<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Can't get any warnings or errors for code full of bugs"

   href="https://bugs.llvm.org/show_bug.cgi?id=49744">49744</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Can't get any warnings or errors for code full of bugs

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>11.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>-New Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>jeanmichael.celerier@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org, neeilans@live.com, richard-llvm@metafoo.co.uk

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Hello,

consider the following code, ostensibly broken: it assigns a string that lives

on the stack to a string_view, uses another in a reference lambda capture, it's

a mess:

    #include <string>

    #include <string_view>

    #include <functional>

    struct foo

    {

        std::string_view s;

        std::function<void()> v;

    };

    struct bar

    {

        foo* the_foo{};

        void x(foo& f)

        {

            std::string z = "hello";

            f.s = std::string("hello");

            f.v = [&] { printf("%s", z.c_str()); };

            the_foo = &f;

        }

        void y(foo& f)

        {

            printf("%s", f.s.data());

            f.v();

        }

    };

    void do_stuff(bar& b, foo& f)

    {

        b.x(f);

    }

    int main()

    {

        bar b;

        foo f;

        do_stuff(b, f);

        b.y(f);

    }

Yet neither of clang-tidy -checks='*' or -fsanitize=address

-fsanitize=undefined is able to find anything wrong.

At -O3 the output is obviously bogus.

What is missing in the toolchain for detection of such cases, either at

static-analysis-time or at run-time, to work ?</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>