RetainCountChecker appears to be using MemRegion::getString() to present the region to the user, which is equivalent to MemRegion->dump() and as such may produce human-unreadable dumps.
Fortunately, for now RetainCountChecker only tracks pointer bindings through local variables, and treats all other bindings as pointer escapes. For local variables, this worked well.
Before r315736/D38877, however, it used to be possible to modify retain count of a pointer "in place" after writing it anywhere, eg.:
anyWeirdLocation = x; SafeCFRetain(anyWeirdLocation);
...which not only caused a leak false positive, but also triggered a dump of anyWeirdLocation (which may be literally any weird location) into the checker's warning message.
So for now i'm not seeing any other cases where this leaks, but i still want to add an assertion to make sure this never happens again.