Partial fix for 9049: False negative: uninitialized variable with nested ifs

[pfultz2]

This fixes the case for this:

unsigned int g();
void f(bool a) {
    unsigned int dimensions = 0;
    bool mightBeLarger;
    if (a) {
        dimensions = g();
        if (dimensions >= 1)
            mightBeLarger = false;
    } else {
        mightBeLarger = false;
    }
    if (dimensions == 1)
        return;
    if (!mightBeLarger) {}
}

Which doesnt use a compund condition dimensions >= 1 && b) and it also requires complete variables and functions. The compund condition could be handled in the future by forking within the condition, so if(a && b) { ... } can be treated as if(a) { if(b) { ... }}.

Here is a summary of the changes:

1. Fork-based condition handling — lib/forwardanalyzer.cpp (the largest change)

• When a condition can't be resolved, the traversal now forks: the then-branch is walked by a separate ForwardTraversal, in analyze-only mode when the value can't actually flow into it (opaque/correlated conditions like if (f(x))), so the branch's effect is tracked but nothing is reported there.
• Branch breaks are deferred: if the else kills the value on the main path, the then-fork can still carry it forward.
• Escapes the traversal didn't flag (e.g. unknown noreturn calls) are detected via isEscapeScope, and exit/abort are now recognized as escape functions (lib/astutils.cpp).

2. Program-state anchoring at block boundaries — lib/vf_analyzers.cpp + lib/analyzer.h

• assume() now anchors the assumed state at the block's end (not the condition) when control is leaving an already-traversed branch. This keeps an assumption on a variable modified inside the block (e.g. a nested if narrowing a value computed there) from being discarded as "modified" once control leaves the block.
• New Assume::Pending flag marks the pre-traversal assume (branch walked separately) so it doesn't record premature boundary state.
• ProgramMemoryState::assume gained an optional origin parameter so the anchor point can be overridden.

3. vars-aware execute — lib/programmemory.cpp / .h

• execute/conditionIsTrue/conditionIsFalse now take the tracked values (vars). A tracked value is the authoritative current value of its expression (returned and written back into the program memory), and any cached compound that depends on a tracked value is re-evaluated instead of served stale (getTrackedValue / dependsOnTrackedValue).
• The per-assignment substitution was removed from fillProgramMemoryFromAssignments and now lives entirely in execute so it can be used for all executions.

[firewave]

There is also terminate() but it feels like should already be handled via the noreturn handling below (i.e. library configuration).

[firewave]

Since it is grouped with other similar variables this is fine but in a future we should try to reduce the scope of this (i.e. avoid computing them until they are used).

[pfultz2]

It was moved here so its not calculated multiple times. Probably could use the memoize function to lazily compute it once, but I think its beyond the scope here because I need to evaluate if its slower or not.

[firewave]

I was referring to moving them after the if (!condTok) check. But as also mentioned no need to do so.

[firewave]

The comments and the description appear to hint at AI assistance. Is that the case?

[chrchr-github]

Check time: lib/astutils.cpp: 1h 31m 59.563s vs 1m 32.907s before.