[clang] [LifetimeSafety] Implement multi-level origins (PR #168344)
via cfe-commits
cfe-commits at lists.llvm.org
Thu Nov 27 03:15:03 PST 2025
================
@@ -155,21 +207,35 @@ void FactsGenerator::VisitUnaryOperator(const UnaryOperator *UO) {
void FactsGenerator::VisitReturnStmt(const ReturnStmt *RS) {
if (const Expr *RetExpr = RS->getRetValue()) {
- if (hasOrigin(RetExpr)) {
- OriginID OID = FactMgr.getOriginMgr().getOrCreate(*RetExpr);
- EscapesInCurrentBlock.push_back(
- FactMgr.createFact<OriginEscapesFact>(OID, RetExpr));
- }
+ if (OriginTree *Tree = getTree(*RetExpr))
+ for (OriginTree *T = Tree; T; T = T->Pointee)
+ EscapesInCurrentBlock.push_back(
+ FactMgr.createFact<OriginEscapesFact>(T->OID, RetExpr));
}
}
void FactsGenerator::VisitBinaryOperator(const BinaryOperator *BO) {
- if (BO->isAssignmentOp())
- handleAssignment(BO->getLHS(), BO->getRHS());
+ if (BO->isCompoundAssignmentOp())
+ return;
+ if (BO->isAssignmentOp()) {
+ const Expr *LHSExpr = BO->getLHS();
+ const Expr *RHSExpr = BO->getRHS();
+
+ if (const auto *DRE_LHS =
+ dyn_cast<DeclRefExpr>(LHSExpr->IgnoreParenImpCasts())) {
+ OriginTree *LHSTree = getTree(*DRE_LHS);
+ OriginTree *RHSTree = getTree(*RHSExpr);
+ // TODO: Handle reference types.
+ markUseAsWrite(DRE_LHS);
+ // Kill the old loans of the destination origin and flow the new loans
+ // from the source origin.
+ flow(LHSTree->Pointee, RHSTree, /*Kill=*/true);
----------------
graphite-app[bot] wrote:
Missing null checks before dereferencing origin trees. Both `LHSTree` and `RHSTree` could be null (if the expressions don't have origins), and `LHSTree->Pointee` could also be null (for depth 1 trees). This will cause null pointer dereferences.
```cpp
OriginTree *LHSTree = getTree(*DRE_LHS);
OriginTree *RHSTree = getTree(*RHSExpr);
if (!LHSTree || !RHSTree || !LHSTree->Pointee)
return; // or continue, depending on control flow
markUseAsWrite(DRE_LHS);
flow(LHSTree->Pointee, RHSTree, /*Kill=*/true);
```
```suggestion
if (const auto *DRE_LHS =
dyn_cast<DeclRefExpr>(LHSExpr->IgnoreParenImpCasts())) {
OriginTree *LHSTree = getTree(*DRE_LHS);
OriginTree *RHSTree = getTree(*RHSExpr);
if (!LHSTree || !RHSTree || !LHSTree->Pointee)
return;
// TODO: Handle reference types.
markUseAsWrite(DRE_LHS);
// Kill the old loans of the destination origin and flow the new loans
// from the source origin.
flow(LHSTree->Pointee, RHSTree, /*Kill=*/true);
```
*Spotted by [Graphite Agent](https://app.graphite.com/diamond/?org=llvm&ref=ai-review-comment)*<i class='graphite__hidden'><br /><br /><a href="https://app.graphite.com/github/pr/llvm/llvm-project/168344?chatWithGeneratedComment=b1c5f64c-1588-48c3-9435-a96d04d39715"><picture><source media="(prefers-color-scheme: dark)" srcset="https://static.graphite.dev/github-diamond-fix-in-graphite-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://static.graphite.dev/github-diamond-fix-in-graphite-light.svg"><img alt="Fix in Graphite" src="https://static.graphite.dev/github-diamond-fix-in-graphite-dark.svg"></picture></a></i><i class='graphite__hidden'><br /><br />Is this helpful? React 👍 or 👎 to let us know.</i>
https://github.com/llvm/llvm-project/pull/168344
More information about the cfe-commits
mailing list