In Clang Static Analyzer, when the symbol is referenced by an index value of an element region, it does not prevent garbage collection (reaping) of that symbol. Hence, if the element index value is the only place where the symbol is stored, the symbol gets reaped, and range information is removed from the constraint manager.
This time, i'm not sure if it's the right place to put the fix; probably markLive() itself should handle it transparently, or something like that.
I managed to construct a regression test with the ReturnPtrRange checker. The second test shows that not only the store, but also the environment needs to be fixed.
Thank you for adding this!!! This can be part of this commit or separate; up to you.
Please, update the debugger checkers document in the docs folder with information on how this should be used.