[llvm-bugs] [Bug 152508] [LifetimeSafety] Increase C++ coverage & integrate annotations

Thu, 07 Aug 2025 07:13:37 -0700

Issue 152508
Summary [LifetimeSafety] Increase C++ coverage & integrate annotations
Labels new issue
Assignees
Reporter usx95 
    Expand the analysis to correctly model more C++ semantics and integrate with existing lifetime annotations to increase coverage and accuracy.

# Enhance C++ Language Coverage


* View-Type Support: Extend the analysis beyond raw pointers to handle common view/span types that act like non-owning references.
```cpp
std::string_view foo() {
  std::string a = "on stack";
  std::string_view res = a;
  return res;   // warning: returning address of local variable 'a'.
}
```

* Temporary: Detect a common bug where a reference is taken to a temporary object that is destroyed at the end of the full _expression_. A warning for code such as `std::string_view sv = std::string("temporary string");`. This is noted as a lower priority since it is already detected by a pre-existing analysis.


# Model Function Calls and Annotations

* Function Call Semantics: Correctly model how lifetimes flow through function calls, from arguments to return values.

* Opaque Loans: To support gradual rollout and handle functions without annotations, the analysis will use a fallback mechanism. When a function's lifetime behavior is unknown, the analysis will assign an `OPAQUE` loan to its output. This prevents false negatives while acknowledging uncertainty. Passing a variable with a known origin to an opaque function that takes a mutable reference will kill the known loans and add an `OPAQUE` one to its origin.

* Integrate `[[clang::lifetimebound]]`: This existing Clang annotation is crucial for specifying that the lifetime of a function's output is tied to one of its inputs. The analysis must consume this information.

```cpp
std::string_view Trim(std::string_view input [[clang::lifetimebound]]);

std::string_view foo() {
  std::string a = "on stack";
  std::string_view res = Trim(a);
  return res;  // warning: returning address of local variable 'a'.
}
```

# Analysis Metrics

Coverage Statistics: To measure progress and identify weaknesses, the analysis will track its own coverage.

A set of analysis internal statistics tracking metrics like the number of pointer-like expressions that are fully tracked versus those that fall back to OPAQUE loans or are not even associated an origin.

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to