I've got a simple example working, but there's quite a bit of work remaining on this patch for now.
Argument constructor is being called with a target region that is a parameter variable region that corresponds to the stack frame of the future function call. The region is tracked within the program state until we evaluate the call itself in order to ensure that bindings are not garbage-collected.
The annoying part is, of course, to make sure we guess the future stack frame correctly. I need to re-use some code and add some assertions to make sure i'm doing it right, and additionally it requires mapping an expression back to CFG, which i currently do via a CFGStmtMap instead of passing it directly (i'm not sure i'll be committing into finding the beautiful solution here, because there are other bigger issues for now).
The other annoying part is to match parameters to arguments, because operator calls have one of these shifted by 1, and also there are C-style variadic functions. I need to make a reusable code to make this easier.
Support for constructors of placement arguments of operator new() is still pending, even in CFG. Not hard, but also annoying.
Last but not least, once we inline the constructors, we need to invalidate the parameter region itself (not just regions reachable from it!) when the call is evaluated conservatively because https://bugs.llvm.org/show_bug.cgi?id=37459 (D48249). I marked these tests as FIXME for now but i plan to fix them before committing. That's also blocked on matching arguments to parameters.
first two if's could be joined with &&