[clang] 2bd098b - [analyzer] Trigger checkLifetimeEnd callback from CFGLifetimeEnds element
via cfe-commits
cfe-commits at lists.llvm.org
Mon Jun 8 03:22:08 PDT 2026
Author: Arseniy Zaostrovnykh
Date: 2026-06-08T12:22:03+02:00
New Revision: 2bd098b819c19ccca082ebdc7042211bd68cb3b1
URL: https://github.com/llvm/llvm-project/commit/2bd098b819c19ccca082ebdc7042211bd68cb3b1
DIFF: https://github.com/llvm/llvm-project/commit/2bd098b819c19ccca082ebdc7042211bd68cb3b1.diff
LOG: [analyzer] Trigger checkLifetimeEnd callback from CFGLifetimeEnds element
This patch adds handling of the `CFGLifetimeEnd` element to the CSA, and
produces a newly created callback `checkLifetimeEnd` for each occurrence
of it.
It is useful to implement detection of dangling pointers as in:
```
void su_use_after_block () { int* p=0; { int x=1; p=&x; } *p = 2; }
// ^ p dangles
```
This patch does not implement the check itself. it is motivated by the
discussion in
https://discourse.llvm.org/t/what-is-the-status-of-scopeend-and-scopebegin/90861
--
upstreamed part of CPP-4539
---------
Co-authored-by: tomasz-kaminski-sonarsource <tomasz.kaminski at sonarsource.com>
Added:
clang/test/Analysis/lifetime-end-simple-cfg-output.cpp
clang/unittests/StaticAnalyzer/CheckLifetimeEndTest.cpp
Modified:
clang/include/clang/Analysis/CFG.h
clang/include/clang/Analysis/ProgramPoint.h
clang/include/clang/StaticAnalyzer/Core/Checker.h
clang/include/clang/StaticAnalyzer/Core/CheckerManager.h
clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
clang/lib/Analysis/PathDiagnostic.cpp
clang/lib/Analysis/ProgramPoint.cpp
clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
clang/lib/StaticAnalyzer/Core/ExplodedGraph.cpp
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
clang/unittests/StaticAnalyzer/CMakeLists.txt
clang/unittests/StaticAnalyzer/CheckerRegistration.h
Removed:
################################################################################
diff --git a/clang/include/clang/Analysis/CFG.h b/clang/include/clang/Analysis/CFG.h
index 6c214d9ce10e2..2079f99046021 100644
--- a/clang/include/clang/Analysis/CFG.h
+++ b/clang/include/clang/Analysis/CFG.h
@@ -57,12 +57,15 @@ class CFGElement {
enum Kind {
// main kind
Initializer,
- ScopeBegin,
- ScopeEnd,
NewAllocator,
- LifetimeEnds,
LoopExit,
FullExprCleanup,
+ // scope marker kind
+ ScopeBegin,
+ ScopeEnd,
+ LifetimeEnds,
+ SCOPE_BEGIN = ScopeBegin,
+ SCOPE_END = LifetimeEnds,
// stmt kind
Statement,
Constructor,
@@ -290,18 +293,38 @@ class CFGLoopExit : public CFGElement {
}
};
-/// Represents the point where the lifetime of an automatic object ends
-class CFGLifetimeEnds : public CFGElement {
+/// Base class for representing elements related to the lifetime of automatic
+/// objects.
+class CFGScopeMarker : public CFGElement {
public:
- explicit CFGLifetimeEnds(const VarDecl *var, const Stmt *stmt)
- : CFGElement(LifetimeEnds, var, stmt) {}
+ LLVM_ATTRIBUTE_RETURNS_NONNULL const Stmt *getTriggerStmt() const {
+ return static_cast<const Stmt *>(Data1.getPointer());
+ }
- const VarDecl *getVarDecl() const {
- return static_cast<const VarDecl *>(Data1.getPointer());
+private:
+ friend class CFGElement;
+
+ static bool isKind(const CFGElement &E) {
+ return E.getKind() >= SCOPE_BEGIN && E.getKind() <= SCOPE_END;
}
- const Stmt *getTriggerStmt() const {
- return static_cast<const Stmt *>(Data2.getPointer());
+protected:
+ CFGScopeMarker() = default;
+
+ explicit CFGScopeMarker(Kind K, const Stmt *S, const void *Ptr2 = nullptr)
+ : CFGElement(K, S, Ptr2) {
+ assert(isKind(*this));
+ }
+};
+
+/// Represents the point where the lifetime of an automatic object ends
+class CFGLifetimeEnds : public CFGScopeMarker {
+public:
+ explicit CFGLifetimeEnds(const VarDecl *Var, const Stmt *Stmt)
+ : CFGScopeMarker(LifetimeEnds, Stmt, Var) {}
+
+ const VarDecl *getVarDecl() const {
+ return static_cast<const VarDecl *>(Data2.getPointer());
}
private:
@@ -349,50 +372,40 @@ class CFGFullExprCleanup : public CFGElement {
/// Represents beginning of a scope implicitly generated
/// by the compiler on encountering a CompoundStmt
-class CFGScopeBegin : public CFGElement {
+class CFGScopeBegin : public CFGScopeMarker {
public:
CFGScopeBegin() {}
CFGScopeBegin(const VarDecl *VD, const Stmt *S)
- : CFGElement(ScopeBegin, VD, S) {}
-
- // Get statement that triggered a new scope.
- const Stmt *getTriggerStmt() const {
- return static_cast<const Stmt *>(Data2.getPointer());
- }
+ : CFGScopeMarker(ScopeBegin, S, VD) {}
// Get VD that triggered a new scope.
const VarDecl *getVarDecl() const {
- return static_cast<const VarDecl *>(Data1.getPointer());
+ return static_cast<const VarDecl *>(Data2.getPointer());
}
private:
friend class CFGElement;
- static bool isKind(const CFGElement &E) {
- Kind kind = E.getKind();
- return kind == ScopeBegin;
+ static bool isKind(const CFGElement &Elem) {
+ return Elem.getKind() == ScopeBegin;
}
};
/// Represents end of a scope implicitly generated by
/// the compiler after the last Stmt in a CompoundStmt's body
-class CFGScopeEnd : public CFGElement {
+class CFGScopeEnd : public CFGScopeMarker {
public:
CFGScopeEnd() {}
- CFGScopeEnd(const VarDecl *VD, const Stmt *S) : CFGElement(ScopeEnd, VD, S) {}
+ CFGScopeEnd(const VarDecl *VD, const Stmt *S)
+ : CFGScopeMarker(ScopeEnd, S, VD) {}
const VarDecl *getVarDecl() const {
- return static_cast<const VarDecl *>(Data1.getPointer());
- }
-
- const Stmt *getTriggerStmt() const {
- return static_cast<const Stmt *>(Data2.getPointer());
+ return static_cast<const VarDecl *>(Data2.getPointer());
}
private:
friend class CFGElement;
- static bool isKind(const CFGElement &E) {
- Kind kind = E.getKind();
- return kind == ScopeEnd;
+ static bool isKind(const CFGElement &elem) {
+ return elem.getKind() == ScopeEnd;
}
};
diff --git a/clang/include/clang/Analysis/ProgramPoint.h b/clang/include/clang/Analysis/ProgramPoint.h
index c098160c68b56..02eb3992e07c4 100644
--- a/clang/include/clang/Analysis/ProgramPoint.h
+++ b/clang/include/clang/Analysis/ProgramPoint.h
@@ -59,33 +59,36 @@ class SimpleProgramPointTag : public ProgramPointTag {
class ProgramPoint {
public:
- enum Kind { BlockEdgeKind,
- BlockEntranceKind,
- BlockExitKind,
- PreStmtKind,
- PreStmtPurgeDeadSymbolsKind,
- PostStmtPurgeDeadSymbolsKind,
- PostStmtKind,
- PreLoadKind,
- PostLoadKind,
- PreStoreKind,
- PostStoreKind,
- PostConditionKind,
- PostLValueKind,
- PostAllocatorCallKind,
- MinPostStmtKind = PostStmtKind,
- MaxPostStmtKind = PostAllocatorCallKind,
- PostInitializerKind,
- CallEnterKind,
- CallExitBeginKind,
- CallExitEndKind,
- FunctionExitKind,
- PreImplicitCallKind,
- PostImplicitCallKind,
- MinImplicitCallKind = PreImplicitCallKind,
- MaxImplicitCallKind = PostImplicitCallKind,
- LoopExitKind,
- EpsilonKind};
+ enum Kind {
+ BlockEdgeKind,
+ BlockEntranceKind,
+ BlockExitKind,
+ PreStmtKind,
+ PreStmtPurgeDeadSymbolsKind,
+ PostStmtPurgeDeadSymbolsKind,
+ PostStmtKind,
+ PreLoadKind,
+ PostLoadKind,
+ PreStoreKind,
+ PostStoreKind,
+ PostConditionKind,
+ PostLValueKind,
+ PostAllocatorCallKind,
+ MinPostStmtKind = PostStmtKind,
+ MaxPostStmtKind = PostAllocatorCallKind,
+ PostInitializerKind,
+ CallEnterKind,
+ CallExitBeginKind,
+ CallExitEndKind,
+ FunctionExitKind,
+ PreImplicitCallKind,
+ PostImplicitCallKind,
+ MinImplicitCallKind = PreImplicitCallKind,
+ MaxImplicitCallKind = PostImplicitCallKind,
+ LoopExitKind,
+ LifetimeEndKind,
+ EpsilonKind
+ };
static StringRef getProgramPointKindName(Kind K);
std::optional<SourceLocation> getSourceLocation() const;
@@ -725,6 +728,29 @@ class LoopExit : public ProgramPoint {
}
};
+/// Represents a point when the lifetime of an automatic object ends.
+class LifetimeEnd : public ProgramPoint {
+public:
+ LifetimeEnd(const Stmt *S, const VarDecl *D, const StackFrame *SF)
+ : ProgramPoint(S, D, LifetimeEndKind, SF) {}
+
+ LLVM_ATTRIBUTE_RETURNS_NONNULL const Stmt *getTriggerStmt() const {
+ return static_cast<const Stmt *>(getData1());
+ }
+
+ /// Returns the variable declaration whose lifetime has ended.
+ LLVM_ATTRIBUTE_RETURNS_NONNULL const VarDecl *getDecl() const {
+ return static_cast<const VarDecl *>(getData2());
+ }
+
+private:
+ friend class ProgramPoint;
+ LifetimeEnd() = default;
+ static bool isKind(const ProgramPoint &Location) {
+ return Location.getKind() == LifetimeEndKind;
+ }
+};
+
/// This is a meta program point, which should be skipped by all the diagnostic
/// reasoning etc.
class EpsilonPoint : public ProgramPoint {
diff --git a/clang/include/clang/StaticAnalyzer/Core/Checker.h b/clang/include/clang/StaticAnalyzer/Core/Checker.h
index ab38a05bfd79d..249d9c512f7a9 100644
--- a/clang/include/clang/StaticAnalyzer/Core/Checker.h
+++ b/clang/include/clang/StaticAnalyzer/Core/Checker.h
@@ -206,6 +206,21 @@ class Location {
}
};
+class LifetimeEnd {
+ template <typename CHECKER>
+ static void _checkLifetimeEnd(void *checker, const VarDecl *D,
+ CheckerContext &C) {
+ ((const CHECKER *)checker)->checkLifetimeEnd(D, C);
+ }
+
+public:
+ template <typename CHECKER>
+ static void _register(CHECKER *checker, CheckerManager &mgr) {
+ mgr._registerForLifetimeEnd(CheckerManager::CheckLifetimeEndFunc(
+ checker, _checkLifetimeEnd<CHECKER>));
+ }
+};
+
class Bind {
template <typename CHECKER>
static void _checkBind(void *checker, SVal location, SVal val, const Stmt *S,
diff --git a/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h b/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h
index 9d352960c1db7..3311774f069ea 100644
--- a/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h
+++ b/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h
@@ -330,6 +330,11 @@ class CheckerManager {
const CallEvent &Call, ExprEngine &Eng,
bool wasInlined = false);
+ /// Run checkers for the end of a variable's lifetime.
+ void runCheckersForLifetimeEnd(ExplodedNodeSet &Dst,
+ const ExplodedNodeSet &Src,
+ const VarDecl *Decl, ExprEngine &Eng);
+
/// Run checkers for load/store of a location.
void runCheckersForLocation(ExplodedNodeSet &Dst,
const ExplodedNodeSet &Src,
@@ -493,6 +498,9 @@ class CheckerManager {
using CheckCallFunc =
CheckerFn<void (const CallEvent &, CheckerContext &)>;
+ using CheckLifetimeEndFunc =
+ CheckerFn<void(const VarDecl *, CheckerContext &)>;
+
using CheckLocationFunc = CheckerFn<void(SVal location, bool isLoad,
const Stmt *S, CheckerContext &)>;
@@ -557,6 +565,8 @@ class CheckerManager {
void _registerForPreCall(CheckCallFunc checkfn);
void _registerForPostCall(CheckCallFunc checkfn);
+ void _registerForLifetimeEnd(CheckLifetimeEndFunc checkfn);
+
void _registerForLocation(CheckLocationFunc checkfn);
void _registerForBind(CheckBindFunc checkfn);
@@ -665,6 +675,8 @@ class CheckerManager {
std::vector<CheckCallFunc> PreCallCheckers;
std::vector<CheckCallFunc> PostCallCheckers;
+ std::vector<CheckLifetimeEndFunc> LifetimeEndCheckers;
+
std::vector<CheckLocationFunc> LocationCheckers;
std::vector<CheckBindFunc> BindCheckers;
diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
index e4ddabbe9c927..bb2de45cec92a 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
@@ -368,6 +368,7 @@ class ExprEngine {
void ProcessStmt(const Stmt *S, ExplodedNode *Pred);
void ProcessLoopExit(const Stmt* S, ExplodedNode *Pred);
+ void ProcessLifetimeEnd(const Stmt *S, const VarDecl *D, ExplodedNode *Pred);
void ProcessInitializer(const CFGInitializer I, ExplodedNode *Pred);
diff --git a/clang/lib/Analysis/PathDiagnostic.cpp b/clang/lib/Analysis/PathDiagnostic.cpp
index 24fed40a93ed1..a95ef4582be99 100644
--- a/clang/lib/Analysis/PathDiagnostic.cpp
+++ b/clang/lib/Analysis/PathDiagnostic.cpp
@@ -720,6 +720,9 @@ PathDiagnosticLocation::create(const ProgramPoint& P,
} else if (std::optional<FunctionExitPoint> FE =
P.getAs<FunctionExitPoint>()) {
return PathDiagnosticLocation(FE->getStmt(), SMng, FE->getStackFrame());
+ } else if (std::optional<LifetimeEnd> LE = P.getAs<LifetimeEnd>()) {
+ return PathDiagnosticLocation::createEnd(LE->getTriggerStmt(), SMng,
+ LE->getStackFrame());
} else {
llvm_unreachable("Unexpected ProgramPoint");
}
diff --git a/clang/lib/Analysis/ProgramPoint.cpp b/clang/lib/Analysis/ProgramPoint.cpp
index 11c8c8242eb19..bca2581d923b6 100644
--- a/clang/lib/Analysis/ProgramPoint.cpp
+++ b/clang/lib/Analysis/ProgramPoint.cpp
@@ -95,6 +95,8 @@ StringRef ProgramPoint::getProgramPointKindName(Kind K) {
return "PostImplicitCall";
case LoopExitKind:
return "LoopExit";
+ case LifetimeEndKind:
+ return "LifetimeEnd";
case EpsilonKind:
return "Epsilon";
}
@@ -158,6 +160,10 @@ std::optional<SourceLocation> ProgramPoint::getSourceLocation() const {
if (const Stmt *S = castAs<LoopExit>().getLoopStmt())
return S->getBeginLoc();
return std::nullopt;
+ case LifetimeEndKind:
+ if (const Stmt *S = castAs<LifetimeEnd>().getTriggerStmt())
+ return S->getBeginLoc();
+ return std::nullopt;
case EpsilonKind:
return std::nullopt;
}
@@ -217,6 +223,11 @@ void ProgramPoint::printJson(llvm::raw_ostream &Out, const char *NL) const {
<< castAs<LoopExit>().getLoopStmt()->getStmtClassName() << '\"';
break;
+ case ProgramPoint::LifetimeEndKind:
+ Out << "LifetimeEnd\", \"var\": \""
+ << castAs<LifetimeEnd>().getDecl()->getNameAsString() << '\"';
+ break;
+
case ProgramPoint::PreImplicitCallKind: {
ImplicitCallPoint PC = castAs<ImplicitCallPoint>();
Out << "PreCall\", \"decl\": \""
diff --git a/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp b/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
index 35603e333bf17..80c03899d1e39 100644
--- a/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
+++ b/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
@@ -35,17 +35,18 @@ using namespace clang;
using namespace ento;
bool CheckerManager::hasPathSensitiveCheckers() const {
- const auto IfAnyAreNonEmpty = [](const auto &... Callbacks) -> bool {
+ const auto IfAnyAreNonEmpty = [](const auto &...Callbacks) -> bool {
return (!Callbacks.empty() || ...);
};
return IfAnyAreNonEmpty(
StmtCheckers, PreObjCMessageCheckers, ObjCMessageNilCheckers,
PostObjCMessageCheckers, PreCallCheckers, PostCallCheckers,
- LocationCheckers, BindCheckers, BlockEntranceCheckers,
- EndAnalysisCheckers, BeginFunctionCheckers, EndFunctionCheckers,
- BranchConditionCheckers, NewAllocatorCheckers, LiveSymbolsCheckers,
- DeadSymbolsCheckers, RegionChangesCheckers, PointerEscapeCheckers,
- EvalAssumeCheckers, EvalCallCheckers, EndOfTranslationUnitCheckers);
+ LifetimeEndCheckers, LocationCheckers, BindCheckers,
+ BlockEntranceCheckers, EndAnalysisCheckers, BeginFunctionCheckers,
+ EndFunctionCheckers, BranchConditionCheckers, NewAllocatorCheckers,
+ LiveSymbolsCheckers, DeadSymbolsCheckers, RegionChangesCheckers,
+ PointerEscapeCheckers, EvalAssumeCheckers, EvalCallCheckers,
+ EndOfTranslationUnitCheckers);
}
void CheckerManager::reportInvalidCheckerOptionValue(
@@ -311,6 +312,43 @@ void CheckerManager::runCheckersForCallEvent(bool isPreVisit,
expandGraphWithCheckers(C, Dst, Src);
}
+namespace {
+
+struct CheckLifetimeEndContext {
+ using CheckersTy = std::vector<CheckerManager::CheckLifetimeEndFunc>;
+
+ const CheckersTy &Checkers;
+ const VarDecl *Decl;
+ ExprEngine &Eng;
+
+ CheckLifetimeEndContext(const CheckersTy &checkers, const VarDecl *decl,
+ ExprEngine &eng)
+ : Checkers(checkers), Decl(decl), Eng(eng) {}
+
+ CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
+ CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
+
+ void runChecker(CheckerManager::CheckLifetimeEndFunc checkFn,
+ NodeBuilder &Bldr, ExplodedNode *Pred) {
+ assert(Pred->getLocation().getAs<LifetimeEnd>().has_value());
+ const ProgramPoint L = Pred->getLocation().withTag(checkFn.Checker);
+ CheckerContext C(Bldr, Eng, Pred, L);
+ checkFn(Decl, C);
+ }
+};
+
+} // namespace
+
+/// Run checkers for end of variable lifetime
+void CheckerManager::runCheckersForLifetimeEnd(ExplodedNodeSet &Dst,
+ const ExplodedNodeSet &Src,
+ const VarDecl *Decl,
+ ExprEngine &Eng) {
+ llvm::TimeTraceScope TimeScope("CheckerManager::runCheckersForLifetimeEnd");
+ CheckLifetimeEndContext C(LifetimeEndCheckers, Decl, Eng);
+ expandGraphWithCheckers(C, Dst, Src);
+}
+
namespace {
struct CheckLocationContext {
@@ -903,6 +941,10 @@ void CheckerManager::_registerForPostCall(CheckCallFunc checkfn) {
PostCallCheckers.push_back(checkfn);
}
+void CheckerManager::_registerForLifetimeEnd(CheckLifetimeEndFunc checkfn) {
+ LifetimeEndCheckers.push_back(checkfn);
+}
+
void CheckerManager::_registerForLocation(CheckLocationFunc checkfn) {
LocationCheckers.push_back(checkfn);
}
diff --git a/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp b/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
index 2a64e340ed214..b38dfdfa6f2c4 100644
--- a/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
+++ b/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
@@ -254,11 +254,9 @@ void CoreEngine::dispatchWorkItem(ExplodedNode *Pred, ProgramPoint Loc,
break;
}
default:
- assert(Loc.getAs<PostStmt>() ||
- Loc.getAs<PostInitializer>() ||
- Loc.getAs<PostImplicitCall>() ||
- Loc.getAs<CallExitEnd>() ||
- Loc.getAs<LoopExit>() ||
+ assert(Loc.getAs<PostStmt>() || Loc.getAs<PostInitializer>() ||
+ Loc.getAs<PostImplicitCall>() || Loc.getAs<CallExitEnd>() ||
+ Loc.getAs<LoopExit>() || Loc.getAs<LifetimeEnd>() ||
Loc.getAs<PostAllocatorCall>());
HandlePostStmt(WU.getBlock(), WU.getIndex(), Pred);
break;
@@ -306,6 +304,9 @@ void CoreEngine::HandleBlockEdge(const BlockEdge &L, ExplodedNode *Pred) {
} else if (std::optional<CFGAutomaticObjDtor> AutoDtor =
LastElement.getAs<CFGAutomaticObjDtor>()) {
RS = dyn_cast<ReturnStmt>(AutoDtor->getTriggerStmt());
+ } else if (std::optional<CFGScopeMarker> ScopeMarker =
+ LastElement.getAs<CFGScopeMarker>()) {
+ RS = dyn_cast<ReturnStmt>(ScopeMarker->getTriggerStmt());
}
}
@@ -591,9 +592,10 @@ void CoreEngine::enqueueStmtNode(ExplodedNode *N,
// Do not create extra nodes. Move to the next CFG element.
if (N->getLocation().getAs<PostInitializer>() ||
- N->getLocation().getAs<PostImplicitCall>()||
- N->getLocation().getAs<LoopExit>()) {
- WList->enqueue(N, Block, Idx+1);
+ N->getLocation().getAs<PostImplicitCall>() ||
+ N->getLocation().getAs<LoopExit>() ||
+ N->getLocation().getAs<LifetimeEnd>()) {
+ WList->enqueue(N, Block, Idx + 1);
return;
}
diff --git a/clang/lib/StaticAnalyzer/Core/ExplodedGraph.cpp b/clang/lib/StaticAnalyzer/Core/ExplodedGraph.cpp
index 5b978cc540059..454eff97511b1 100644
--- a/clang/lib/StaticAnalyzer/Core/ExplodedGraph.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExplodedGraph.cpp
@@ -337,6 +337,8 @@ const Stmt *ExplodedNode::getStmtForDiagnostics() const {
return CEB->getReturnStmt();
if (auto FEP = P.getAs<FunctionExitPoint>())
return FEP->getStmt();
+ if (auto LE = P.getAs<LifetimeEnd>())
+ return LE->getTriggerStmt();
return nullptr;
}
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
index 34ca88705cba6..32da5e097c76e 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -977,6 +977,9 @@ void ExprEngine::processCFGElement(const CFGElement E, ExplodedNode *Pred,
ProcessLoopExit(E.castAs<CFGLoopExit>().getLoopStmt(), Pred);
return;
case CFGElement::LifetimeEnds:
+ ProcessLifetimeEnd(E.castAs<CFGLifetimeEnds>().getTriggerStmt(),
+ E.castAs<CFGLifetimeEnds>().getVarDecl(), Pred);
+ return;
case CFGElement::CleanupFunction:
case CFGElement::FullExprCleanup:
case CFGElement::ScopeBegin:
@@ -1140,6 +1143,21 @@ void ExprEngine::ProcessLoopExit(const Stmt* S, ExplodedNode *Pred) {
Engine.enqueueStmtNode(N, getCurrBlock(), currStmtIdx);
}
+void ExprEngine::ProcessLifetimeEnd(const Stmt *S, const VarDecl *D,
+ ExplodedNode *Pred) {
+ PrettyStackTraceLoc CrashInfo(getContext().getSourceManager(),
+ S->getBeginLoc(),
+ "Error evaluating end of a lifetime");
+ ExplodedNodeSet Src;
+ NodeBuilder Bldr(Pred, Src, *currBldrCtx);
+ LifetimeEnd PP(S, D, Pred->getStackFrame());
+ Bldr.generateNode(PP, Pred->getState(), Pred);
+
+ ExplodedNodeSet Dst;
+ getCheckerManager().runCheckersForLifetimeEnd(Dst, Src, D, *this);
+ Engine.enqueueStmtNodes(Dst, currBldrCtx->getBlock(), currStmtIdx);
+}
+
void ExprEngine::ProcessInitializer(const CFGInitializer CFGInit,
ExplodedNode *Pred) {
const CXXCtorInitializer *BMI = CFGInit.getInitializer();
diff --git a/clang/test/Analysis/lifetime-end-simple-cfg-output.cpp b/clang/test/Analysis/lifetime-end-simple-cfg-output.cpp
new file mode 100644
index 0000000000000..198dae4cbb461
--- /dev/null
+++ b/clang/test/Analysis/lifetime-end-simple-cfg-output.cpp
@@ -0,0 +1,182 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=debug.DumpCFG -analyzer-config cfg-lifetime=true,cfg-scopes=true %s > %t 2>&1
+// RUN: FileCheck --input-file=%t %s
+
+// Tests for lifetime-end CFG nodes.
+
+void test_simple_variable() {
+ int i = 0;
+}
+// CHECK: void test_simple_variable()
+// CHECK-NEXT: [B2 (ENTRY)]
+// CHECK-NEXT: Succs (1): B1
+// CHECK-EMPTY:
+// CHECK-NEXT: [B1]
+// CHECK-NEXT: 1: CFGScopeBegin(i)
+// CHECK-NEXT: 2: 0
+// CHECK-NEXT: 3: int i = 0;
+// CHECK-NEXT: 4: [B1.3] (Lifetime ends)
+// CHECK-NEXT: 5: CFGScopeEnd(i)
+// CHECK-NEXT: Preds (1): B2
+// CHECK-NEXT: Succs (1): B0
+// CHECK-EMPTY:
+// CHECK-NEXT: [B0 (EXIT)]
+// CHECK-NEXT: Preds (1): B1
+// CHECK-EMPTY:
+// CHECK-NEXT: ~A() noexcept
+// CHECK-NEXT: [B1 (ENTRY)]
+// CHECK-NEXT: Succs (1): B0
+// CHECK-EMPTY:
+// CHECK-NEXT: [B0 (EXIT)]
+// CHECK-NEXT: Preds (1): B1
+// CHECK-EMPTY:
+
+struct A {
+ ~A() {}
+};
+void test_nontrivial_dtor() {
+ A a;
+}
+// CHECK-NEXT: void test_nontrivial_dtor()
+// CHECK-NEXT: [B2 (ENTRY)]
+// CHECK-NEXT: Succs (1): B1
+// CHECK-EMPTY:
+// CHECK-NEXT: [B1]
+// CHECK-NEXT: 1: CFGScopeBegin(a)
+// CHECK-NEXT: 2: (CXXConstructExpr, [B1.3], A)
+// CHECK-NEXT: 3: A a;
+// CHECK-NEXT: 4: [B1.3].~A() (Implicit destructor)
+// CHECK-NEXT: 5: [B1.3] (Lifetime ends)
+// CHECK-NEXT: 6: CFGScopeEnd(a)
+// CHECK-NEXT: Preds (1): B2
+// CHECK-NEXT: Succs (1): B0
+// CHECK-EMPTY:
+// CHECK-NEXT: [B0 (EXIT)]
+// CHECK-NEXT: Preds (1): B1
+// CHECK-EMPTY:
+
+void test_multiple_variables_nested_scopes() {
+ int a = 0;
+ int b = 0;
+ {
+ int c = 0, d = 0;
+ }
+}
+// CHECK-NEXT: void test_multiple_variables_nested_scopes()
+// CHECK-NEXT: [B2 (ENTRY)]
+// CHECK-NEXT: Succs (1): B1
+// CHECK-EMPTY:
+// CHECK-NEXT: [B1]
+// CHECK-NEXT: 1: CFGScopeBegin(a)
+// CHECK-NEXT: 2: 0
+// CHECK-NEXT: 3: int a = 0;
+// CHECK-NEXT: 4: 0
+// CHECK-NEXT: 5: int b = 0;
+// CHECK-NEXT: 6: CFGScopeBegin(c)
+// CHECK-NEXT: 7: 0
+// CHECK-NEXT: 8: int c = 0;
+// CHECK-NEXT: 9: 0
+// CHECK-NEXT: 10: int d = 0;
+// CHECK-NEXT: 11: [B1.10] (Lifetime ends)
+// CHECK-NEXT: 12: [B1.8] (Lifetime ends)
+// CHECK-NEXT: 13: CFGScopeEnd(c)
+// CHECK-NEXT: 14: [B1.5] (Lifetime ends)
+// CHECK-NEXT: 15: [B1.3] (Lifetime ends)
+// CHECK-NEXT: 16: CFGScopeEnd(a)
+// CHECK-NEXT: Preds (1): B2
+// CHECK-NEXT: Succs (1): B0
+// CHECK-EMPTY:
+// CHECK-NEXT: [B0 (EXIT)]
+// CHECK-NEXT: Preds (1): B1
+// CHECK-EMPTY:
+
+void test_local_static() {
+ static int i = 0;
+ int j = 0;
+}
+// CHECK-NEXT: void test_local_static()
+// CHECK-NEXT: [B4 (ENTRY)]
+// CHECK-NEXT: Succs (1): B3
+// CHECK-EMPTY:
+// CHECK-NEXT: [B1]
+// CHECK-NEXT: 1: CFGScopeBegin(j)
+// CHECK-NEXT: 2: 0
+// CHECK-NEXT: 3: int j = 0;
+// CHECK-NEXT: 4: [B1.3] (Lifetime ends)
+// CHECK-NEXT: 5: CFGScopeEnd(j)
+// CHECK-NEXT: Preds (2): B2 B3
+// CHECK-NEXT: Succs (1): B0
+// CHECK-EMPTY:
+// CHECK-NEXT: [B2]
+// CHECK-NEXT: 1: 0
+// CHECK-NEXT: 2: static int i = 0;
+// CHECK-NEXT: Preds (1): B3
+// CHECK-NEXT: Succs (1): B1
+// CHECK-EMPTY:
+// CHECK-NEXT: [B3]
+// CHECK-NEXT: T: static init i
+// CHECK-NEXT: Preds (1): B4
+// CHECK-NEXT: Succs (2): B1 B2
+// CHECK-EMPTY:
+// CHECK-NEXT: [B0 (EXIT)]
+// CHECK-NEXT: Preds (1): B1
+// CHECK-EMPTY:
+
+void test_loop_body() {
+ while (true) {
+ int i = 0;
+ break;
+ }
+}
+// CHECK-NEXT: void test_loop_body()
+// CHECK-NEXT: [B5 (ENTRY)]
+// CHECK-NEXT: Succs (1): B4
+// CHECK-EMPTY:
+// CHECK-NEXT: [B1]
+// CHECK-NEXT: Preds (1): B2
+// CHECK-NEXT: Succs (1): B4
+// CHECK-EMPTY:
+// CHECK-NEXT: [B2]
+// CHECK-NEXT: 1: [B3.3] (Lifetime ends)
+// CHECK-NEXT: 2: CFGScopeEnd(i)
+// CHECK-NEXT: Succs (1): B1
+// CHECK-EMPTY:
+// CHECK-NEXT: [B3]
+// CHECK-NEXT: 1: CFGScopeBegin(i)
+// CHECK-NEXT: 2: 0
+// CHECK-NEXT: 3: int i = 0;
+// CHECK-NEXT: 4: [B3.3] (Lifetime ends)
+// CHECK-NEXT: 5: CFGScopeEnd(i)
+// CHECK-NEXT: T: break;
+// CHECK-NEXT: Preds (1): B4
+// CHECK-NEXT: Succs (1): B0
+// CHECK-EMPTY:
+// CHECK-NEXT: [B4]
+// CHECK-NEXT: 1: true
+// CHECK-NEXT: T: while [B4.1]
+// CHECK-NEXT: Preds (2): B1 B5
+// CHECK-NEXT: Succs (2): B3 NULL
+// CHECK-EMPTY:
+// CHECK-NEXT: [B0 (EXIT)]
+// CHECK-NEXT: Preds (1): B3
+// CHECK-EMPTY:
+
+void test_lifetime_extended_temporary() {
+ const int &r = 42;
+}
+// CHECK-NEXT: void test_lifetime_extended_temporary()
+// CHECK-NEXT: [B2 (ENTRY)]
+// CHECK-NEXT: Succs (1): B1
+// CHECK-EMPTY:
+// CHECK-NEXT: [B1]
+// CHECK-NEXT: 1: CFGScopeBegin(r)
+// CHECK-NEXT: 2: 42
+// CHECK-NEXT: 3: [B1.2] (ImplicitCastExpr, NoOp, const int)
+// CHECK-NEXT: 4: [B1.3]
+// CHECK-NEXT: 5: const int &r = 42;
+// CHECK-NEXT: 6: [B1.5] (Lifetime ends)
+// CHECK-NEXT: 7: CFGScopeEnd(r)
+// CHECK-NEXT: Preds (1): B2
+// CHECK-NEXT: Succs (1): B0
+// CHECK-EMPTY:
+// CHECK-NEXT: [B0 (EXIT)]
+// CHECK-NEXT: Preds (1): B1
diff --git a/clang/unittests/StaticAnalyzer/CMakeLists.txt b/clang/unittests/StaticAnalyzer/CMakeLists.txt
index ed16a1372bea2..943850e49b0b5 100644
--- a/clang/unittests/StaticAnalyzer/CMakeLists.txt
+++ b/clang/unittests/StaticAnalyzer/CMakeLists.txt
@@ -6,6 +6,7 @@ add_clang_unittest(StaticAnalysisTests
BugReportInterestingnessTest.cpp
CallDescriptionTest.cpp
CallEventTest.cpp
+ CheckLifetimeEndTest.cpp
ConflictingEvalCallsTest.cpp
ExprEngineVisitTest.cpp
FalsePositiveRefutationBRVisitorTest.cpp
diff --git a/clang/unittests/StaticAnalyzer/CheckLifetimeEndTest.cpp b/clang/unittests/StaticAnalyzer/CheckLifetimeEndTest.cpp
new file mode 100644
index 0000000000000..03185f63b5fc8
--- /dev/null
+++ b/clang/unittests/StaticAnalyzer/CheckLifetimeEndTest.cpp
@@ -0,0 +1,209 @@
+//===- unittests/StaticAnalyzer/CheckLifetimeEndTest.cpp ------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "CheckerRegistration.h"
+#include "Reusables.h"
+#include "clang/Frontend/CompilerInstance.h"
+#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
+#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
+#include "clang/StaticAnalyzer/Core/Checker.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
+#include "clang/StaticAnalyzer/Frontend/AnalysisConsumer.h"
+#include "clang/StaticAnalyzer/Frontend/CheckerRegistry.h"
+#include "llvm/Config/llvm-config.h"
+#include "llvm/Support/FormatVariadic.h"
+#include "gtest/gtest.h"
+
+using namespace clang;
+using namespace ento;
+
+REGISTER_TRAIT_WITH_PROGRAMSTATE(TestLifetimeEndReportCountTrait, unsigned)
+
+namespace {
+
+class LifetimeEndReporter : public Checker<check::LifetimeEnd> {
+ const BugType LifetimeEndNode{this, "LifetimeEndReporter"};
+
+public:
+ void checkLifetimeEnd(const VarDecl *D, CheckerContext &C) const {
+ ProgramStateRef State = C.getState();
+ // Intentionally add a unique number to each report to avoid deduplication.
+ unsigned Count = State->get<TestLifetimeEndReportCountTrait>();
+ State = State->set<TestLifetimeEndReportCountTrait>(Count + 1);
+ auto Description = llvm::formatv("{0} LIFETIME END {1}",
+ D->getDeclName().getAsString(), Count);
+
+ ExplodedNode *Node = C.generateNonFatalErrorNode(State);
+ EXPECT_TRUE(Node != nullptr);
+
+ auto Report = std::make_unique<PathSensitiveBugReport>(
+ LifetimeEndNode, Description.str(), Node);
+ C.emitReport(std::move(Report));
+ }
+};
+
+void addLifetimeEndReporter(AnalysisASTConsumer &AnalysisConsumer,
+ AnalyzerOptions &AnOpts) {
+ AnOpts.CheckersAndPackages = {
+ {"test.LifetimeEndReporter", true},
+ };
+ AnalysisConsumer.AddCheckerRegistrationFn([](CheckerRegistry &Registry) {
+ Registry.addChecker<LifetimeEndReporter>(
+ "test.LifetimeEndReporter", "EmptyDescription", "EmptyDocsUri");
+ });
+}
+
+const std::vector<std::string> DisableLifetimeArgs{
+ "-Xclang", "-analyzer-config", "-Xclang", "cfg-lifetime=false"};
+const std::vector<std::string> EnableLifetimeArgs{
+ "-Xclang", "-analyzer-config", "-Xclang", "cfg-lifetime=true"};
+
+TEST(CheckLifetimeEnd, CFGLifetimeEnabled) {
+ constexpr auto Code = R"(
+void foo() {
+ int i = 0;
+}
+ )";
+
+ std::string Diags;
+ EXPECT_TRUE(runCheckerOnCodeWithArgs<addLifetimeEndReporter>(
+ Code, EnableLifetimeArgs, Diags, /*OnlyEmitWarnings=*/true));
+ EXPECT_EQ(Diags, "test.LifetimeEndReporter: i LIFETIME END 0\n");
+}
+
+TEST(CheckLifetimeEnd, CFGLifetimeDisabled) {
+ constexpr auto Code = R"(
+void foo() {
+ int i = 0;
+}
+ )";
+
+ std::string Diags;
+ EXPECT_TRUE(runCheckerOnCodeWithArgs<addLifetimeEndReporter>(
+ Code, DisableLifetimeArgs, Diags, /*OnlyEmitWarnings=*/true));
+ EXPECT_TRUE(Diags.empty());
+}
+
+TEST(CheckLifetimeEnd, NonTrivialDtor) {
+ constexpr auto Code = R"(
+ struct A {
+ ~A() {}
+ };
+ void foo() {
+ A a;
+ }
+ )";
+ std::string Diags;
+ EXPECT_TRUE(runCheckerOnCodeWithArgs<addLifetimeEndReporter>(
+ Code, EnableLifetimeArgs, Diags, /*OnlyEmitWarnings=*/true));
+ EXPECT_EQ(Diags, "test.LifetimeEndReporter: a LIFETIME END 0\n");
+}
+
+TEST(CheckLifetimeEnd, MultipleVariablesAndNestedScopes) {
+ constexpr auto Code = R"(
+void foo() {
+ int a = 0;
+ int b = 0;
+ {
+ int c = 0, d = 0;
+ }
+}
+ )";
+
+ std::string Diags;
+ EXPECT_TRUE(runCheckerOnCodeWithArgs<addLifetimeEndReporter>(
+ Code, EnableLifetimeArgs, Diags, /*OnlyEmitWarnings=*/true));
+ EXPECT_EQ(Diags, "test.LifetimeEndReporter: a LIFETIME END 3\n"
+ "test.LifetimeEndReporter: b LIFETIME END 2\n"
+ "test.LifetimeEndReporter: c LIFETIME END 1\n"
+ "test.LifetimeEndReporter: d LIFETIME END 0\n");
+}
+
+TEST(CheckLifetimeEnd, LocalStaticVariable) {
+ constexpr auto Code = R"(
+void foo() {
+ static int i = 0;
+ int j = 0;
+}
+ )";
+
+ std::string Diags;
+ EXPECT_TRUE(runCheckerOnCodeWithArgs<addLifetimeEndReporter>(
+ Code, EnableLifetimeArgs, Diags, /*OnlyEmitWarnings=*/true));
+ EXPECT_EQ(Diags, "test.LifetimeEndReporter: j LIFETIME END 0\n");
+}
+
+TEST(CheckLifetimeEnd, GlobalVariable) {
+ constexpr auto Code = R"(
+int g = 0;
+void foo() {
+ int i = 0;
+}
+ )";
+
+ std::string Diags;
+ EXPECT_TRUE(runCheckerOnCodeWithArgs<addLifetimeEndReporter>(
+ Code, EnableLifetimeArgs, Diags, /*OnlyEmitWarnings=*/true));
+ EXPECT_EQ(Diags, "test.LifetimeEndReporter: i LIFETIME END 0\n");
+}
+
+TEST(CheckLifetimeEnd, LoopBodyVariable) {
+ constexpr auto Code = R"(
+void foo() {
+ while (true) {
+ int i = 0;
+ break;
+ }
+}
+ )";
+
+ std::string Diags;
+ EXPECT_TRUE(runCheckerOnCodeWithArgs<addLifetimeEndReporter>(
+ Code, EnableLifetimeArgs, Diags, /*OnlyEmitWarnings=*/true));
+ EXPECT_EQ(Diags, "test.LifetimeEndReporter: i LIFETIME END 0\n");
+}
+
+TEST(CheckLifetimeEnd, ForLoopInductionVariable) {
+ constexpr auto Code = R"(
+void foo() {
+ for (int i = 0; i < 2; i++) {
+ int j = 0;
+ {
+ int nested = 0;
+ }
+ ++j;
+ }
+}
+ )";
+
+ std::string Diags;
+ EXPECT_TRUE(runCheckerOnCodeWithArgs<addLifetimeEndReporter>(
+ Code, EnableLifetimeArgs, Diags, /*OnlyEmitWarnings=*/true));
+ EXPECT_EQ(Diags, "test.LifetimeEndReporter: i LIFETIME END 4\n"
+ "test.LifetimeEndReporter: j LIFETIME END 1\n"
+ "test.LifetimeEndReporter: j LIFETIME END 3\n"
+ "test.LifetimeEndReporter: nested LIFETIME END 0\n"
+ "test.LifetimeEndReporter: nested LIFETIME END 2\n");
+}
+
+TEST(CheckLifetimeEnd, LifetimeExtendedTemporary) {
+ constexpr auto Code = R"(
+void foo() {
+ const int& r = 42;
+}
+ )";
+
+ std::string Diags;
+ EXPECT_TRUE(runCheckerOnCodeWithArgs<addLifetimeEndReporter>(
+ Code, EnableLifetimeArgs, Diags, /*OnlyEmitWarnings=*/true));
+ EXPECT_EQ(Diags, "test.LifetimeEndReporter: r LIFETIME END 0\n");
+}
+
+} // namespace
diff --git a/clang/unittests/StaticAnalyzer/CheckerRegistration.h b/clang/unittests/StaticAnalyzer/CheckerRegistration.h
index c4c6e7a9a896d..75b04f5dabd69 100644
--- a/clang/unittests/StaticAnalyzer/CheckerRegistration.h
+++ b/clang/unittests/StaticAnalyzer/CheckerRegistration.h
@@ -8,6 +8,7 @@
#include "clang/Analysis/PathDiagnostic.h"
#include "clang/Frontend/CompilerInstance.h"
+#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
@@ -91,6 +92,9 @@ template <AddCheckerFn... Fns> class TestAction : public ASTFrontendAction {
std::unique_ptr<ASTConsumer> CreateASTConsumer(CompilerInstance &Compiler,
StringRef File) override {
+ // Suppress the default HTML/text path diagnostic consumers that would
+ // otherwise emit to stderr via DiagnosticsEngine::Report().
+ Compiler.getAnalyzerOpts().AnalysisDiagOpt = PD_NONE;
std::unique_ptr<AnalysisASTConsumer> AnalysisConsumer =
CreateAnalysisConsumer(Compiler);
if (OnlyEmitWarnings)
More information about the cfe-commits
mailing list