I want to extend the VLA size checker to recognize invalid conditions if the VLA is used through a typedef. But the typedef statement seems to be not evaluated, the VLA size value is not known by the analyzer.

The following code produces a warning:
void check_uninit_sized_VLA() {
int x;
int vla[x]; // expected-warning{{Declared variable-length array (VLA) uses a garbage value as its size}}
}

But the following does not:

void check_uninit_sized_VLA() {
int x;
typedef int VLA[x];
VLA vla; // value of ‘x’ is Unknown here, why ?
}

The checkPreStmt with Decl* is not called for TypedefDecl.
Similarly, at a sizeof(VLA) in the code above x is always Unknown.
How is it possible (if it is) to obtain value of x in these cases, or find a way to check validity of the VLA in the typedef (or a sizeof call)?

Not deeply familiar with the relevant analyzer code, but it looks like the analyzer just isn’t aware that it needs to evaluate typedefs. Try comparing CFGBuilder::VisitDeclSubExpr to CodeGenFunction::EmitDecl/CodeGenFunction::EmitVariablyModifiedType.

-Eli

Not deeply familiar with the relevant analyzer code, but it looks like the analyzer just isn’t aware that it needs to evaluate typedefs. Try comparing CFGBuilder::VisitDeclSubExpr to CodeGenFunction::EmitDecl/CodeGenFunction::EmitVariablyModifiedType.

I'm guessing the analyzer is similarly unaware of evaluations within
typically unevaluated contexts like sizeof.

~Aaron