[StaticAnalyzer] Threshold on number of checks


I have a trivial case where the Static Analyzer is not catching a double free bug:


you are probably seeing this behavior as a result of the maximum number of times a loop is unrolled during the symbolic execution of the program (by default, 4 times).

You can change the unroll limit with the following command line argument:

clang -cc1 -analyze -analyzer-max-loop 100 -analyzer-checker=core […]

The command above will change the unroll limit to 100 (however, you will probably see performance issues). The loop widening project (http://lists.llvm.org/pipermail/cfe-dev/2017-March/053060.html) might help with your issue once finished.


Thanks Stefan,

The bug is being caught now. Our present use case favors precision over speed so this would solve our problem.