[clang] Fix array bound checker false negative (PR #161723)

[Ziqing Luo via cfe-commits]

================
@@ -0,0 +1,51 @@
+// RUN: %clang_analyze_cc1 -std=c++11 -Wno-array-bounds -analyzer-config unroll-loops=true -analyzer-config security.ArrayBound:AggressiveReport=true -analyzer-checker=unix,core,security.ArrayBound  -verify %s
+
+// Test the interactions of `security.ArrayBound` with C++ features.
+
+void test_tainted_index_local() {
+  int arr[10];
+  unsigned index = 10;
+  arr[index] = 7;
+  // expected-warning at -1{{Out of bound access to memory after the end of 'arr'}}
+}
+
+void test_tainted_index_local_range() {
+  int arr[10];
+  for (unsigned index = 0; index < 11; index++)
+    arr[index] = index;
+    // expected-warning at -1{{Out of bound access to memory after the end of 'arr'}}
+}
+
+void test_tainted_index1(unsigned index) {
+  int arr[10];
+  if (index < 12)
+    arr[index] = index;
+  // expected-warning at -1{{Potential out of bound access to 'arr' with tainted offset}}
+  if (index == 12)
+    arr[index] = index;
+  // expected-warning at -1{{Out of bound access to memory after the end of 'arr'}}
+}
+
+void test_tainted_index2(unsigned index) {
+  int arr[10];
+  if (index < 12)
+    arr[index] = index;
+  // expected-warning at -1{{Potential out of bound access to 'arr' with tainted offset}}
----------------
ziqingluo-90 wrote:

It'd be great to add some coverage of good cases. E.g., adding a case for `if (0 <= index && index < 10)` here.

https://github.com/llvm/llvm-project/pull/161723