================
@@ -265,8 +266,75 @@ it refers to has gone out of scope.
p = &i; // OK!
}
(void)*p;
+ }
+
+The analysis also covers pointer arithmetic. If the result of pointer
+arithmetic refers to an object whose lifetime has ended, the analysis diagnoses
+the later use.
+
+.. code-block:: c++
+
+ void pointer_arithmetic() {
+ int *p;
+ {
+ int data[4] = {};
+ p = data + 1; // warning: object whose reference is captured does not
live long enough
+ } // note: destroyed here
+ (void)*p; // note: later used here
+ }
+
+Use after free
+--------------
+
+This check warns when a pointer or reference is used after the object it refers
+to has been freed with ``delete`` or ``delete[]``. Heap allocations created
with
+``new`` are checked so that pointers, references and views to the allocation
are
+not used after the object is deleted.
+
+.. list-table::
+ :widths: 50 50
+ :header-rows: 1
+ :class: colored-code-table
+
+ * - Use after free
+ - Correct
+ * -
+ .. code-block:: c++
+
+ void foo() {
+ int *p = new int(0); // warning: allocated object does not live
long enough
+ delete p; // note: freed here
+ (void)*p; // note: later used here
+ }
+ -
+ .. code-block:: c++
+
+ void foo() {
+ int *p = new int(0);
+ (void)*p;
+ delete p; // OK!
}
+The same check applies when a heap-allocated object stores a reference to
----------------
Xazax-hun wrote:
I am not sure if we need this section. Instead of a new feature it just
showcases that some of the existing features are working well together. I think
this is what most people would expect intuitively, no need to call it out.
https://github.com/llvm/llvm-project/pull/196790
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
