[all-commits] [llvm/llvm-project] 5343dd: [LifetimeSafety] Detect use-after-return (#165370)
Kashika Akhouri via All-commits
all-commits at lists.llvm.org
Wed Nov 19 04:13:08 PST 2025
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 5343dd92303657dc15f4038a3843ddb778760242
https://github.com/llvm/llvm-project/commit/5343dd92303657dc15f4038a3843ddb778760242
Author: Kashika Akhouri <77923634+kashika0112 at users.noreply.github.com>
Date: 2025-11-19 (Wed, 19 Nov 2025)
Changed paths:
M clang/include/clang/Analysis/Analyses/LifetimeSafety/Facts.h
M clang/include/clang/Analysis/Analyses/LifetimeSafety/FactsGenerator.h
M clang/include/clang/Analysis/Analyses/LifetimeSafety/LifetimeSafety.h
M clang/include/clang/Analysis/Analyses/LifetimeSafety/LiveOrigins.h
M clang/include/clang/Basic/DiagnosticSemaKinds.td
M clang/lib/Analysis/LifetimeSafety/Checker.cpp
M clang/lib/Analysis/LifetimeSafety/Dataflow.h
M clang/lib/Analysis/LifetimeSafety/Facts.cpp
M clang/lib/Analysis/LifetimeSafety/FactsGenerator.cpp
M clang/lib/Analysis/LifetimeSafety/LiveOrigins.cpp
M clang/lib/Analysis/LifetimeSafety/LoanPropagation.cpp
M clang/lib/Sema/AnalysisBasedWarnings.cpp
M clang/test/Sema/warn-lifetime-safety-dataflow.cpp
M clang/test/Sema/warn-lifetime-safety.cpp
M clang/unittests/Analysis/LifetimeSafetyTest.cpp
Log Message:
-----------
[LifetimeSafety] Detect use-after-return (#165370)
Adding "use-after-return" in Lifetime Analysis.
Detecting when a function returns a reference to its own stack memory:
[UAR Design
Doc](https://docs.google.com/document/d/1Wxjn_rJD_tuRdejP81dlb9VOckTkCq5-aE1nGcerb_o/edit?usp=sharing)
Consider the following example:
```cpp
std::string_view foo() {
std::string_view a;
std::string str = "small scoped string";
a = str;
return a;
}
```
The code adds a new Fact "OriginEscape" in the end of the CFG to
determine any loan that is escaping the function as shown below:
```
Function: foo
Block B2:
End of Block
Block B1:
OriginFlow (Dest: 0 (Decl: a), Src: 1 (Expr: CXXConstructExpr))
OriginFlow (Dest: 2 (Expr: ImplicitCastExpr), Src: 3 (Expr: StringLiteral))
Issue (0 (Path: operator=), ToOrigin: 4 (Expr: DeclRefExpr))
OriginFlow (Dest: 5 (Expr: ImplicitCastExpr), Src: 4 (Expr: DeclRefExpr))
Use (0 (Decl: a), Write)
Issue (1 (Path: str), ToOrigin: 6 (Expr: DeclRefExpr))
OriginFlow (Dest: 7 (Expr: ImplicitCastExpr), Src: 6 (Expr: DeclRefExpr))
OriginFlow (Dest: 8 (Expr: CXXMemberCallExpr), Src: 7 (Expr: ImplicitCastExpr))
OriginFlow (Dest: 9 (Expr: ImplicitCastExpr), Src: 8 (Expr: CXXMemberCallExpr))
OriginFlow (Dest: 10 (Expr: ImplicitCastExpr), Src: 9 (Expr: ImplicitCastExpr))
OriginFlow (Dest: 11 (Expr: MaterializeTemporaryExpr), Src: 10 (Expr: ImplicitCastExpr))
OriginFlow (Dest: 0 (Decl: a), Src: 11 (Expr: MaterializeTemporaryExpr))
Use (0 (Decl: a), Read)
OriginFlow (Dest: 12 (Expr: ImplicitCastExpr), Src: 0 (Decl: a))
OriginFlow (Dest: 13 (Expr: CXXConstructExpr), Src: 12 (Expr: ImplicitCastExpr))
Expire (1 (Path: str))
OriginEscapes (13 (Expr: CXXConstructExpr))
End of Block
Block B0:
End of Block
```
The confidence of the report is determined by checking if at least one
of the loans returned is not expired (strict). If all loans are expired
it is considered permissive.
More information [UAR Design
Doc](https://docs.google.com/document/d/1Wxjn_rJD_tuRdejP81dlb9VOckTkCq5-aE1nGcerb_o/edit?usp=sharing)
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list