[clang] [LifetimeSafety] Detect use-after-scope through fields in member calls (PR #191731)

[Utkarsh Saxena via cfe-commits]

================
@@ -2531,3 +2531,50 @@ int *noreturn_dead_nested(bool cond, bool cond2, int *num) {
 }
 
 } // namespace conditional_operator_control_flow
+
+namespace method_call_uses_field_origins {
+int GLOBAL_INT;
+std::string GLOBAL_STRING{"123"};
+
+struct S {
+  int* p_;
+  void bar();
+  void foo() {
+    {
+      int num;
+      this->p_ = # // expected-warning {{object whose reference is captured does not live long enough}}
+    }                  // expected-note {{destroyed here}}
+    bar();             // expected-note {{later used here}}
+    this->p_ = &GLOBAL_INT;
+  }
+  void baz() {
+    {
+      int num;
+      this->p_ = #
+    }
+    this->p_ = &GLOBAL_INT;
+    bar();
+  }
+};
+
+struct T {
+  std::string_view v;
+  void bar();
+  void foo() {
+    v = std::string("tmp"); // expected-warning {{object whose reference is captured does not live long enough}} expected-note {{destroyed here}}
+    bar();                  // expected-note {{later used here}}
+  }
+};
+
+// FIXME: False-negative: the analysis tracks `p_`, but not that it belongs to s1.
----------------
usx95 wrote:

>From what it feels to me, the current facts has an escape origin fact for `p_` for this example due to call to the destructor of `s`.

So I expect a false-positive like this:

```cpp
void foo() {
  S s;
  {
    int num;
    s.p_ = # // escapes to a field/dangling field.
  }
}
```

Can you verify if that is the case with the current change ? We need to fix that if so.

https://github.com/llvm/llvm-project/pull/191731