llvmorg-github-actions[bot] wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang-temporal-safety
Author: Kashika Akhouri (kashika0112)
<details>
<summary>Changes</summary>
This PR implements support for the `[[clang::lifetime_capture_by(X)]]`
attribute within the lifetime-safety analysis.
The PR introduces a new helper in `FactGenerator.cpp` called
`handleLifetimeCaptureBy` which detects `[[clang::lifetime_capture_by(X)]]` on
parameters. If detected, the analyzer now generates an `OriginFlowFact`
ensuring that captured dependencies are added to the capturer's state. The PR
supports capture_by params and `this` and currently doesn't implement
attributes on function declarations.
Example:
Integrate `[[clang::lifetimebound]]`: This existing Clang annotation is crucial
for specifying that the lifetime of a function's output is tied to one of its
inputs.
```cpp
void setS(std::string_view& in, std::string_view out
[[clang::lifetime_capture_by(X)]]);
std::string_view foo() {
std::string a = "on stack";
std::string_view res;
setS(res, a);
return res; // warning: returning address of local variable 'a'.
}
```
Lifetime Facts:
```cpp
Function: foo
Block B2:
End of Block
Block B1:
OriginFlow:
Dest: 0 (Expr: ImplicitCastExpr, Type : const char *)
Src: 1 (Expr: StringLiteral, Type : const char (&)[9])
Use (0 (Expr: ImplicitCastExpr, Type : const char *), Read)
Use (2 (Expr: CXXDefaultArgExpr, Type : const class
std::allocator<char> &), Read)
Expire (MaterializeTemporaryExpr at 0x562afa69fdb0)
OriginFlow:
Dest: 3 (Decl: res, Type : std::string_view)
Src: 4 (Expr: CXXConstructExpr, Type : std::string_view)
Use (3 (Decl: res, Type : std::string_view), Read)
Issue (0 (Path: res), ToOrigin: 7 (Expr: DeclRefExpr, Decl: res))
Issue (1 (Path: a), ToOrigin: 8 (Expr: DeclRefExpr, Decl: a))
OriginFlow:
Dest: 9 (Expr: ImplicitCastExpr, Type : const class
std::basic_string<char> &)
Src: 8 (Expr: DeclRefExpr, Decl: a)
Use (9 (Expr: ImplicitCastExpr, Type : const class
std::basic_string<char> &), Read)
OriginFlow:
Dest: 10 (Expr: CXXMemberCallExpr, Type : __sv_type)
Src: 9 (Expr: ImplicitCastExpr, Type : const class
std::basic_string<char> &)
OriginFlow:
Dest: 11 (Expr: ImplicitCastExpr, Type : __sv_type)
Src: 10 (Expr: CXXMemberCallExpr, Type : __sv_type)
Use (11 (Expr: ImplicitCastExpr, Type : __sv_type), Read)
// New Origin Flow fact added
OriginFlow:
Dest: 3 (Decl: res, Type : std::string_view)
Src: 11 (Expr: ImplicitCastExpr, Type : __sv_type), Merge
Use (3 (Decl: res, Type : std::string_view), Read)
Issue (2 (Path: res), ToOrigin: 12 (Expr: DeclRefExpr, Decl: res))
OriginFlow:
Dest: 13 (Expr: ImplicitCastExpr, Type : const std::string_view &)
Src: 12 (Expr: DeclRefExpr, Decl: res)
OriginFlow:
Dest: 14 (Expr: ImplicitCastExpr, Type : std::string_view)
Src: 3 (Decl: res, Type : std::string_view)
OriginFlow:
Dest: 15 (Expr: CXXConstructExpr, Type : std::string_view)
Src: 14 (Expr: ImplicitCastExpr, Type : std::string_view)
Expire (a)
Expire (res, Origin: 3 (Decl: res, Type : std::string_view))
OriginEscapes (15 (Expr: CXXConstructExpr, Type : std::string_view), via
Return)
End of Block
Block B0:
End of Block
```
---
Full diff: https://github.com/llvm/llvm-project/pull/196884.diff
3 Files Affected:
- (modified)
clang/include/clang/Analysis/Analyses/LifetimeSafety/FactsGenerator.h (+5)
- (modified) clang/lib/Analysis/LifetimeSafety/FactsGenerator.cpp (+69)
- (modified) clang/test/Sema/warn-lifetime-safety.cpp (+73)
``````````diff
diff --git
a/clang/include/clang/Analysis/Analyses/LifetimeSafety/FactsGenerator.h
b/clang/include/clang/Analysis/Analyses/LifetimeSafety/FactsGenerator.h
index 766742e98101a..af545d5e9386c 100644
--- a/clang/include/clang/Analysis/Analyses/LifetimeSafety/FactsGenerator.h
+++ b/clang/include/clang/Analysis/Analyses/LifetimeSafety/FactsGenerator.h
@@ -91,6 +91,11 @@ class FactsGenerator : public
ConstStmtVisitor<FactsGenerator> {
void handleMovedArgsInCall(const FunctionDecl *FD,
ArrayRef<const Expr *> Args);
+ // Detects [[clang::lifetime_capture_by(X)]] annotations on a function call
to
+ // create flow facts from captured arguments to the capturer
+ void handleLifetimeCaptureBy(const FunctionDecl *FD,
+ ArrayRef<const Expr *> Args);
+
/// Checks if a call-like expression creates a borrow by passing a value to a
/// reference parameter, creating an IssueFact if it does.
/// \param IsGslConstruction True if this is a GSL construction where all
diff --git a/clang/lib/Analysis/LifetimeSafety/FactsGenerator.cpp
b/clang/lib/Analysis/LifetimeSafety/FactsGenerator.cpp
index dc80d2783fc03..2908a9f1dd924 100644
--- a/clang/lib/Analysis/LifetimeSafety/FactsGenerator.cpp
+++ b/clang/lib/Analysis/LifetimeSafety/FactsGenerator.cpp
@@ -864,6 +864,74 @@ void FactsGenerator::handleImplicitObjectFieldUses(const
Expr *Call,
});
}
+void FactsGenerator::handleLifetimeCaptureBy(const FunctionDecl *FD,
+ ArrayRef<const Expr *> Args) {
+ bool isInstance = false;
+ if (const auto *Method = dyn_cast<CXXMethodDecl>(FD);
+ Method && Method->isInstance() && !isa<CXXConstructorDecl>(FD)) {
+ isInstance = true;
+ }
+ auto getArgCaptureBy = [FD,
+ isInstance](unsigned I) -> LifetimeCaptureByAttr * {
+ const ParmVarDecl *PVD = nullptr;
+ // FIXME: Add support for capture_by on function declarations
+ if (isInstance) {
+ if (I > 0 && I - 1 < FD->getNumParams()) {
+ PVD = FD->getParamDecl(I - 1);
+ }
+ } else {
+ if (I < FD->getNumParams()) {
+ PVD = FD->getParamDecl(I);
+ }
+ }
+ return PVD ? PVD->getAttr<LifetimeCaptureByAttr>() : nullptr;
+ };
+ if (Args.empty())
+ return;
+ for (unsigned I = 0; I < Args.size(); ++I) {
+ const LifetimeCaptureByAttr *Attr = getArgCaptureBy(I);
+ if (!Attr)
+ continue;
+ OriginList *CapturedOriginList = getOriginsList(*Args[I]);
+ if (!CapturedOriginList)
+ continue;
+ if (isGslPointerType(Args[I]->getType())) {
+ assert(!Args[I]->isGLValue() || CapturedOriginList->getLength() >= 2);
+ CapturedOriginList = getRValueOrigins(Args[I], CapturedOriginList);
+ }
+ if (!CapturedOriginList)
+ continue;
+ for (int CapturedByIdx : Attr->params()) {
+ if (CapturedByIdx == LifetimeCaptureByAttr::Global) {
+ for (OriginList *L = CapturedOriginList; L != nullptr;
+ L = L->peelOuterOrigin())
+ EscapesInCurrentBlock.push_back(FactMgr.createFact<GlobalEscapeFact>(
+ L->getOuterOriginID(), nullptr));
+ continue;
+ }
+ if (CapturedByIdx == LifetimeCaptureByAttr::Unknown ||
+ CapturedByIdx == LifetimeCaptureByAttr::Invalid)
+ continue;
+ unsigned CapturedByArgIdx =
+ (CapturedByIdx == LifetimeCaptureByAttr::This)
+ ? 0
+ : (unsigned)CapturedByIdx + (isInstance ? 1 : 0);
+ if (CapturedByArgIdx >= Args.size())
+ continue;
+ OriginList *CapturedByOriginList =
+ getOriginsList(*Args[CapturedByArgIdx]);
+ if (CapturedByOriginList) {
+ OriginList *Dest =
+ (isGslPointerType(Args[CapturedByArgIdx]->getType()) ||
+ isGslOwnerType(Args[CapturedByArgIdx]->getType()))
+ ? CapturedByOriginList->peelOuterOrigin()
+ : CapturedByOriginList;
+ flow(Dest, CapturedOriginList, /*Kill=*/false);
+ }
+ }
+ }
+}
+
void FactsGenerator::handleFunctionCall(const Expr *Call,
const FunctionDecl *FD,
ArrayRef<const Expr *> Args,
@@ -880,6 +948,7 @@ void FactsGenerator::handleFunctionCall(const Expr *Call,
handleDestructiveCall(Call, FD, Args);
handleMovedArgsInCall(FD, Args);
handleImplicitObjectFieldUses(Call, FD);
+ handleLifetimeCaptureBy(FD, Args);
if (!CallList)
return;
auto IsArgLifetimeBound = [FD](unsigned I) -> bool {
diff --git a/clang/test/Sema/warn-lifetime-safety.cpp
b/clang/test/Sema/warn-lifetime-safety.cpp
index 30b450c333fbd..aaef28a85f507 100644
--- a/clang/test/Sema/warn-lifetime-safety.cpp
+++ b/clang/test/Sema/warn-lifetime-safety.cpp
@@ -3284,3 +3284,76 @@ void assign_non_capturing_to_function_ref(function_ref
&r) {
}
} // namespace GH126600
+
+//===----------------------------------------------------------------------===//
+// lifetime-capture-by
+//===----------------------------------------------------------------------===//
+
+void setCaptureBy(View& in, View out [[clang::lifetime_capture_by(in)]]);
+
+void use_after_free_capture_by() {
+ View res;
+ {
+ MyObj a;
+ setCaptureBy(res, a); // expected-warning {{object whose reference is
captured does not live long enough}}
+ } // expected-note {{destroyed here}}
+ (void)res; // expected-note {{later used here}}
+}
+
+View use_after_return_capture_by() {
+ MyObj a;
+ View res;
+ setCaptureBy(res, a); // expected-warning {{address of stack memory is
returned later}}
+ return res; // expected-note {{returned here}}
+
+}
+
+void transitive_capture() {
+ View v1, v2;
+ {
+ MyObj local;
+ setCaptureBy(v1, local); // expected-warning {{object whose reference is
captured does not live long enough}}
+ setCaptureBy(v2, v1);
+ } // expected-note {{destroyed here}}
+ (void)v2; // expected-note {{later used here}}
+}
+
+struct [[gsl::Pointer]] MyContainer {
+ View stored;
+ void set(View s [[clang::lifetime_capture_by(this)]]);
+};
+
+void member_capture() {
+ MyContainer c;
+ {
+ MyObj local;
+ c.set(local); // expected-warning {{object whose reference is captured
does not live long enough}}
+ } // expected-note {{destroyed here}}
+ (void)c.stored; // expected-note {{later used here}}
+}
+
+void captureTwo(View& into,
+ View a [[clang::lifetime_capture_by(into)]],
+ View b [[clang::lifetime_capture_by(into)]]);
+
+void multiple_captures() {
+ View res;
+ MyObj val1;
+ {
+ MyObj val2;
+ captureTwo(res, val1, val2); // expected-warning {{object whose reference
is captured does not live long enough}}
+ } // expected-note {{destroyed here}}
+ (void)res; // expected-note {{later used here}}
+}
+
+void multiple_local_captures() {
+ View res;
+ {
+ MyObj val1;
+ MyObj val2;
+ captureTwo(res, val1, val2); // expected-warning 2 {{object whose
reference is captured does not live long enough}}
+ } // expected-note 2 {{destroyed here}}
+ (void)res; // expected-note 2 {{later used here}}
+}
+
+
``````````
</details>
https://github.com/llvm/llvm-project/pull/196884
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
