A typical (bad) algorithm for erasing elements of a list is the following:
for(auto i = L.begin(); i != L.end(); ++i) { if (condition(*i)) i = L.erase(i); }
If condition() returns true for the last element, then erase() returns the past-the-end iterator which the loop tries to increment which leads to undefined behavior. However, the iterator range checker does not find this bug because the "loop iteration before that last iteration" cannot be recognized by the analyzer. Instead we added an option in this patch to ContainerModeling which enables the modeling checker to assume after every erase that the result is the past-the-end iterator (if this case is possible).