<div dir="ltr"><div>Hi Adrian,</div><div><br></div><div>The y and x in the example have different pointees: y will dangle and x will be a null pointer. We correctly diagnose the dangling but will not warn about the null dereference in this case. The reason is that the current model does not account for nullable owners. This is something we want to address in the future. <br></div><div><br></div><div>
(As the analysis does not do any inter-procedural reasoning:) a slightly different but related question is what assumptions should we have about the non-const uses like the use_unique_ptr function in your example. Should we assume that they invalidate the owners? Should we assume that they reset the owners (make the nullable owners null)? Both? Neither?</div><div><br></div><div>Some experiments showed that the answer might depend on the codebase you are working with, so we plan to introduce switches for all these assumptions.</div><div><br></div><div>Cheers,</div><div>Gabor<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 3 Nov 2019 at 21:52, Adrian via cfe-dev <<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
I have a question about the experimental -Wlifetime flag/the Lifetime<br>
profile of the C++ core guidelines<br>
(<a href="https://github.com/isocpp/CppCoreGuidelines/blob/master/docs/Lifetime.pdf" rel="noreferrer" target="_blank">https://github.com/isocpp/CppCoreGuidelines/blob/master/docs/Lifetime.pdf</a>).<br>
<br>
Consider the following example: <a href="https://godbolt.org/z/L1o35w" rel="noreferrer" target="_blank">https://godbolt.org/z/L1o35w</a><br>
x is a unique pointer, y = x.get()<br>
x is passed by non-const reference to a function, which can modify it<br>
(which it does).<br>
Dereferencing y gives a warning (3rd tab), as the compiler has<br>
detected the dependency of y on x, and the pointer held by x may be<br>
deleted after calling the function.<br>
<br>
However, dereferencing x does not give a warning (and it indeed crashes if run).<br>
It seems to me that the compiler already knows that x is invalid, as<br>
it knows y is invalid from x.<br>
Is there a fundamental reason why it doesn't give a a warning/why it's<br>
hard to in this case?<br>
<br>
Kind regards,<br>
Adrian<br>
_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
</blockquote></div>