[LLVMbugs] [Bug 10754] New: Analyzer should catch return of local address even when address passed through function
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Aug 25 17:29:47 PDT 2011
http://llvm.org/bugs/show_bug.cgi?id=10754
Summary: Analyzer should catch return of local address even
when address passed through function
Product: clang
Version: trunk
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: jyasskin at google.com
CC: llvmbugs at cs.uiuc.edu
Take the following code:
int &foo();
long const &nop(long const &l) {
return l;
}
long const *returns_temp_missed() {
return &nop(foo()); // temp object created
}
long const *returns_temp_caught() {
long const &lr = foo(); // temp object created.
return &lr;
}
Both returns_temp functions optimize to the same code, but clang --analyze only
catches the second one.
We've caught two instances of this recently when gcc's DCE pass deleted the
initialization of the local variable whose address was returned, and then its
-Wuninitialized warning complained, in the calling function, that <anonymous>
was used without initialization. Clang should be able to give us a better
warning than that.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list