_2.6_new&is-unique=on&diff-mode=Resolved) |
| curl | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=curl_curl-7_66_0_baseline&newcheck=curl_curl-7_66_0_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=curl_curl-7_66_0_baseline&newcheck=curl_curl-7_66_0_new&is-unique=on&diff-mode=Resolved) |
| twin | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=twin_v0.8.1_baseline&newcheck=twin_v0.8.1_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=twin_v0.8.1_baseline&newcheck=twin_v0.8.1_new&is-unique=on&diff-mode=Resolved) |
| vim | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=vim_v8.2.1920_baseline&newcheck=vim_v8.2.1920_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=vim_v8.2.1920_baseline&newcheck=vim_v8.2.1920_new&is-unique=on&diff-mode=Resolved) |
| openssl | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_baseline&newcheck=openssl_openssl-3.0.0-alpha7_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_baseline&newcheck=openssl_openssl-3.0.0-alpha7_new&is-unique=on&diff-mode=Resolved) |
| sqlite | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=sqlite_version-3.33.0_baseline&newcheck=sqlite_version-3.33.0_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=sqlite_version-3.33.0_baseline&newcheck=sqlite_version-3.33.0_new&is-unique=on&diff-mode=Resolved) |
| ffmpeg | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_baseline&newcheck=ffmpeg_n4.3.1_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_baseline&newcheck=ffmpeg_n4.3.1_new&is-unique=on&diff-mode=Resolved) |
| postgres | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_new&is-unique=on&diff-mode=Resolved) |
| tinyxml2 | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tinyxml2_8.0.0_baseline&newcheck=tinyxml2_8.0.0_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tinyxml2_8.0.0_baseline&newcheck=tinyxml2_8.0.0_new&is-unique=on&diff-mode=Resolved) |
| libwebm | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=libwebm_libwebm-1.0.0.27_baseline&newcheck=libwebm_libwebm-1.0.0.27_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=libwebm_libwebm-1.0.0.27_baseline&newcheck=libwebm_libwebm-1.0.0.27_new&is-unique=on&diff-mode=Resolved) |
| xerces | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=xerces_v3.2.3_baseline&newcheck=xerces_v3.2.3_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=xerces_v3.2.3_baseline&newcheck=xerces_v3.2.3_new&is-unique=on&diff-mode=Resolved) |
| bitcoin | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=bitcoin_v0.20.1_baseline&newcheck=bitcoin_v0.20.1_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=bitcoin_v0.20.1_baseline&newcheck=bitcoin_v0.20.1_new&is-unique=on&diff-mode=Resolved) |
| protobuf | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_baseline&newcheck=protobuf_v3.13.0_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_baseline&newcheck=protobuf_v3.13.0_new&is-unique=on&diff-mode=Resolved) |
| qtbase | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=qtbase_v6.2.0_baseline&newcheck=qtbase_v6.2.0_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=qtbase_v6.2.0_baseline&newcheck=qtbase_v6.2.0_new&is-unique=on&diff-mode=Resolved) |
| contour | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=contour_v0.2.0.173_baseline&newcheck=contour_v0.2.0.173_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=contour_v0.2.0.173_baseline&newcheck=contour_v0.2.0.173_new&is-unique=on&diff-mode=Resolved) |
| acid | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=acid_2022-08-02-codechecker-test_baseline&newcheck=acid_2022-08-02-codechecker-test_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=acid_2022-08-02-codechecker-test_baseline&newcheck=acid_2022-08-02-codechecker-test_new&is-unique=on&diff-mode=Resolved) |
| openrct2 | [new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openrct2_null_baseline&newcheck=openrct2_null_new&is-unique=on&diff-mode=New) | [lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openrct2_null_baseline&newcheck=openrct2_null_new&is-unique=on&diff-mode=Resolved) |

https://github.com/llvm/llvm-project/pull/72107