https://github.com/usx95 requested changes to this pull request.

I noticed a couple of issues with the current `buildOriginFlowChain` 
implementation:

**1. The `OriginFlowChain` state is polluted by BFS.**
Currently, `OriginFlowChain` is declared outside the queue. Because BFS 
explores multiple branches level-by-level (e.g., both branches of an 
`if/else`), `OriginFlowChain.append()` mixes the origins from *all* visited 
branches into a single shared vector. This results in diagnostics emitting 
alias messages for paths that weren't actually taken.

Here is a test case that reproduces the polluted chain bug:
```cpp
void test_multiple_paths(bool cond) {
  View v;
  {
    MyObj a;
    View p1, p2, p3;
    p1 = a;
    p2 = p1; 
    // Only one of the branches should be diagnosed.
    if (cond) {
      p3 = p1;
    } else {
      p3 = p2; 
    }
    
    v = p3; // expected-note {{local variable 'p3' aliases...}}
  } // expected-note {{destroyed here}}
  v.use(); // expected-note {{later used here}}
}
```

**2. I feel DFS is a better fit here than BFS.**
BFS tries to find the shortest path, but here we don't care about the shortest 
path; any valid path that tracks the origin back to the `IssueFact` is correct. 
(Shortest path would anyways require Dijkstra here as each block adds arbitrary 
alias notes and not just 1).
Switching to an iterative DFS (using a Stack instead of a Queue) allows the 
search to dive straight down a single valid path. If we move `OriginFlowChain` 
*inside* the state, we completely fix the pollution bug while keeping memory 
overhead tiny, since DFS usually finds the root loan on its very first try. 


https://github.com/llvm/llvm-project/pull/204592
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to