Index: lib/StaticAnalyzer/Core/BugReporterVisitors.cpp =================================================================== --- lib/StaticAnalyzer/Core/BugReporterVisitors.cpp +++ lib/StaticAnalyzer/Core/BugReporterVisitors.cpp @@ -647,6 +647,13 @@ R->printPretty(os); } } + } else if (StoreSite->getLocation().getAs()) { + os << "Reach the max loop limit."; + os << " Assigning a conjured symbol"; + if (R->canPrintPretty()) { + os << " to "; + R->printPretty(os); + } } if (os.str().empty()) { Index: lib/StaticAnalyzer/Core/PathDiagnostic.cpp =================================================================== --- lib/StaticAnalyzer/Core/PathDiagnostic.cpp +++ lib/StaticAnalyzer/Core/PathDiagnostic.cpp @@ -690,6 +690,17 @@ return getLocationForCaller(CEE->getCalleeContext(), CEE->getLocationContext(), SMng); + } else if (Optional BE = P.getAs()) { + CFGElement BlockFront = BE->getBlock()->front(); + if (BlockFront.getKind() == CFGElement::Kind::Statement) { + return PathDiagnosticLocation( + BlockFront.getAs()->getStmt()->getLocStart(), SMng); + } else if (BlockFront.getKind() == CFGElement::Kind::NewAllocator) { + return PathDiagnosticLocation(BlockFront.getAs() + ->getAllocatorExpr() + ->getLocStart(), + SMng); + } } else { llvm_unreachable("Unexpected ProgramPoint"); } Index: test/Analysis/loop-widening.c =================================================================== --- test/Analysis/loop-widening.c +++ test/Analysis/loop-widening.c @@ -188,3 +188,15 @@ } clang_analyzer_eval(i >= 2); // expected-warning {{TRUE}} } + +int *p; +int bar(); +int flag; +int test_for_bug_25609() +{ + if (p == 0) + bar(); + for (int i = 0; i < flag; ++i) {} + *p = 25609; // no-crash expected-warning {{Dereference of null pointer (loaded from variable 'p')}} + return *p; +}