http://llvm.org/bugs/show_bug.cgi?id=10754
Summary: Analyzer should catch return of local address even
when address passed through function
Product: clang
Version: trunk
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
Take the following code:
int &foo();
long const &nop(long const &l) {
return l;
}
long const *returns_temp_missed() {
return &nop(foo()); // temp object created
}
long const *returns_temp_caught() {
long const &lr = foo(); // temp object created.
return &lr;
}
Both returns_temp functions optimize to the same code, but clang --analyze only
catches the second one.
We've caught two instances of this recently when gcc's DCE pass deleted the
initialization of the local variable whose address was returned, and then its
-Wuninitialized warning complained, in the calling function, that <anonymous>
was used without initialization. Clang should be able to give us a better
warning than that.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
