This patch is a targeted suppression heuristic for false positives MallocChecker produces when a shared / reference-counting pointer is copied (including, but not limited to, llvm::IntrusiveRefCntPtr). The program increments the reference count through an atomic fetch_add (which is often the C++11 std::atomic<T>::fetch_add() that executes the respective C11 atomic when inlined), then decrements it via fetch_sub (or via fetch_add while adding -1), then sees if the reference count is zero by comparing the value returned by fetch_sub to 1, then deletes the object if the reference count is indeed zero.
These false positives get amplified by inlining temporary destructors, but even in code without any temporary destructors these positives are reproducible, as the tests suggest.
We cannot easily model the comparison to 1 correctly: even if we model all atomic expressions precisely, the original reference count may still have been symbolic to begin with. And if we tried to assume that no overflows occur on reference counts, this would still require pattern-matching heuristics to figure out if a certain variable is a reference counter.
The proposed fix is to suppress MallocChecker positives that are caused by releasing memory in a destructor stack frame (or its children stack frames) after performing any C11 atomic fetch_add or fetch_sub in that destructor's stack frame (or its children stack frames). This is done in a visitor suppression.