[clang] [LifetimeSafety] Track origins for lifetimebound calls returning record types (PR #187917)
Zhijie Wang via cfe-commits
cfe-commits at lists.llvm.org
Sun Mar 29 15:36:26 PDT 2026
================
@@ -688,9 +707,9 @@ void FactsGenerator::handleFunctionCall(const Expr *Call,
ArgList = getRValueOrigins(Args[I], ArgList);
}
if (isGslOwnerType(Args[I]->getType())) {
- // GSL construction creates a view that borrows from arguments.
- // This implies flowing origins through the list structure.
- flow(CallList, ArgList, KillSrc);
+ CurrentBlockFacts.push_back(FactMgr.createFact<OriginFlowFact>(
----------------
aeft wrote:
Added a test: `owner_to_pointer_via_gsl_construction`
`return_dangling_view_through_owner` goes through `IsArgLifetimeBound` (which internally recognizes `ups.get()` via `shouldTrackImplicitObjectArg`), while `owner_to_pointer_via_gsl_construction` goes through the GSL construction path (`vector` -> `span`). Both warnings come from the Owner's storage being destroyed, not from the lifetimebound chain back to `local`. They both flow the outermost origin. Should we consider this a FIXME, or is the current behavior acceptable?
https://github.com/llvm/llvm-project/pull/187917
More information about the cfe-commits
mailing list