[cfe-dev] [Clang Static Analyzer] Lifetime checker

[Bhargava Shastry via cfe-dev]

Hi again,

Update: The CFG patch is public. Feedback much appreciated [1].

In the meantime, we can tackle low-hanging use-after-frees as an
extension of the `NewDeleteChecker`. The basic idea is to implement
lifetime checks mentioned in the Cpp core guidelines. Afaik, flagging
bugs in the following examples does not need additional support in the
analyzer i.e., implementation is purely in the realm of a checker.
Please correct me if I am wrong. Any other feedback welcome.

One extension is to catch potential raw pointer invalidations caused by
invocation of non-const container methods. Examples:

```cpp
#include <memory>
using namespace std;
1. void f() {
2.    auto s = make_shared<int>(0);
3.    int *p = s.get();
4.    s = make_shared<int>(1); // s is reallocated
5.    *p = 21; // write to an invalid memory location
6. }
7.
8. void g() {
9.    auto v = make_shared<vector<int>>(10);
10.   vector<int>* pv = v.get();
11.   v->push_back(10); // push_back is a non-const method
12.   pv->push_back(100); // ERROR, pv has been invalidated
13. }
```

[1]: http://reviews.llvm.org/D16403

On 12/30/2015 01:00 PM, Bhargava Shastry wrote:
> Hi Devin,
> 
> Thanks for a nice action plan :-)
> 
> I will study the CFG builder class first and get back to you if I
> have any questions.
> 
> Thanks, Bhargava