[clang] [LifetimeSafety] Detect use-after-return (PR #165370)
Utkarsh Saxena via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 17 01:42:13 PST 2025
================
@@ -93,6 +93,9 @@ class FactsGenerator : public ConstStmtVisitor<FactsGenerator> {
FactManager &FactMgr;
AnalysisDeclContext &AC;
llvm::SmallVector<Fact *> CurrentBlockFacts;
+ // Collect origins that escape the function in this block (OriginEscapesFact),
+ // appended at the end to ensure they appear after ExpireFact entries.
+ llvm::SmallVector<Fact *> EscapesInCurrentBlock;
----------------
usx95 wrote:
If I understand correctly your concern, I can clarify that this is not related to diagnostics. The diagnostics related information is captured separately in the EscapeOrigin fact.
This is to do with rearranging a set of facts to the end of the block instead of somewhere in the middle. We ideally want these escape origin facts to appear after the expire loan facts (so that these expired loans become live). In practice, automatic destructors are called only after the return value is constructed so in CFG the dtors follow the return statement which makes it hard to model it as a "use-after-free" without pushing the escape (use) after the dtor (free).
https://github.com/llvm/llvm-project/pull/165370
More information about the cfe-commits
mailing list