[clang] [analyzer] Implement binary operations on LazyCompoundVals (PR #106982)

[Donát Nagy via cfe-commits]

================
@@ -490,6 +491,47 @@ SVal SValBuilder::evalUnaryOp(ProgramStateRef state, UnaryOperator::Opcode opc,
   llvm_unreachable("Unexpected unary operator");
 }
 
+namespace {
+/// Iterate through to store to find the actual value this LazyCompoundVal
+/// corresponds to. Further reading is in LazyCompoundVal's docs.
+struct LazyHandler : public StoreManager::BindingsHandler {
+  nonloc::LazyCompoundVal l;
+  std::optional<SVal> &Ret;
+
+  LazyHandler(nonloc::LazyCompoundVal l, std::optional<SVal> &Ret)
+      : l(l), Ret(Ret) {}
+
+  virtual bool HandleBinding(StoreManager &SMgr, Store Store,
+                             const MemRegion *Region, SVal Val) override {
+    if (const MemRegion *MR = Val.getAsRegion()) {
+      if (MR->isSubRegionOf(l.getRegion()) && MR != l.getAsRegion()) {
----------------
NagyDonat wrote:

Instead of introducing this `MR`, you should check `Region->isSubRegionOf(l.getRegion())` or something similar!

When `iterBindings()` calls this callback, it will pass `[Region, value bound to that region]` pairs (as the third and fourth arguments), and if you want to only consider the values stored within the region `l.getRegion()`, you need to check that the key (i.e. `Region` i.e. the third argument) is a subregion of the region whose contents were "frozen" as a `LazyCompoundVal`.

Your current code looks for values _stored anywhere within the frozen old state_ that are pointer-typed and _point to a subregion of `l.getRegion()`_.

https://github.com/llvm/llvm-project/pull/106982