The current widening option in the Clang Static Analyzer invalidates (almost) all of the MemRegions when a loop reach its last visit (see: maxBlockVisitOnPath config) and then continue the analysis.
My aim is to create a solution where widening only invalidates the MemRegions which is possibly to affected by the loop. So in case of pointers it requires more effort to track the possible values which can be changed. In this initial patch only specific loops will be invalidated which does not contains (complex, therefore) unhandled statements. (e.g. pointer operations).
In the invalidation process we check the possibly changed variables via ASTMatchers.
In general case the difference between the two approach is:
widen-loops-old | Invalidate everything |
widen-loops-new | Only invalidate modified variables |
But there is another difference when there are pointers (more precisely if it encounters a statement which can result a modified variable but it is not handled yet):
widen-loops-old | Invalidate everything |
widen-loops-new | Invalidate nothing (don't widen) |
Not sure, but i suspect that your approach is actually less conservative than the old one(?) Like, it drops less information.
I think we should try to express more here - these approaches are very different.