On 04/07/14 12:51, Marc Glisse wrote:
I would tend to start from the return statements (assuming the return
type is a pointer), look at the defining statement, do things if it is
an assignment of an addr_expr, and recurse if it is a PHI. But maybe my
brain is cabled backwards ;-)
It works either way.
I am also afraid we may get more false positives, but maybe not.
The only false positives should come from paths which are unexecutable.
One could argue that if we find any that we should warn, then isolate
the path so that we get an immediate runtime trap rather than letting
the address of the local escape through the return value.
That in turn would argue for dumping it into
gimple-isolate-erroneous-paths ;-)
Last, the simple version actually works well enough that it discovered
at least one real bug in real code, and I am afraid that by refining it
too much we'll delay and get nothing in the end (my time and my
knowledge of the compiler are limited enough to make it a real
possibility). But I admit that's not a good argument.
The difference is I see the enhanced version as being simple enough that
we ought to just do it.
jeff
