[llvm-branch-commits] [clang] [LifetimeSafety] Suggest/infer annotation in constructors (PR #191699)
via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Sun Apr 12 07:46:39 PDT 2026
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang
Author: Utkarsh Saxena (usx95)
<details>
<summary>Changes</summary>
This change improves the lifetime safety checker to detect when constructor parameters escape to class fields and suggest appropriate `[[clang::lifetimebound]]` annotations.
```cpp
struct A {
View v;
A(const MyObj& obj) : v(obj) {} // Now suggests [[clang::lifetimebound]]
};
```
---
Full diff: https://github.com/llvm/llvm-project/pull/191699.diff
7 Files Affected:
- (modified) clang/include/clang/Analysis/Analyses/LifetimeSafety/LifetimeSafety.h (+6-2)
- (modified) clang/lib/Analysis/LifetimeSafety/Checker.cpp (+27-14)
- (modified) clang/lib/Sema/AnalysisBasedWarnings.cpp (+4)
- (modified) clang/lib/Sema/SemaLifetimeSafety.h (+10-4)
- (modified) clang/test/Sema/warn-lifetime-analysis-nocfg.cpp (+19-21)
- (modified) clang/test/Sema/warn-lifetime-safety-suggestions.cpp (+60-1)
- (modified) clang/test/Sema/warn-lifetime-safety.cpp (+6-6)
``````````diff
diff --git a/clang/include/clang/Analysis/Analyses/LifetimeSafety/LifetimeSafety.h b/clang/include/clang/Analysis/Analyses/LifetimeSafety/LifetimeSafety.h
index 08038dd096685..83c3c455c4c81 100644
--- a/clang/include/clang/Analysis/Analyses/LifetimeSafety/LifetimeSafety.h
+++ b/clang/include/clang/Analysis/Analyses/LifetimeSafety/LifetimeSafety.h
@@ -28,6 +28,7 @@
#include "clang/Analysis/Analyses/LifetimeSafety/MovedLoans.h"
#include "clang/Analysis/Analyses/LifetimeSafety/Origins.h"
#include "clang/Analysis/AnalysisDeclContext.h"
+#include "llvm/ADT/PointerUnion.h"
#include <cstddef>
#include <memory>
@@ -88,10 +89,13 @@ class LifetimeSafetySemaHelper {
const Expr *UseExpr,
const Expr *InvalidationExpr) {}
- // Suggests lifetime bound annotations for function paramters.
+ using EscapingTarget =
+ llvm::PointerUnion<const Expr *, const FieldDecl *, const VarDecl *>;
+
+ // Suggests lifetime bound annotations for function parameters.
virtual void suggestLifetimeboundToParmVar(SuggestionScope Scope,
const ParmVarDecl *ParmToAnnotate,
- const Expr *EscapeExpr) {}
+ EscapingTarget Target) {}
// Reports misuse of [[clang::noescape]] when parameter escapes through return
virtual void reportNoescapeViolation(const ParmVarDecl *ParmWithNoescape,
diff --git a/clang/lib/Analysis/LifetimeSafety/Checker.cpp b/clang/lib/Analysis/LifetimeSafety/Checker.cpp
index 36477c6f67b52..fe103739dbcb0 100644
--- a/clang/lib/Analysis/LifetimeSafety/Checker.cpp
+++ b/clang/lib/Analysis/LifetimeSafety/Checker.cpp
@@ -53,13 +53,12 @@ struct PendingWarning {
using AnnotationTarget =
llvm::PointerUnion<const ParmVarDecl *, const CXXMethodDecl *>;
-using EscapingTarget =
- llvm::PointerUnion<const Expr *, const FieldDecl *, const VarDecl *>;
+using EscapingTarget = LifetimeSafetySemaHelper::EscapingTarget;
class LifetimeChecker {
private:
llvm::DenseMap<LoanID, PendingWarning> FinalWarningsMap;
- llvm::DenseMap<AnnotationTarget, const Expr *> AnnotationWarningsMap;
+ llvm::DenseMap<AnnotationTarget, EscapingTarget> AnnotationWarningsMap;
llvm::DenseMap<const ParmVarDecl *, EscapingTarget> NoescapeWarningsMap;
const LoanPropagationAnalysis &LoanPropagation;
const MovedLoansAnalysis &MovedLoans;
@@ -67,6 +66,7 @@ class LifetimeChecker {
FactManager &FactMgr;
LifetimeSafetySemaHelper *SemaHelper;
ASTContext &AST;
+ const Decl *FD;
static SourceLocation
GetFactLoc(llvm::PointerUnion<const UseFact *, const OriginEscapesFact *> F) {
@@ -89,7 +89,7 @@ class LifetimeChecker {
LifetimeSafetySemaHelper *SemaHelper)
: LoanPropagation(LoanPropagation), MovedLoans(MovedLoans),
LiveOrigins(LiveOrigins), FactMgr(FM), SemaHelper(SemaHelper),
- AST(ADC.getASTContext()) {
+ AST(ADC.getASTContext()), FD(ADC.getDecl()) {
for (const CFGBlock *B : *ADC.getAnalysis<PostOrderCFGView>())
for (const Fact *F : FactMgr.getFacts(B))
if (const auto *EF = F->getAs<ExpireFact>())
@@ -125,10 +125,15 @@ class LifetimeChecker {
NoescapeWarningsMap.try_emplace(PVD, GlobalEsc->getGlobal());
return;
}
- // Suggest lifetimebound for parameter escaping through return.
- if (!PVD->hasAttr<LifetimeBoundAttr>())
+ // Suggest lifetimebound for parameter escaping through return or a field
+ // in constructor.
+ if (!PVD->hasAttr<LifetimeBoundAttr>()) {
if (auto *ReturnEsc = dyn_cast<ReturnEscapeFact>(OEF))
AnnotationWarningsMap.try_emplace(PVD, ReturnEsc->getReturnExpr());
+ else if (auto *FieldEsc = dyn_cast<FieldEscapeFact>(OEF);
+ FieldEsc && isa<CXXConstructorDecl>(FD))
+ AnnotationWarningsMap.try_emplace(PVD, FieldEsc->getFieldDecl());
+ }
// TODO: Suggest lifetime_capture_by(this) for parameter escaping to a
// field!
};
@@ -292,14 +297,18 @@ class LifetimeChecker {
static void suggestWithScopeForParmVar(LifetimeSafetySemaHelper *SemaHelper,
const ParmVarDecl *PVD,
SourceManager &SM,
- const Expr *EscapeExpr) {
+ EscapingTarget EscapeTarget) {
+ if (llvm::isa<const VarDecl *>(EscapeTarget))
+ return;
+
if (const FunctionDecl *CrossTUDecl = getCrossTUDecl(*PVD, SM))
SemaHelper->suggestLifetimeboundToParmVar(
SuggestionScope::CrossTU,
- CrossTUDecl->getParamDecl(PVD->getFunctionScopeIndex()), EscapeExpr);
+ CrossTUDecl->getParamDecl(PVD->getFunctionScopeIndex()),
+ EscapeTarget);
else
SemaHelper->suggestLifetimeboundToParmVar(SuggestionScope::IntraTU, PVD,
- EscapeExpr);
+ EscapeTarget);
}
static void
@@ -319,11 +328,15 @@ class LifetimeChecker {
if (!SemaHelper)
return;
SourceManager &SM = AST.getSourceManager();
- for (auto [Target, EscapeExpr] : AnnotationWarningsMap) {
+ for (auto [Target, EscapeTarget] : AnnotationWarningsMap) {
if (const auto *PVD = Target.dyn_cast<const ParmVarDecl *>())
- suggestWithScopeForParmVar(SemaHelper, PVD, SM, EscapeExpr);
- else if (const auto *MD = Target.dyn_cast<const CXXMethodDecl *>())
- suggestWithScopeForImplicitThis(SemaHelper, MD, SM, EscapeExpr);
+ suggestWithScopeForParmVar(SemaHelper, PVD, SM, EscapeTarget);
+ else if (const auto *MD = Target.dyn_cast<const CXXMethodDecl *>()) {
+ if (const auto *EscapeExpr = EscapeTarget.dyn_cast<const Expr *>())
+ suggestWithScopeForImplicitThis(SemaHelper, MD, SM, EscapeExpr);
+ else
+ llvm_unreachable("Implicit this can only escape via Expr (return)");
+ }
}
}
@@ -341,7 +354,7 @@ class LifetimeChecker {
}
void inferAnnotations() {
- for (auto [Target, EscapeExpr] : AnnotationWarningsMap) {
+ for (auto [Target, EscapeTarget] : AnnotationWarningsMap) {
if (const auto *MD = Target.dyn_cast<const CXXMethodDecl *>()) {
if (!implicitObjectParamIsLifetimeBound(MD))
SemaHelper->addLifetimeBoundToImplicitThis(cast<CXXMethodDecl>(MD));
diff --git a/clang/lib/Sema/AnalysisBasedWarnings.cpp b/clang/lib/Sema/AnalysisBasedWarnings.cpp
index 48957caf61e5a..c538e7cb2211e 100644
--- a/clang/lib/Sema/AnalysisBasedWarnings.cpp
+++ b/clang/lib/Sema/AnalysisBasedWarnings.cpp
@@ -2925,6 +2925,10 @@ LifetimeSafetyTUAnalysis(Sema &S, TranslationUnitDecl *TU,
AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true;
AC.getCFGBuildOptions().AddLifetime = true;
AC.getCFGBuildOptions().AddParameterLifetimes = true;
+ AC.getCFGBuildOptions().AddInitializers = true;
+ AC.getCFGBuildOptions().AddCXXDefaultInitExprInCtors = true;
+ AC.getCFGBuildOptions().AddImplicitDtors = true;
+ AC.getCFGBuildOptions().AddTemporaryDtors = true;
AC.getCFGBuildOptions().setAllAlwaysAdd();
if (AC.getCFG())
runLifetimeSafetyAnalysis(AC, &SemaHelper, LSStats, S.CollectStats);
diff --git a/clang/lib/Sema/SemaLifetimeSafety.h b/clang/lib/Sema/SemaLifetimeSafety.h
index e6f7e3d929f61..c56a9692abe1a 100644
--- a/clang/lib/Sema/SemaLifetimeSafety.h
+++ b/clang/lib/Sema/SemaLifetimeSafety.h
@@ -133,7 +133,7 @@ class LifetimeSafetySemaHelperImpl : public LifetimeSafetySemaHelper {
void suggestLifetimeboundToParmVar(SuggestionScope Scope,
const ParmVarDecl *ParmToAnnotate,
- const Expr *EscapeExpr) override {
+ EscapingTarget Target) override {
unsigned DiagID =
(Scope == SuggestionScope::CrossTU)
? diag::warn_lifetime_safety_cross_tu_param_suggestion
@@ -150,9 +150,15 @@ class LifetimeSafetySemaHelperImpl : public LifetimeSafetySemaHelper {
S.Diag(ParmToAnnotate->getBeginLoc(), DiagID)
<< ParmToAnnotate->getSourceRange()
<< FixItHint::CreateInsertion(InsertionPoint, FixItText);
- S.Diag(EscapeExpr->getBeginLoc(),
- diag::note_lifetime_safety_suggestion_returned_here)
- << EscapeExpr->getSourceRange();
+
+ if (const auto *EscapeExpr = Target.dyn_cast<const Expr *>())
+ S.Diag(EscapeExpr->getBeginLoc(),
+ diag::note_lifetime_safety_suggestion_returned_here)
+ << EscapeExpr->getSourceRange();
+ else if (const auto *EscapeField = Target.dyn_cast<const FieldDecl *>())
+ S.Diag(EscapeField->getLocation(),
+ diag::note_lifetime_safety_escapes_to_field_here)
+ << EscapeField->getSourceRange();
}
void suggestLifetimeboundToImplicitThis(SuggestionScope Scope,
diff --git a/clang/test/Sema/warn-lifetime-analysis-nocfg.cpp b/clang/test/Sema/warn-lifetime-analysis-nocfg.cpp
index c352cca2023a6..e07c90f248764 100644
--- a/clang/test/Sema/warn-lifetime-analysis-nocfg.cpp
+++ b/clang/test/Sema/warn-lifetime-analysis-nocfg.cpp
@@ -1,7 +1,5 @@
// RUN: %clang_cc1 -fsyntax-only -Wdangling -Wdangling-field -Wreturn-stack-address -verify %s
-// RUN: %clang_cc1 -fsyntax-only -Wlifetime-safety -Wno-dangling -verify=cfg,cfg-field %s
-
-// FIXME: cfg-field should be detected in end-of-TU analysis but it doesn't work for constructors!
+// RUN: %clang_cc1 -fsyntax-only -Wlifetime-safety -Wno-dangling -verify=cfg %s
// RUN: %clang_cc1 -fsyntax-only -flifetime-safety-inference -fexperimental-lifetime-safety-tu-analysis -Wlifetime-safety -Wno-dangling -verify=cfg %s
#include "Inputs/lifetime-analysis.h"
@@ -84,17 +82,17 @@ void dangligGslPtrFromTemporary() {
struct DanglingGslPtrField {
MyIntPointer p; // expected-note {{pointer member declared here}} \
- // cfg-field-note 3 {{this field dangles}}
+ // cfg-note 3 {{this field dangles}}
MyLongPointerFromConversion p2; // expected-note {{pointer member declared here}} \
- // cfg-field-note 2 {{this field dangles}}
+ // cfg-note 2 {{this field dangles}}
- DanglingGslPtrField(int i) : p(&i) {} // cfg-field-warning {{address of stack memory escapes to a field}}
+ DanglingGslPtrField(int i) : p(&i) {} // cfg-warning {{address of stack memory escapes to a field}}
DanglingGslPtrField() : p2(MyLongOwnerWithConversion{}) {} // expected-warning {{initializing pointer member 'p2' to point to a temporary object whose lifetime is shorter than the lifetime of the constructed object}} \
- // cfg-field-warning {{address of stack memory escapes to a field}}
+ // cfg-warning {{address of stack memory escapes to a field}}
DanglingGslPtrField(double) : p(MyIntOwner{}) {} // expected-warning {{initializing pointer member 'p' to point to a temporary object whose lifetime is shorter than the lifetime of the constructed object}} \
- // cfg-field-warning {{address of stack memory escapes to a field}}
- DanglingGslPtrField(MyIntOwner io) : p(io) {} // cfg-field-warning {{address of stack memory escapes to a field}}
- DanglingGslPtrField(MyLongOwnerWithConversion lo) : p2(lo) {} // cfg-field-warning {{address of stack memory escapes to a field}}
+ // cfg-warning {{address of stack memory escapes to a field}}
+ DanglingGslPtrField(MyIntOwner io) : p(io) {} // cfg-warning {{address of stack memory escapes to a field}}
+ DanglingGslPtrField(MyLongOwnerWithConversion lo) : p2(lo) {} // cfg-warning {{address of stack memory escapes to a field}}
};
MyIntPointer danglingGslPtrFromLocal() {
@@ -361,11 +359,11 @@ const char *trackThroughMultiplePointer() {
struct X {
X(std::unique_ptr<int> up) :
- pointee(*up), // cfg-field-warning {{may have been moved.}}
- pointee2(up.get()), // cfg-field-warning {{may have been moved.}}
- pointer(std::move(up)) {} // cfg-field-note 2 {{potentially moved here}}
- int &pointee; // cfg-field-note {{this field dangles}}
- int *pointee2; // cfg-field-note {{this field dangles}}
+ pointee(*up), // cfg-warning {{may have been moved.}}
+ pointee2(up.get()), // cfg-warning {{may have been moved.}}
+ pointer(std::move(up)) {} // cfg-note 2 {{potentially moved here}}
+ int &pointee; // cfg-note {{this field dangles}}
+ int *pointee2; // cfg-note {{this field dangles}}
std::unique_ptr<int> pointer;
};
@@ -376,9 +374,9 @@ struct X2 {
// A common usage that moves the passing owner to the class.
// verify a strict warning on this case.
X2(XOwner owner) :
- pointee(owner.get()), // cfg-field-warning {{may have been moved.}}
- owner(std::move(owner)) {} // cfg-field-note {{potentially moved here}}
- int* pointee; // cfg-field-note {{this field dangles}}
+ pointee(owner.get()), // cfg-warning {{may have been moved.}}
+ owner(std::move(owner)) {} // cfg-note {{potentially moved here}}
+ int* pointee; // cfg-note {{this field dangles}}
XOwner owner;
};
@@ -1127,10 +1125,10 @@ struct Foo2 {
};
struct Test {
- Test(Foo2 foo) : bar(foo.bar.get()), // cfg-field-warning-re {{address of stack memory escapes to a field. {{.*}} may have been moved}}
- storage(std::move(foo.bar)) {}; // cfg-field-note {{potentially moved here}}
+ Test(Foo2 foo) : bar(foo.bar.get()), // cfg-warning-re {{address of stack memory escapes to a field. {{.*}} may have been moved}}
+ storage(std::move(foo.bar)) {}; // cfg-note {{potentially moved here}}
- Bar* bar; // cfg-field-note {{this field dangles}}
+ Bar* bar; // cfg-note {{this field dangles}}
std::unique_ptr<Bar> storage;
};
diff --git a/clang/test/Sema/warn-lifetime-safety-suggestions.cpp b/clang/test/Sema/warn-lifetime-safety-suggestions.cpp
index 5906170b0d146..ee3ed7f385faf 100644
--- a/clang/test/Sema/warn-lifetime-safety-suggestions.cpp
+++ b/clang/test/Sema/warn-lifetime-safety-suggestions.cpp
@@ -462,7 +462,8 @@ S forward(const MyObj &obj) { // expected-warning {{parameter in intra-TU functi
namespace make_unique_suggestion {
struct LifetimeBoundCtor {
- LifetimeBoundCtor(const MyObj& obj [[clang::lifetimebound]]);
+ const MyObj& obj;
+ LifetimeBoundCtor(const MyObj& obj [[clang::lifetimebound]]) : obj(obj) {}
};
std::unique_ptr<LifetimeBoundCtor> create_target(const MyObj& obj) { // expected-warning {{parameter in intra-TU function should be marked [[clang::lifetimebound]]}}
@@ -478,3 +479,61 @@ void test_inference() {
(void)ptr; // expected-note {{later used here}}
}
} // namespace make_unique_suggestion
+
+namespace capturing_constructor {
+struct CaptureRefToView {
+ View v; // expected-note {{escapes to this field}}
+ CaptureRefToView(const MyObj& obj) : v(obj) {} // expected-warning {{parameter in intra-TU function should be marked [[clang::lifetimebound]]}}
+};
+
+CaptureRefToView test_ref_to_view() {
+ MyObj obj;
+ CaptureRefToView x(obj); // expected-warning {{address of stack memory is returned later}}
+ return x; // expected-note {{returned here}}
+}
+
+struct CaptureRefToPtr {
+ const MyObj* p; // expected-note {{escapes to this field}}
+ CaptureRefToPtr(const MyObj& obj) : p(&obj) {} // expected-warning {{parameter in intra-TU function should be marked [[clang::lifetimebound]]}}
+};
+
+CaptureRefToPtr test_ref_to_ptr() {
+ MyObj obj;
+ CaptureRefToPtr x(obj); // expected-warning {{address of stack memory is returned later}}
+ return x; // expected-note {{returned here}}
+}
+
+struct CaptureViewToView {
+ View v; // expected-note {{escapes to this field}}
+ CaptureViewToView(View v_param) : v(v_param) {} // expected-warning {{parameter in intra-TU function should be marked [[clang::lifetimebound]]}}
+};
+
+CaptureViewToView test_view_to_view() {
+ MyObj obj;
+ View v(obj); // expected-warning {{address of stack memory is returned later}}
+ CaptureViewToView x(v);
+ return x; // expected-note {{returned here}}
+}
+
+struct CapturePtrToPtr {
+ const MyObj* p; // expected-note {{escapes to this field}}
+ CapturePtrToPtr(const MyObj* p_param) : p(p_param) {} // expected-warning {{parameter in intra-TU function should be marked [[clang::lifetimebound]]}}
+};
+
+CapturePtrToPtr test_ptr_to_ptr() {
+ MyObj obj;
+ CapturePtrToPtr x(&obj); // expected-warning {{address of stack memory is returned later}}
+ return x; // expected-note {{returned here}}
+}
+
+struct CaptureRefToRef {
+ const MyObj& r; // expected-note {{escapes to this field}}
+ CaptureRefToRef(const MyObj& obj) : r(obj) {} // expected-warning {{parameter in intra-TU function should be marked [[clang::lifetimebound]]}}
+};
+
+CaptureRefToRef test_ref_to_ref() {
+ MyObj obj;
+ CaptureRefToRef x(obj); // expected-warning {{address of stack memory is returned later}}
+ return x; // expected-note {{returned here}}
+}
+} // namespace capturing_constructor
diff --git a/clang/test/Sema/warn-lifetime-safety.cpp b/clang/test/Sema/warn-lifetime-safety.cpp
index e0147d69459f5..07562c4b33f8e 100644
--- a/clang/test/Sema/warn-lifetime-safety.cpp
+++ b/clang/test/Sema/warn-lifetime-safety.cpp
@@ -2361,8 +2361,8 @@ void from_template_instantiation() {
}
struct FieldInitFromLifetimebound {
- S value; // function-note {{this field dangles}}
- FieldInitFromLifetimebound() : value(getS(std::string("temp"))) {} // function-warning {{address of stack memory escapes to a field}}
+ S value; // expected-note {{this field dangles}}
+ FieldInitFromLifetimebound() : value(getS(std::string("temp"))) {} // expected-warning {{address of stack memory escapes to a field}}
};
S S::return_self_after_registration() const {
@@ -2551,13 +2551,13 @@ void nested_local_pointer() {
}
struct PFieldFromParam {
- Pointer<Bar> value; // function-note {{this field dangles}}
- PFieldFromParam(Bar bar) : value(bar) {} // function-warning {{address of stack memory escapes to a field}}
+ Pointer<Bar> value; // expected-note {{this field dangles}}
+ PFieldFromParam(Bar bar) : value(bar) {} // expected-warning {{address of stack memory escapes to a field}}
};
struct PFieldFromTemp {
- Pointer<Bar> value; // function-note {{this field dangles}}
- PFieldFromTemp() : value(Bar{}) {} // function-warning {{address of stack memory escapes to a field}}
+ Pointer<Bar> value; // expected-note {{this field dangles}}
+ PFieldFromTemp() : value(Bar{}) {} // expected-warning {{address of stack memory escapes to a field}}
};
} // namespace gslpointer_construction_from_lifetimebound
``````````
</details>
https://github.com/llvm/llvm-project/pull/191699
More information about the llvm-branch-commits
mailing list