[PATCH] D44131: [analyzer] Support temporaries conjured by conservatively evaluated functions.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Mar 5 18:06:28 PST 2018
NoQ created this revision.
NoQ added reviewers: dcoughlin, xazax.hun, a.sidorin, george.karpenkov, szepet, baloghadamsoftware.
Herald added subscribers: cfe-commits, rnkovacs.
If a conservatively evaluated function returns a C++ object by value, it no longer returns a conjured symbol. Instead it creates a proper temporary region, wipes it with a conjured symbol, returns the compound value, and then lifetime-extends/destroys the newly created object properly, while making sure its this-region is known from the beginning to the end of the object's lifetime and doesn't change in the process.
This review obsoletes https://reviews.llvm.org/D27202 and is better because the temporary is not only created but also correctly managed.
It allows us, in particular, to inline the destructor of such conjured temporary objects. I do not know whether it is a good idea or we should disable inlining specifically via a separate flag. But even without inlining, this change would hopefully help various C++ checkers track the object by keeping both its lvalue and its rvalue stable in all circumstances (as long as the construction context is available). For now i did not have a look at how current checkers are affected, but @baloghadamsoftware and @szepet might be interested.
C objects are untouched (i.e. still represented by conjured symbols) because they don't require lifetime management or even having a "this".
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5197 bytes
Desc: not available
More information about the cfe-commits