fix(detectors/routine-result): recognise var Result argument as assignment

The RoutineResultUnassigned detector flagged this real-world pattern
(spotted on horse-master Horse.Core.Param.pas:105):

  function THorseCoreParam.GetItem(const AKey: string): string;
  begin
    FParams.TryGetValue(AKey, Result);   // var-param write
  end;

`Result` is written through TryGetValue's `var AValue` parameter -
the function returns a defined value (either the looked-up entry
or the default-initialised empty string). The detector's heuristic
only looked for `Result := ...` or `<FuncName> := ...` direct
assignments and missed the var-param case.

Fix: after the assign-loop, also scan nkCall nodes in the method.
For each call, parse out the argument list (from nkCall.Name which
holds the full call expression text like `Foo(arg1,arg2)`) and check
whether `Result` (or the function name) appears as a word-bounded
identifier inside. If yes, treat it as a potential write and skip
the finding.

Trade-off: lexically we can't distinguish var/out/by-value parameters,
so calls like `Foo(Result)` where Foo takes Result by value (read-only)
now get a free pass even though Result is actually only being read.
Accepted - eliminates the FP cluster for TryGetValue / TryStrToInt /
TryParse... at small false-negative cost for the rarer "Result passed
by value as an arg, never written" pattern.

4 new tests:
- TryGetValuePassesResult_NoFinding   (the actual horse-master case)
- TryStrToIntPassesResult_NoFinding   (RTL Try* pattern)
- CallPassesResultFollowedByOther_NoFinding  (mid-arg position)
- UnrelatedVarSimilarName_StillReported  (word-boundary guard:
  `ResultCache` must not silence the finding)

Author: nrodear

StaticCodeAnalyser.d12.groupproj.local

@@ -2,6 +2,6 @@
 <BorlandProject>
 	<Transactions/>
 	<Default.Personality>
-		<Projects ActiveProject="D:\git-demos\delphi\StaticCodeAnalyser\StaticCodeAnalyserForm\StaticCodeAnalyser.d12.dproj"/>
+		<Projects ActiveProject="D:\git-demos\delphi\StaticCodeAnalyser\StaticCodeAnalyserForm\tests\TestProject.dproj"/>
 	</Default.Personality>
 </BorlandProject>

StaticCodeAnalyserForm/sources/Detectors/uRoutineResultAssigned.pas

@@ -50,7 +50,7 @@
 interface
 
 uses
-  System.SysUtils, System.Generics.Collections,
+  System.SysUtils, System.StrUtils, System.Generics.Collections,
   uAstNode, uSCAConsts, uMethodd12;
 
 type
@@ -176,6 +176,59 @@ function IsResultLhs(const LhsLow, FnNameLow: string): Boolean;
   Result := IsHeadOrAccess('result') or IsHeadOrAccess(FnNameLow);
 end;
 
+function IsIdentChar(c: Char): Boolean; inline;
+begin
+  Result := CharInSet(c, ['A'..'Z', 'a'..'z', '0'..'9', '_']);
+end;
+
+// Word-boundary-Lookup von Needle in Haystack. Beide bereits lowercased.
+// Behandelt `Result.Field`, `Result[i]`, `Result^` als Treffer
+// (`.`, `[`, `^` sind keine Identifier-Chars und zaehlen als Boundary).
+function ContainsIdentifier(const Haystack, Needle: string): Boolean;
+var
+  pIx           : Integer;
+  Before, After : Char;
+begin
+  Result := False;
+  if Needle = '' then Exit;
+  pIx := Pos(Needle, Haystack);
+  while pIx > 0 do
+  begin
+    if pIx = 1 then Before := ' ' else Before := Haystack[pIx - 1];
+    if pIx + Length(Needle) > Length(Haystack) then After := ' '
+    else After := Haystack[pIx + Length(Needle)];
+    if (not IsIdentChar(Before)) and (not IsIdentChar(After)) then
+      Exit(True);
+    pIx := PosEx(Needle, Haystack, pIx + 1);
+  end;
+end;
+
+// True wenn der Call Result (oder den Function-Namen) als Argument
+// uebergibt - z.B. `FParams.TryGetValue(AKey, Result)` oder
+// `TryStrToInt(s, Result)`. Wir wissen lexisch nicht ob das Argument
+// `var`/`out`/by-value ist, behandeln das aber konservativ als potentielle
+// Zuweisung. Eliminiert den FP-Cluster bei TryGetValue / TryParse /
+// TryStrToXxx / TryEncode... bei winzigem False-Negative-Risiko fuer
+// `Foo(Result)`-Calls die Result nur LESEN.
+function CallPassesResultAsArg(CallNode: TAstNode; const FnNameLow: string): Boolean;
+var
+  S, ArgsLow    : string;
+  LParen, RParen: Integer;
+begin
+  Result := False;
+  if CallNode.Kind <> nkCall then Exit;
+  S := CallNode.Name;
+  LParen := Pos('(', S);
+  if LParen = 0 then Exit;
+  RParen := Length(S);
+  while (RParen > LParen) and (S[RParen] <> ')') do Dec(RParen);
+  if RParen <= LParen + 1 then Exit;
+  ArgsLow := LowerCase(Copy(S, LParen + 1, RParen - LParen - 1));
+  Result := ContainsIdentifier(ArgsLow, 'result');
+  if (not Result) and (FnNameLow <> '') then
+    Result := ContainsIdentifier(ArgsLow, FnNameLow);
+end;
+
 class procedure TRoutineResultAssignedDetector.AnalyzeMethod(MethodNode: TAstNode;
   const FileName: string; Results: TObjectList<TLeakFinding>);
 var
@@ -230,6 +283,25 @@ class procedure TRoutineResultAssignedDetector.AnalyzeMethod(MethodNode: TAstNod
     Assigns.Free;
   end;
 
+  // Ergaenzung: Result koennte auch via var/out-Parameter an einen Call
+  // geschrieben werden (`TryGetValue(Key, Result)`, `TryStrToInt(s, Result)`,
+  // ...). Lexisch nicht von by-value-Pass unterscheidbar; konservativ als
+  // potentielle Zuweisung behandeln um FP-Cluster zu eliminieren.
+  if not HasResult then
+  begin
+    Assigns := MethodNode.FindAll(nkCall);
+    try
+      for N in Assigns do
+        if CallPassesResultAsArg(N, FnNameLow) then
+        begin
+          HasResult := True;
+          Break;
+        end;
+    finally
+      Assigns.Free;
+    end;
+  end;
+
   if HasResult then Exit;
 
   F            := TLeakFinding.Create;

StaticCodeAnalyserForm/tests/uTestRoutineResultAssigned.pas

@@ -28,6 +28,10 @@   TTestRoutineResultAssigned = class
     [Test] procedure RecordResult_FieldAssign_NoFinding;
     [Test] procedure ArrayResult_IndexAssign_NoFinding;
     [Test] procedure FnNameDotField_NoFinding;
+    [Test] procedure TryGetValuePassesResult_NoFinding;
+    [Test] procedure TryStrToIntPassesResult_NoFinding;
+    [Test] procedure CallPassesResultFollowedByOther_NoFinding;
+    [Test] procedure UnrelatedVarSimilarName_StillReported;
 
     // ---- Finding-Inhalt ----------------------------------------------------
     [Test] procedure Finding_KindAndSeverity;
@@ -252,6 +256,70 @@ procedure TTestRoutineResultAssigned.FnNameDotField_NoFinding;
   finally F.Free; end;
 end;
 
+procedure TTestRoutineResultAssigned.TryGetValuePassesResult_NoFinding;
+// Original-FP aus horse-master/Horse.Core.Param.pas:
+// Result wird via `var`-Parameter an TryGetValue uebergeben - das ist
+// eine Zuweisung von der Callee-Seite, der Detector muss sie erkennen.
+const SRC =
+  'unit t; implementation'#13#10 +
+  'function GetItem(const AKey: string): string;'#13#10 +
+  'begin'#13#10 +
+  '  FParams.TryGetValue(AKey, Result);'#13#10 +
+  'end;';
+var F: TObjectList<TLeakFinding>;
+begin
+  F := TFindingHelper.FindingsOf(SRC);
+  try Assert.AreEqual(0, TFindingHelper.Count(F, fkRoutineResultUnassigned));
+  finally F.Free; end;
+end;
+
+procedure TTestRoutineResultAssigned.TryStrToIntPassesResult_NoFinding;
+// RTL-Standard: TryStrToInt schreibt das Ergebnis ueber var-Param.
+const SRC =
+  'unit t; implementation'#13#10 +
+  'function Parse(const S: string): Integer;'#13#10 +
+  'begin'#13#10 +
+  '  TryStrToInt(S, Result);'#13#10 +
+  'end;';
+var F: TObjectList<TLeakFinding>;
+begin
+  F := TFindingHelper.FindingsOf(SRC);
+  try Assert.AreEqual(0, TFindingHelper.Count(F, fkRoutineResultUnassigned));
+  finally F.Free; end;
+end;
+
+procedure TTestRoutineResultAssigned.CallPassesResultFollowedByOther_NoFinding;
+// Result als nicht-letztes Argument.
+const SRC =
+  'unit t; implementation'#13#10 +
+  'function Compute: Integer;'#13#10 +
+  'begin'#13#10 +
+  '  DoWork(Result, ''logKey'', 42);'#13#10 +
+  'end;';
+var F: TObjectList<TLeakFinding>;
+begin
+  F := TFindingHelper.FindingsOf(SRC);
+  try Assert.AreEqual(0, TFindingHelper.Count(F, fkRoutineResultUnassigned));
+  finally F.Free; end;
+end;
+
+procedure TTestRoutineResultAssigned.UnrelatedVarSimilarName_StillReported;
+// `ResultCache` ist NICHT `Result` - Word-Boundary muss verhindern, dass
+// das Finding faelschlich verschwindet.
+const SRC =
+  'unit t; implementation'#13#10 +
+  'function Foo: Integer;'#13#10 +
+  'var ResultCache: Integer;'#13#10 +
+  'begin'#13#10 +
+  '  DoWork(ResultCache);'#13#10 +
+  'end;';
+var F: TObjectList<TLeakFinding>;
+begin
+  F := TFindingHelper.FindingsOf(SRC);
+  try Assert.AreEqual(1, TFindingHelper.Count(F, fkRoutineResultUnassigned));
+  finally F.Free; end;
+end;
+
 procedure TTestRoutineResultAssigned.Finding_KindAndSeverity;
 const SRC =
   'unit t; implementation'#13#10 +