[StaticAnalyzer] Threshold on number of checks

Hi,

I have a trivial case where the Static Analyzer is not catching a double free bug:

Hello,

you are probably seeing this behavior as a result of the maximum number of times a loop is unrolled during the symbolic execution of the program (by default, 4 times).

You can change the unroll limit with the following command line argument:

clang -cc1 -analyze -analyzer-max-loop 100 -analyzer-checker=core […]

The command above will change the unroll limit to 100 (however, you will probably see performance issues). The loop widening project (http://lists.llvm.org/pipermail/cfe-dev/2017-March/053060.html) might help with your issue once finished.

Best,
Stefan

Thanks Stefan,

The bug is being caught now. Our present use case favors precision over speed so this would solve our problem.