MTC (Henry Wong)
Engineering

Projects

User does not belong to any projects.

User Details

User Since
Jul 19 2017, 4:18 AM (44 w, 2 d)

Recent Activity

Mon, May 21

MTC added inline comments to D47135: [analyzer][WIP] A checker for dangling string pointers in C++.
Mon, May 21, 6:28 AM

Tue, May 15

MTC updated the diff for D44934: [analyzer] Improve the modeling of `memset()`..
  • According to NoQ's suggestion, use assumeZero() instead of isZeroConstant() to determine whether the value is 0.
  • Add test memset26_upper_UCHAR_MAX() and memset27_symbol()
  • Since void *memset( void *dest, int ch, size_t count ); will converts the value ch to unsigned char, we call evalCast() accordingly.
Tue, May 15, 7:07 AM
MTC added inline comments to D44934: [analyzer] Improve the modeling of `memset()`..
Tue, May 15, 6:51 AM

Thu, May 10

MTC added a comment to D44934: [analyzer] Improve the modeling of `memset()`..

ping.

Thu, May 10, 8:13 AM

Sat, May 5

MTC updated the diff for D44934: [analyzer] Improve the modeling of `memset()`..
  • Since there is no perfect way to handle the default binding of non-zero character, remove the default binding of non-zero character. Use bindDefaulrZero() instead of overwriteRegion() to bind the zero character.
  • Reuse assume() instead of isZeroConstant() to determine whether it is zero character. The purpose of this is to be able to set the string length when dealing with non-zero symbol character.
Sat, May 5, 3:55 AM

Fri, May 4

MTC added a comment to D44934: [analyzer] Improve the modeling of `memset()`..
In D44934#1088771, @NoQ wrote:

Hmm, ok, it seems that i've just changed the API in D46368, and i should have thought about this use case. Well, at least i have some background understanding of these problems now. Sorry for not keeping eye on this problem.

In D44934#1051002, @NoQ wrote:

Why do you need separate code for null and non-null character? The function's semantics doesn't seem to care.

I guess i can answer myself here:

int32_t x;
memset(&x, 1, sizeof(int32_t));
clang_analyzer_eval(x == 0x1010101); // should be TRUE

I really doubt that we support this case.

So, yeah, zero character is indeed special.

Thank you, Artem! I did not consider this common situation. This patch does not really support this situation, in this patch the value of x will be 1, it's not correct!

Fri, May 4, 9:31 PM

Thu, May 3

MTC updated the diff for D44934: [analyzer] Improve the modeling of `memset()`..
  • fix typos
  • code refactoring, add auxiliary method memsetAux()
  • according to a.sidorin's suggestions, remove the useless state splitting.
  • make StoreManager::overwriteRegion() pure virtual
Thu, May 3, 7:41 AM

Wed, May 2

MTC added a comment to D44934: [analyzer] Improve the modeling of `memset()`..

Sorry for the long delay, I have just finished my holiday.

Wed, May 2, 5:58 AM

Fri, Apr 27

MTC added a comment to D44934: [analyzer] Improve the modeling of `memset()`..

ping^2

Fri, Apr 27, 12:36 AM

Apr 25 2018

MTC updated the diff for D46007: [analyzer] Add `TaintBugVisitor` to the ArrayBoundV2, DivideZero and VLASize..

Since BugReport::addVisitor() has checks for the null Visitor, remove the checks before BugReport->addVisitor().

Apr 25 2018, 5:31 AM
MTC added inline comments to D46007: [analyzer] Add `TaintBugVisitor` to the ArrayBoundV2, DivideZero and VLASize..
Apr 25 2018, 5:25 AM

Apr 24 2018

MTC created D46007: [analyzer] Add `TaintBugVisitor` to the ArrayBoundV2, DivideZero and VLASize..
Apr 24 2018, 6:15 AM

Apr 22 2018

MTC added a comment to D45682: [analyzer] Move `TaintBugVisitor` from `GenericTaintChecker.cpp` to `BugReporterVisitors.h`..

I'm new to the taint visitor, but I am quite confused by your change description.

and many checkers rely on it

How can other checkers rely on it if it's private to the taint checker?

Thanks for your review, george! TaintBugVisitor is an utility to add extra information to illustrate where the taint information originated from. There are several checkers use taint information, e.g. ArrayBoundCheckerV2.cpp, in some cases it will report a warning, like warning: Out of bound memory access (index is tainted). If TaintBugVisitor moves to BugReporterVisitors.h, ArrayBoundCheckerV2 can add extra notes like Taint originated here to the report by adding TaintBugVisitor.

Apr 22 2018, 6:55 AM

Apr 18 2018

MTC added a comment to D45774: [analyzer] cover more cases where a Loc can be bound to constants.

Test files for initialization missing? : )

Apr 18 2018, 7:35 PM

Apr 17 2018

MTC added a comment to D45532: [StaticAnalyzer] Checker to find uninitialized fields after a constructor call.

There is something that came up in my mind:

Consider a construct like this:

class A
{
  A()
  {
    memset(X, 0, 10 * sizeof(int));
  }

  int X[10];
};

I think it's worthy for a test case if this X is considered unitialised at the end of the constructor or not. (And if not, a ticket, or a fix for SA in a subpatch.)

Apr 17 2018, 4:11 AM

Apr 16 2018

MTC created D45682: [analyzer] Move `TaintBugVisitor` from `GenericTaintChecker.cpp` to `BugReporterVisitors.h`..
Apr 16 2018, 5:17 AM

Apr 14 2018

MTC added a comment to D45491: [analyzer] Do not invalidate the `this` pointer..
In D45491#1067852, @NoQ wrote:

Yeah, i think this makes sense, thanks! It feels a bit weird that we have to add it as an exception - i wonder if there are other exceptions that we need to make. Widening over the stack memory space should be a whitelist, not a blacklist, because we can easily enumerate all stack variables and see which of them can be modified at all from the loop. But until we have that, this looks like a reasonable workaround.

Apr 14 2018, 3:01 AM

Apr 13 2018

MTC added inline comments to D45532: [StaticAnalyzer] Checker to find uninitialized fields after a constructor call.
Apr 13 2018, 4:46 AM

Apr 11 2018

MTC updated the diff for D45491: [analyzer] Do not invalidate the `this` pointer..
  • Move the CXXThisRegion's check to LoopWidening.cpp
  • Use isa<CXXThisRegion>(R) instead of CXXThisRegion::classof(R).
Apr 11 2018, 8:59 AM
MTC added inline comments to D45491: [analyzer] Do not invalidate the `this` pointer..
Apr 11 2018, 6:43 AM
MTC added a comment to D45491: [analyzer] Do not invalidate the `this` pointer..

@MTC what happens for

this.j = 0;
for (int i=0; i<100; i++)
   this.j++;

?

Apr 11 2018, 6:33 AM

Apr 10 2018

MTC updated the summary of D45491: [analyzer] Do not invalidate the `this` pointer..
Apr 10 2018, 8:36 AM
MTC created D45491: [analyzer] Do not invalidate the `this` pointer..
Apr 10 2018, 8:36 AM

Apr 2 2018

MTC added a comment to D44934: [analyzer] Improve the modeling of `memset()`..

Kindly ping!

Apr 2 2018, 8:47 AM
MTC updated the diff for D44934: [analyzer] Improve the modeling of `memset()`..

Thank you for your reminding, I overlooked this point. However for non-concrete character, the symbol value, if we just invalidate the region, the constraint information of the non-concrete character will be lost. Do we need to consider this?

Apr 2 2018, 8:44 AM

Mar 30 2018

MTC updated the diff for D45086: [analyzer] Unroll the loop when it has a unsigned counter..

Fix typo, unsinged -> unsigned

Mar 30 2018, 8:40 PM
MTC created D45086: [analyzer] Unroll the loop when it has a unsigned counter..
Mar 30 2018, 6:36 AM
MTC updated the summary of D45086: [analyzer] Unroll the loop when it has a unsigned counter..
Mar 30 2018, 6:36 AM
MTC created D45081: [analyzer] Remove the unused method declaration in `ValistChecker.cpp`..
Mar 30 2018, 4:52 AM
MTC updated the diff for D44934: [analyzer] Improve the modeling of `memset()`..

According to @NoQ's suggestion, remove the duplicated code.

Mar 30 2018, 4:37 AM
MTC added a comment to D44934: [analyzer] Improve the modeling of `memset()`..

Thanks for your review, NoQ!

Mar 30 2018, 4:32 AM

Mar 27 2018

Herald added a reviewer for D18860: [analyzer] Fix the "Zombie symbols" issue.: george.karpenkov.
Mar 27 2018, 10:18 PM
MTC updated the summary of D44934: [analyzer] Improve the modeling of `memset()`..
Mar 27 2018, 7:48 AM
MTC created D44934: [analyzer] Improve the modeling of `memset()`..
Mar 27 2018, 7:39 AM

Mar 22 2018

Herald added a reviewer for D34260: [StaticAnalyzer] Completely unrolling specific loops with known bound option : george.karpenkov.
Mar 22 2018, 5:09 AM

Mar 21 2018

MTC updated subscribers of rC328067: Revert r326782 "[analyzer] CStringChecker.cpp: Remove the duplicated check..."..

Thank you for taking the time to pay attention to this problem, @NoQ. The reason for the test regression is that CheckBufferAccess() does not guarantee that CheckNonNull() must be called for the second buffer, see https://github.com/llvm-mirror/clang/blob/master/lib/StaticAnalyzer/Checkers/CStringChecker.cpp#L385.

Mar 21 2018, 9:40 AM

Mar 19 2018

MTC updated the diff for D44606: [analyzer] Fix the crash in `IteratorChecker.cpp` when `SymbolConjured` has a null Stmt..

Add the comments as suggested by @szepet .

Mar 19 2018, 10:08 PM
MTC added a comment to D44557: [analyzer] CStringChecker.cpp - Code refactoring on bug report..
In D44557#1042357, @NoQ wrote:

Sorry, one moment, i'm seeing a few regressions after the previous refactoring but i didn't look at them closely yet to provide a reproducer. I'll get back to this.

Mar 19 2018, 6:58 PM
MTC added a comment to D44606: [analyzer] Fix the crash in `IteratorChecker.cpp` when `SymbolConjured` has a null Stmt..

Just in case: we indeed do not guarantee that SymbolConjured corresponds to a statement; it is, however, not intended, but rather a bug.

Thank you for your explanation and the reasonable example, NoQ.

Mar 19 2018, 6:48 PM
MTC added a comment to D44606: [analyzer] Fix the crash in `IteratorChecker.cpp` when `SymbolConjured` has a null Stmt..

One small nit for future debugging people: Could you insert a comment line in the test case where you explain what is this all about? E.g what you just have written in the description: "invalidateRegions() will construct the SymbolConjured with null Stmt" or something like this.

Mar 19 2018, 6:29 PM

Mar 18 2018

MTC updated the summary of D44606: [analyzer] Fix the crash in `IteratorChecker.cpp` when `SymbolConjured` has a null Stmt..
Mar 18 2018, 1:08 AM
MTC created D44606: [analyzer] Fix the crash in `IteratorChecker.cpp` when `SymbolConjured` has a null Stmt..
Mar 18 2018, 1:05 AM

Mar 16 2018

MTC created D44557: [analyzer] CStringChecker.cpp - Code refactoring on bug report..
Mar 16 2018, 5:29 AM

Mar 6 2018

MTC updated the summary of D43741: [Analyzer] More accurate modeling about the increment operator of the operand with type bool..
Mar 6 2018, 4:28 AM
MTC updated the diff for D43741: [Analyzer] More accurate modeling about the increment operator of the operand with type bool..

Remove the default configuration -analyzer-store=region in the test file.

Mar 6 2018, 4:27 AM

Mar 4 2018

MTC created D44075: [analyzer] CStringChecker.cpp: Remove the duplicated check about null dereference on dest-buffer or src-buffer..
Mar 4 2018, 1:41 AM

Mar 3 2018

MTC added a comment to D39159: [analyzer] Improves the logic of GenericTaintChecker identifying stdin..

@NoQ, Very sorry, I've forgotten about this patch, it has now been updated.

Mar 3 2018, 11:20 PM
MTC updated the diff for D39159: [analyzer] Improves the logic of GenericTaintChecker identifying stdin..

Update the taint-generic.c to test both stdin declaration variants.

Mar 3 2018, 11:19 PM
MTC added a comment to D43741: [Analyzer] More accurate modeling about the increment operator of the operand with type bool..

Thank you for your review, @NoQ!

Mar 3 2018, 3:22 AM
MTC updated the diff for D43741: [Analyzer] More accurate modeling about the increment operator of the operand with type bool..
  • If the operand of the ++ operator is of type _Bool, also set to true.
  • Add test file _Bool-increment-decement.c.
Mar 3 2018, 3:20 AM

Mar 2 2018

MTC added a comment to D43741: [Analyzer] More accurate modeling about the increment operator of the operand with type bool..

i see, but just in case - what about the decrement operator ?

Mar 2 2018, 2:28 AM

Feb 25 2018

MTC created D43741: [Analyzer] More accurate modeling about the increment operator of the operand with type bool..
Feb 25 2018, 6:05 AM

Feb 8 2018

MTC created D43074: [Analyzer] Fix a typo about `categories::MemoryError` in `MallocChecker.cpp`.
Feb 8 2018, 7:44 AM
MTC added a comment to D42300: [Analyzer] Add PreStmt and PostStmt callbacks for OffsetOfExpr.

@NoQ Sorry to bother you again. It seems that this patch is useless to analyzer temporarily, if you think so, I will abandon it : ).

Feb 8 2018, 7:32 AM
MTC updated the diff for D42300: [Analyzer] Add PreStmt and PostStmt callbacks for OffsetOfExpr.

rebase

Feb 8 2018, 7:30 AM

Feb 1 2018

MTC added a comment to D42785: [Analyzer] Fix a typo in `ExprEngine::VisitMemberExpr`.
In D42785#995211, @NoQ wrote:

Ew. So it means that checker transitions are currently discarded. Great catch. I guess we don't use this functionality yet, so we can't test it, but the fix should definitely go in.

You are right, that's why I don't know how to add test for this change.

Feb 1 2018, 6:14 PM
MTC updated the summary of D42785: [Analyzer] Fix a typo in `ExprEngine::VisitMemberExpr`.
Feb 1 2018, 1:44 AM
MTC created D42785: [Analyzer] Fix a typo in `ExprEngine::VisitMemberExpr`.
Feb 1 2018, 1:44 AM

Jan 20 2018

MTC added a comment to D42300: [Analyzer] Add PreStmt and PostStmt callbacks for OffsetOfExpr.
In D42300#982187, @NoQ wrote:

My intuition suggests that this checker shouldn't be path-sensitive; our path-sensitive analysis does very little to help you with this particular checker, and you might end up with a much easier and more reliable checker if you turn it into a simple AST visitor or an AST matcher. Just a heads up.

Jan 20 2018, 1:31 AM
MTC updated the diff for D42300: [Analyzer] Add PreStmt and PostStmt callbacks for OffsetOfExpr.
  • Use C++11 range-based for loop to traverse ExplodedNodeSet.
  • Define the macro offsetof in system-header-simulator.h.
Jan 20 2018, 1:21 AM

Jan 19 2018

MTC created D42300: [Analyzer] Add PreStmt and PostStmt callbacks for OffsetOfExpr.
Jan 19 2018, 7:02 AM

Jan 17 2018

MTC abandoned D36708: [analyzer] Fix Bug34144-[MallocChecker] MallocChecker::MallocUpdateRefState(): Assertion `Sym' failed..
Jan 17 2018, 9:29 PM
MTC abandoned D36329: Modify the annotation for the PrintStackTraceOnErrorSignal() in the llvm/include/llvm/Support/Signals.h..
Jan 17 2018, 9:28 PM
MTC abandoned D37189: Fix an assertion failure that occured when custom 'operator new[]' return non-ElementRegion and 'c++-allocator-inlining' sets true..
Jan 17 2018, 6:36 PM
MTC added a comment to D37189: Fix an assertion failure that occured when custom 'operator new[]' return non-ElementRegion and 'c++-allocator-inlining' sets true..
In D37189#979795, @NoQ wrote:

Oh well, i guess i covered this in my recent patches anyway (esp. r322787/D41406). Sorry, i just fixed everything differently and it became unclear how to integrate your patch into the whole thing.

Jan 17 2018, 6:22 PM

Jan 16 2018

MTC updated the summary of D42106: [analyzer] Remove the useless method declararion 'BugReporter::RemoveUnneededCalls()'..
Jan 16 2018, 7:17 AM
MTC retitled D42106: [analyzer] Remove the useless method declararion 'BugReporter::RemoveUnneededCalls()'. from [analyzer] Remove the useless method declararion 'BugReporter::RemoveUnneedCalls()'. to [analyzer] Remove the useless method declararion 'BugReporter::RemoveUnneededCalls()'..
Jan 16 2018, 7:17 AM
MTC created D42106: [analyzer] Remove the useless method declararion 'BugReporter::RemoveUnneededCalls()'..
Jan 16 2018, 7:17 AM

Dec 12 2017

MTC added inline comments to D41151: [analyzer] Adding LoopContext and improve loop modeling.
Dec 12 2017, 11:19 PM

Dec 8 2017

MTC added a comment to D37189: Fix an assertion failure that occured when custom 'operator new[]' return non-ElementRegion and 'c++-allocator-inlining' sets true..

Thank you for your constant attention to this problem, Artem. I've updated the diff. As you said, this is a complex problem and look forward to your work on this issue.

Dec 8 2017, 8:18 PM
MTC updated the diff for D37189: Fix an assertion failure that occured when custom 'operator new[]' return non-ElementRegion and 'c++-allocator-inlining' sets true..

Use 'return State' instead of 'return nullptr'.

Dec 8 2017, 8:10 PM

Nov 28 2017

MTC added a comment to D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

Hi dcoughlin,

Nov 28 2017, 5:29 AM
MTC updated the diff for D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

Update the llvm_unreachable's description of the BlockEntrance-branch from "Unexpected ProgramPoint" to "Unexpected CFG element at front of block".

Nov 28 2017, 5:25 AM

Nov 25 2017

MTC updated the diff for D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

1.Use the getAs<> in the if condition.
2.Add an "Unexpected ProgramPoint" assertion to make this patch more complete.

Nov 25 2017, 1:22 AM

Nov 21 2017

MTC added inline comments to D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.
Nov 21 2017, 7:20 AM
MTC updated the diff for D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

Update diff, use the SourceLocation of the first element of the entered block as the argument of PathDiagnosticLocation.

Nov 21 2017, 7:06 AM

Nov 7 2017

MTC added a comment to D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

ping?

Nov 7 2017, 12:31 AM

Nov 1 2017

MTC added a comment to D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

ping?

Nov 1 2017, 7:33 AM

Oct 31 2017

MTC added a comment to D39159: [analyzer] Improves the logic of GenericTaintChecker identifying stdin..
In D39159#910466, @NoQ wrote:

Maybe we could also test both declaration variants, i.e.:

Oct 31 2017, 8:27 AM

Oct 27 2017

MTC added a comment to D39159: [analyzer] Improves the logic of GenericTaintChecker identifying stdin..

I do not have commit access and hope someone can commit it on my behalf. Thanks a lot!

Oct 27 2017, 7:24 PM

Oct 26 2017

MTC updated the diff for D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

Split the long "expected" line into multiple lines.

Oct 26 2017, 6:13 AM

Oct 25 2017

MTC updated the diff for D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

The message about invalidate variable values is temporarily not printed. This work can be done with separate patch.

Oct 25 2017, 8:50 AM

Oct 24 2017

MTC added a comment to D31868: [analyzer] Check NULL pointer dereference issue for memset function.

One of the possible improvements for future work here would be to actually bind the second argument value to the buffer instead of just invalidating it. Like, after memset(buf, 0, sizeof(buf)) the analyzer should know that all values in the buf array are 0. In the analyzer we have the notion of *default bindings* to handle that (see documentation in docs/analyzer/RegionStore.txt for more details).

Oct 24 2017, 2:01 AM

Oct 22 2017

MTC added a reviewer for D36329: Modify the annotation for the PrintStackTraceOnErrorSignal() in the llvm/include/llvm/Support/Signals.h.: echristo.
Oct 22 2017, 12:01 AM

Oct 21 2017

MTC updated the diff for D39159: [analyzer] Improves the logic of GenericTaintChecker identifying stdin..
  1. taint-tester.c has some tests about stdin, so I only modified the parts of stdin in Inputs/system-header-simulator.h.
  2. The C standard does not specify the implementation of FILE, so I continue to use typedef _FILE FILEto define the FILE type.
Oct 21 2017, 11:51 PM
MTC created D39159: [analyzer] Improves the logic of GenericTaintChecker identifying stdin..
Oct 21 2017, 6:10 AM

Aug 31 2017

MTC added inline comments to D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.
Aug 31 2017, 10:13 AM
MTC updated the diff for D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

(1) Modify the description of the bug report
(2) Update loop-widening-notes.c
(3) PathDiagnosticLocation::create() - Use the location of TerminatorCondition.

Aug 31 2017, 10:09 AM

Aug 30 2017

MTC added a comment to D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

Hi peter,

Aug 30 2017, 7:13 PM

Aug 28 2017

MTC added inline comments to D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.
Aug 28 2017, 6:57 PM
MTC updated the diff for D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

Add the test file and modify the description in the analyzer output.

Aug 28 2017, 2:21 PM
MTC updated the diff for D37189: Fix an assertion failure that occured when custom 'operator new[]' return non-ElementRegion and 'c++-allocator-inlining' sets true..

Update the 'assert' condition and the code comment.

Aug 28 2017, 10:32 AM
MTC added a comment to D37189: Fix an assertion failure that occured when custom 'operator new[]' return non-ElementRegion and 'c++-allocator-inlining' sets true..
In D37189#854062, @NoQ wrote:

I believe a custom operator new (or new[], regardless) can always return anything it wants. It can return a pointer to a concrete global variable, for example. So the only thing we can assert is that our operator is custom.

Aug 28 2017, 8:13 AM
MTC added a comment to D36708: [analyzer] Fix Bug34144-[MallocChecker] MallocChecker::MallocUpdateRefState(): Assertion `Sym' failed..
In D36708#854060, @NoQ wrote:

We can probably land D37189 first, and then land this patch with a test?

Aug 28 2017, 8:02 AM
MTC updated the diff for D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.

Sorry, remove irrelevant code updates.

Aug 28 2017, 6:42 AM

Aug 27 2017

MTC added a comment to D36708: [analyzer] Fix Bug34144-[MallocChecker] MallocChecker::MallocUpdateRefState(): Assertion `Sym' failed..

Hi MTC,

Could you please split out the fix (b) into it's separate patch? We would like to have the patches be as incremental as possible.

Thanks for working on this!

Aug 27 2017, 5:20 AM
MTC updated the diff for D36708: [analyzer] Fix Bug34144-[MallocChecker] MallocChecker::MallocUpdateRefState(): Assertion `Sym' failed..

Because the way I submit the diff is not reasonable, the same diff corresponds to multiple purposes. This diff is primarily to address Bug34144.

Aug 27 2017, 5:07 AM
MTC updated the summary of D37189: Fix an assertion failure that occured when custom 'operator new[]' return non-ElementRegion and 'c++-allocator-inlining' sets true..
Aug 27 2017, 4:37 AM
MTC created D37189: Fix an assertion failure that occured when custom 'operator new[]' return non-ElementRegion and 'c++-allocator-inlining' sets true..
Aug 27 2017, 4:36 AM
MTC updated the diff for D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true.
Aug 27 2017, 4:03 AM