caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
890c4bece26e005cd9fa5511fe0efa7307794de5
clang-p2996/clang/test/SemaCXX/warn-dangling-local.cpp
Haojian Wu 3eba28d1fd [clang] Extend lifetime analysis to support assignments for pointer-like objects. (#99032) 
This is a follow-up patch to #96475 to detect dangling assignments for
C++ pointer-like objects (classes annotated with the
`[[gsl::Pointer]]`). Fixes #63310.

Similar to the behavior for built-in pointer types, if a temporary owner
(`[[gsl::Owner]]`) object is assigned to a pointer-like class object,
and this temporary object is destroyed at the end of the full assignment
expression, the assignee pointer is considered dangling. In such cases,
clang will emit a warning:

```
/tmp/t.cpp:7:20: warning: object backing the pointer my_string_view will be destroyed at the end of the full-expression [-Wdangling-assignment-gsl]
    7 |   my_string_view = CreateString();
      |                    ^~~~~~~~~~~~~~
1 warning generated.
```

This new warning is `-Wdangling-assignment-gsl`. It is initially
disabled, but I intend to enable it by default in clang 20.

I have initially tested this patch on our internal codebase, and it has
identified many use-after-free bugs, primarily related to `string_view`.
2024-07-18 10:02:35 +02:00

40 lines
1.8 KiB
C++
Raw Blame History

// RUN: %clang_cc1 -verify -std=c++11 -Wdangling-assignment-gsl %s
using T = int[];
void f() {
int *p = &(int&)(int&&)0; // expected-warning {{temporary whose address is used as value of local variable 'p' will be destroyed at the end of the full-expression}}
p = &(int&)(int&&)0; // expected-warning {{object backing the pointer p will be destroyed at the end of the full-expression}}
int *q = (int *const &)T{1, 2, 3}; // expected-warning {{temporary whose address is used as value of local variable 'q' will be destroyed at the end of the full-expression}}
q = (int *const &)T{1, 2, 3}; // expected-warning {{object backing the pointer q will be destroyed at the end of the full-expression}}
// FIXME: We don't warn here because the 'int*' temporary is not const, but
// it also can't have actually changed since it was created, so we could
// still warn.
int *r = (int *&&)T{1, 2, 3};
// FIXME: The wording of this warning is not quite right. There are two
// temporaries here: an 'int* const' temporary that points to the array, and
// is lifetime-extended, and an array temporary that the pointer temporary
// points to, which doesn't live long enough.
int *const &s = (int *const &)T{1, 2, 3}; // expected-warning {{temporary bound to local reference 's' will be destroyed at the end of the full-expression}}
}
// PR38355
void g() {
const int a[] = {a[0]};
const int b[] = {a[0]};
}
namespace std {
// std::basic_string has a hard-coded gsl::owner attr.
struct basic_string {
const char* c_str();
};
} // namespace std
void test(const char* a) {
// verify we're emitting the `-Wdangling-assignment-gsl` warning.
a = std::basic_string().c_str(); // expected-warning {{object backing the pointer a will be destroyed at the end of the full-expression}}
}
Reference in New Issue View Git Blame Copy Permalink