[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 closed https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 updated
https://github.com/llvm/llvm-project/pull/89497
>From 91915f68902ade86c0bf8eba643428017ae8bb3c Mon Sep 17 00:00:00 2001
From: Congcong Cai
Date: Sat, 20 Apr 2024 17:58:19 +0800
Subject: [PATCH 1/8] [tidy] add new check
bugprone-return-const-ref-from-parameter
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
---
.../bugprone/BugproneTidyModule.cpp | 3 ++
.../clang-tidy/bugprone/CMakeLists.txt| 1 +
.../ReturnConstRefFromParameterCheck.cpp | 41 +++
.../ReturnConstRefFromParameterCheck.h| 35
clang-tools-extra/docs/ReleaseNotes.rst | 6 +++
.../return-const-ref-from-parameter.rst | 30 ++
.../docs/clang-tidy/checks/list.rst | 9 ++--
.../return-const-ref-from-parameter.cpp | 31 ++
8 files changed, 152 insertions(+), 4 deletions(-)
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
create mode 100644
clang-tools-extra/docs/clang-tidy/checks/bugprone/return-const-ref-from-parameter.rst
create mode 100644
clang-tools-extra/test/clang-tidy/checkers/bugprone/return-const-ref-from-parameter.cpp
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 2931325d8b5798..1b92d2e60cc173 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -54,6 +54,7 @@
#include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h"
+#include "ReturnConstRefFromParameterCheck.h"
#include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h"
@@ -137,6 +138,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-inaccurate-erase");
CheckFactories.registerCheck(
"bugprone-incorrect-enable-if");
+CheckFactories.registerCheck(
+"bugprone-return-const-ref-from-parameter");
CheckFactories.registerCheck(
"bugprone-switch-missing-default-case");
CheckFactories.registerCheck(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 081ba67efe1538..2d303191f88650 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -26,6 +26,7 @@ add_clang_library(clangTidyBugproneModule
ImplicitWideningOfMultiplicationResultCheck.cpp
InaccurateEraseCheck.cpp
IncorrectEnableIfCheck.cpp
+ ReturnConstRefFromParameterCheck.cpp
SuspiciousStringviewDataUsageCheck.cpp
SwitchMissingDefaultCaseCheck.cpp
IncDecInConditionsCheck.cpp
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
new file mode 100644
index 00..87fc663231496e
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
+ "return const reference parameter cause potential use-after-free "
+
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 updated
https://github.com/llvm/llvm-project/pull/89497
>From 91915f68902ade86c0bf8eba643428017ae8bb3c Mon Sep 17 00:00:00 2001
From: Congcong Cai
Date: Sat, 20 Apr 2024 17:58:19 +0800
Subject: [PATCH 1/7] [tidy] add new check
bugprone-return-const-ref-from-parameter
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
---
.../bugprone/BugproneTidyModule.cpp | 3 ++
.../clang-tidy/bugprone/CMakeLists.txt| 1 +
.../ReturnConstRefFromParameterCheck.cpp | 41 +++
.../ReturnConstRefFromParameterCheck.h| 35
clang-tools-extra/docs/ReleaseNotes.rst | 6 +++
.../return-const-ref-from-parameter.rst | 30 ++
.../docs/clang-tidy/checks/list.rst | 9 ++--
.../return-const-ref-from-parameter.cpp | 31 ++
8 files changed, 152 insertions(+), 4 deletions(-)
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
create mode 100644
clang-tools-extra/docs/clang-tidy/checks/bugprone/return-const-ref-from-parameter.rst
create mode 100644
clang-tools-extra/test/clang-tidy/checkers/bugprone/return-const-ref-from-parameter.cpp
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 2931325d8b5798..1b92d2e60cc173 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -54,6 +54,7 @@
#include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h"
+#include "ReturnConstRefFromParameterCheck.h"
#include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h"
@@ -137,6 +138,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-inaccurate-erase");
CheckFactories.registerCheck(
"bugprone-incorrect-enable-if");
+CheckFactories.registerCheck(
+"bugprone-return-const-ref-from-parameter");
CheckFactories.registerCheck(
"bugprone-switch-missing-default-case");
CheckFactories.registerCheck(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 081ba67efe1538..2d303191f88650 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -26,6 +26,7 @@ add_clang_library(clangTidyBugproneModule
ImplicitWideningOfMultiplicationResultCheck.cpp
InaccurateEraseCheck.cpp
IncorrectEnableIfCheck.cpp
+ ReturnConstRefFromParameterCheck.cpp
SuspiciousStringviewDataUsageCheck.cpp
SwitchMissingDefaultCaseCheck.cpp
IncDecInConditionsCheck.cpp
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
new file mode 100644
index 00..87fc663231496e
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
+ "return const reference parameter cause potential use-after-free "
+
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 updated
https://github.com/llvm/llvm-project/pull/89497
>From 91915f68902ade86c0bf8eba643428017ae8bb3c Mon Sep 17 00:00:00 2001
From: Congcong Cai
Date: Sat, 20 Apr 2024 17:58:19 +0800
Subject: [PATCH 1/6] [tidy] add new check
bugprone-return-const-ref-from-parameter
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
---
.../bugprone/BugproneTidyModule.cpp | 3 ++
.../clang-tidy/bugprone/CMakeLists.txt| 1 +
.../ReturnConstRefFromParameterCheck.cpp | 41 +++
.../ReturnConstRefFromParameterCheck.h| 35
clang-tools-extra/docs/ReleaseNotes.rst | 6 +++
.../return-const-ref-from-parameter.rst | 30 ++
.../docs/clang-tidy/checks/list.rst | 9 ++--
.../return-const-ref-from-parameter.cpp | 31 ++
8 files changed, 152 insertions(+), 4 deletions(-)
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
create mode 100644
clang-tools-extra/docs/clang-tidy/checks/bugprone/return-const-ref-from-parameter.rst
create mode 100644
clang-tools-extra/test/clang-tidy/checkers/bugprone/return-const-ref-from-parameter.cpp
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 2931325d8b5798..1b92d2e60cc173 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -54,6 +54,7 @@
#include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h"
+#include "ReturnConstRefFromParameterCheck.h"
#include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h"
@@ -137,6 +138,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-inaccurate-erase");
CheckFactories.registerCheck(
"bugprone-incorrect-enable-if");
+CheckFactories.registerCheck(
+"bugprone-return-const-ref-from-parameter");
CheckFactories.registerCheck(
"bugprone-switch-missing-default-case");
CheckFactories.registerCheck(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 081ba67efe1538..2d303191f88650 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -26,6 +26,7 @@ add_clang_library(clangTidyBugproneModule
ImplicitWideningOfMultiplicationResultCheck.cpp
InaccurateEraseCheck.cpp
IncorrectEnableIfCheck.cpp
+ ReturnConstRefFromParameterCheck.cpp
SuspiciousStringviewDataUsageCheck.cpp
SwitchMissingDefaultCaseCheck.cpp
IncDecInConditionsCheck.cpp
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
new file mode 100644
index 00..87fc663231496e
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
+ "return const reference parameter cause potential use-after-free "
+
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -112,6 +112,13 @@ New checks Detects error-prone Curiously Recurring Template Pattern usage, when the CRTP can be constructed outside itself and the derived class. +- New :doc:`bugprone-return-const-ref-from-parameter + ` check. + + Detects return statements that return constant reference parameter as constant + reference. This may cause use-after-free errors if the caller uses xvalue as + arguments. SimplyDanny wrote: ```suggestion Detects return statements that return a constant reference parameter as constant reference. This may cause use-after-free errors if the caller uses xvalues as arguments. ``` https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,40 @@
+//===--- ReturnConstRefFromParameterCheck.h - clang-tidy *- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+#define
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Detects return statements that return constant reference parameter as
+/// constant reference. This may cause use-after-free errors if the caller uses
+/// xvalue as arguments.
SimplyDanny wrote:
```suggestion
/// Detects return statements that return a constant reference parameter as
/// constant reference. This may cause use-after-free errors if the caller uses
/// xvalues as arguments.
```
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/SimplyDanny approved this pull request. Only a few more nits from my side. https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,31 @@ +.. title:: clang-tidy - bugprone-return-const-ref-from-parameter + +bugprone-return-const-ref-from-parameter + + +Detects return statements that return a constant reference parameter as constant +reference. This may cause use-after-free errors if the caller uses xvalue as +arguments. SimplyDanny wrote: ```suggestion Detects return statements that return a constant reference parameter as constant reference. This may cause use-after-free errors if the caller uses xvalues as arguments. ``` https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/SimplyDanny edited https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,34 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
SimplyDanny wrote:
I see. Thank you for clarification!
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 edited https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,34 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
HerrCai0907 wrote:
stack variable leak can be detected by clang diagnose directly, no need to use
clang-tidy.
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 updated
https://github.com/llvm/llvm-project/pull/89497
>From 91915f68902ade86c0bf8eba643428017ae8bb3c Mon Sep 17 00:00:00 2001
From: Congcong Cai
Date: Sat, 20 Apr 2024 17:58:19 +0800
Subject: [PATCH 1/5] [tidy] add new check
bugprone-return-const-ref-from-parameter
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
---
.../bugprone/BugproneTidyModule.cpp | 3 ++
.../clang-tidy/bugprone/CMakeLists.txt| 1 +
.../ReturnConstRefFromParameterCheck.cpp | 41 +++
.../ReturnConstRefFromParameterCheck.h| 35
clang-tools-extra/docs/ReleaseNotes.rst | 6 +++
.../return-const-ref-from-parameter.rst | 30 ++
.../docs/clang-tidy/checks/list.rst | 9 ++--
.../return-const-ref-from-parameter.cpp | 31 ++
8 files changed, 152 insertions(+), 4 deletions(-)
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
create mode 100644
clang-tools-extra/docs/clang-tidy/checks/bugprone/return-const-ref-from-parameter.rst
create mode 100644
clang-tools-extra/test/clang-tidy/checkers/bugprone/return-const-ref-from-parameter.cpp
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 2931325d8b5798..1b92d2e60cc173 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -54,6 +54,7 @@
#include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h"
+#include "ReturnConstRefFromParameterCheck.h"
#include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h"
@@ -137,6 +138,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-inaccurate-erase");
CheckFactories.registerCheck(
"bugprone-incorrect-enable-if");
+CheckFactories.registerCheck(
+"bugprone-return-const-ref-from-parameter");
CheckFactories.registerCheck(
"bugprone-switch-missing-default-case");
CheckFactories.registerCheck(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 081ba67efe1538..2d303191f88650 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -26,6 +26,7 @@ add_clang_library(clangTidyBugproneModule
ImplicitWideningOfMultiplicationResultCheck.cpp
InaccurateEraseCheck.cpp
IncorrectEnableIfCheck.cpp
+ ReturnConstRefFromParameterCheck.cpp
SuspiciousStringviewDataUsageCheck.cpp
SwitchMissingDefaultCaseCheck.cpp
IncDecInConditionsCheck.cpp
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
new file mode 100644
index 00..87fc663231496e
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
+ "return const reference parameter cause potential use-after-free "
+
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,34 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
HerrCai0907 wrote:
clang will create `CXXConstructExpr` for object and `ImplicitCastExpr` for
builtin type. just like
```
`-FunctionDecl 0x13d8cf548 col:9 fn 'const S (const S &)'
|-ParmVarDecl 0x13d8cf450 col:21 used a 'const S &'
`-CompoundStmt 0x13d8ee1a0
`-ReturnStmt 0x13d8ee190
`-CXXConstructExpr 0x13d8ee160 'const S':'const S' 'void (const
S &) noexcept'
`-DeclRefExpr 0x13d8cf640 'const S':'const S' lvalue ParmVar
0x13d8cf450 'a' 'const S &'
```
and
```
`-FunctionDecl 0x1410d9ac0 col:11 fn 'const int (const int
&)'
|-ParmVarDecl 0x1410d99f0 col:25 used a 'const int &'
`-CompoundStmt 0x1410d9c00
`-ReturnStmt 0x1410d9bf0
`-ImplicitCastExpr 0x1410d9bd8 'int'
`-DeclRefExpr 0x1410d9bb8 'const int' lvalue ParmVar
0x1410d99f0 'a' 'const int &'
```
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,34 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
SimplyDanny wrote:
Does this need to check that the function's return type is a constant reference
as well? For example, is
```c++
const S fn(const S &a) {
return a;
}
```
without the reference return type okay? The documentation of this check says so:
> Detects return statements that return a constant reference parameter **as
> constant reference**.
As I understand the AUTOSAR rule, it's about pointers or references to
automatic variables returned from a function. So
```c++
int *f(int i) { return &i; }
```
and
```c++
int *g() {
int i = 1;
return &i;
}
```
would be violations of the rule too.
I know that we are not allowed to cite the rules literally, but only checking
constant reference parameters might be too restricted. Or are there other
checks implementing the other cases already? If so, should they be extended
instead of having a new separate check?
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,31 @@ +.. title:: clang-tidy - bugprone-return-const-ref-from-parameter + +bugprone-return-const-ref-from-parameter + + +Detects return statements that return constant reference parameter as constant SimplyDanny wrote: ```suggestion Detects return statements that return a constant reference parameter as constant ``` https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 updated
https://github.com/llvm/llvm-project/pull/89497
>From 91915f68902ade86c0bf8eba643428017ae8bb3c Mon Sep 17 00:00:00 2001
From: Congcong Cai
Date: Sat, 20 Apr 2024 17:58:19 +0800
Subject: [PATCH 1/4] [tidy] add new check
bugprone-return-const-ref-from-parameter
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
---
.../bugprone/BugproneTidyModule.cpp | 3 ++
.../clang-tidy/bugprone/CMakeLists.txt| 1 +
.../ReturnConstRefFromParameterCheck.cpp | 41 +++
.../ReturnConstRefFromParameterCheck.h| 35
clang-tools-extra/docs/ReleaseNotes.rst | 6 +++
.../return-const-ref-from-parameter.rst | 30 ++
.../docs/clang-tidy/checks/list.rst | 9 ++--
.../return-const-ref-from-parameter.cpp | 31 ++
8 files changed, 152 insertions(+), 4 deletions(-)
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
create mode 100644
clang-tools-extra/docs/clang-tidy/checks/bugprone/return-const-ref-from-parameter.rst
create mode 100644
clang-tools-extra/test/clang-tidy/checkers/bugprone/return-const-ref-from-parameter.cpp
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 2931325d8b5798..1b92d2e60cc173 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -54,6 +54,7 @@
#include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h"
+#include "ReturnConstRefFromParameterCheck.h"
#include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h"
@@ -137,6 +138,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-inaccurate-erase");
CheckFactories.registerCheck(
"bugprone-incorrect-enable-if");
+CheckFactories.registerCheck(
+"bugprone-return-const-ref-from-parameter");
CheckFactories.registerCheck(
"bugprone-switch-missing-default-case");
CheckFactories.registerCheck(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 081ba67efe1538..2d303191f88650 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -26,6 +26,7 @@ add_clang_library(clangTidyBugproneModule
ImplicitWideningOfMultiplicationResultCheck.cpp
InaccurateEraseCheck.cpp
IncorrectEnableIfCheck.cpp
+ ReturnConstRefFromParameterCheck.cpp
SuspiciousStringviewDataUsageCheck.cpp
SwitchMissingDefaultCaseCheck.cpp
IncDecInConditionsCheck.cpp
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
new file mode 100644
index 00..87fc663231496e
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
+ "return const reference parameter cause potential use-after-free "
+
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 updated
https://github.com/llvm/llvm-project/pull/89497
>From 91915f68902ade86c0bf8eba643428017ae8bb3c Mon Sep 17 00:00:00 2001
From: Congcong Cai
Date: Sat, 20 Apr 2024 17:58:19 +0800
Subject: [PATCH 1/4] [tidy] add new check
bugprone-return-const-ref-from-parameter
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
---
.../bugprone/BugproneTidyModule.cpp | 3 ++
.../clang-tidy/bugprone/CMakeLists.txt| 1 +
.../ReturnConstRefFromParameterCheck.cpp | 41 +++
.../ReturnConstRefFromParameterCheck.h| 35
clang-tools-extra/docs/ReleaseNotes.rst | 6 +++
.../return-const-ref-from-parameter.rst | 30 ++
.../docs/clang-tidy/checks/list.rst | 9 ++--
.../return-const-ref-from-parameter.cpp | 31 ++
8 files changed, 152 insertions(+), 4 deletions(-)
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
create mode 100644
clang-tools-extra/docs/clang-tidy/checks/bugprone/return-const-ref-from-parameter.rst
create mode 100644
clang-tools-extra/test/clang-tidy/checkers/bugprone/return-const-ref-from-parameter.cpp
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 2931325d8b5798..1b92d2e60cc173 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -54,6 +54,7 @@
#include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h"
+#include "ReturnConstRefFromParameterCheck.h"
#include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h"
@@ -137,6 +138,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-inaccurate-erase");
CheckFactories.registerCheck(
"bugprone-incorrect-enable-if");
+CheckFactories.registerCheck(
+"bugprone-return-const-ref-from-parameter");
CheckFactories.registerCheck(
"bugprone-switch-missing-default-case");
CheckFactories.registerCheck(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 081ba67efe1538..2d303191f88650 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -26,6 +26,7 @@ add_clang_library(clangTidyBugproneModule
ImplicitWideningOfMultiplicationResultCheck.cpp
InaccurateEraseCheck.cpp
IncorrectEnableIfCheck.cpp
+ ReturnConstRefFromParameterCheck.cpp
SuspiciousStringviewDataUsageCheck.cpp
SwitchMissingDefaultCaseCheck.cpp
IncDecInConditionsCheck.cpp
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
new file mode 100644
index 00..87fc663231496e
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
+ "return const reference parameter cause potential use-after-free "
+
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,34 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
+ "return const reference parameter cause potential use-after-free "
+ "when function accepts immediately constructed value.");
5chmidti wrote:
What do you think about `returning a const reference parameter may cause a
use-after-free when the parameter is constructed from a temporary` (`const` vs
`constant` argument in the other thread aside)
I'm not sure if it should be `may` or `will`, because it is only a
use-after-free if the returned value is actually used (FWICT).
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,35 @@
+//===--- ReturnConstRefFromParameterCheck.h - clang-tidy *- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+#define
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Detects the function which returns the const reference from parameter which
+/// causes potential use after free if the caller uses xvalue as argument.
5chmidti wrote:
I think `Detects statements that return constant` should actually be `Detects
return statements that return constant`.
As for consistency: in docs/clang-tidy, there are ~116 const's (minus `const`
in code snippets and check names) where ~50% of them are in ``, and there are
91 constants (although 60 are in `identifier-naming.rst`.
`might cause potential` sounds not right to me, the `might` and `potential`
mean the same thing IMO.
I would suggest: `This might cause use-after-free errors ...` (or with `may`
instead of `might`)
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -112,6 +112,12 @@ New checks Detects error-prone Curiously Recurring Template Pattern usage, when the CRTP can be constructed outside itself and the derived class. +- New :doc:`bugprone-return-const-ref-from-parameter + ` check. + + Detects the function which returns the const reference from parameter which EugeneZelenko wrote: Please synchronize with first statement in documentation. https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,35 @@
+//===--- ReturnConstRefFromParameterCheck.h - clang-tidy *- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+#define
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Detects the function which returns the const reference from parameter which
+/// causes potential use after free if the caller uses xvalue as argument.
SimplyDanny wrote:
My thought was that this is text and "const" is not an English word but
"constant" and `const` is a keyword. On the other hand, "const reference" is a
well known term to C++ people. So in the end, it should be consistent with
existing text in the project. Alternatively, putting the term monospaced as
`const &` would also work I guess.
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -341,9 +342,9 @@ Clang-Tidy Checks :doc:`portability-std-allocator-const `, :doc:`readability-avoid-const-params-in-decls `, "Yes" :doc:`readability-avoid-nested-conditional-operator `, - :doc:`readability-avoid-return-with-void-value `, + :doc:`readability-avoid-return-with-void-value `, "Yes" :doc:`readability-avoid-unconditional-preprocessor-if `, - :doc:`readability-braces-around-statements `, "Yes" HerrCai0907 wrote: Thanks. I split the change and commit in 811ffc049ff914e15116c25ca8db7b8bd9a8e186 https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 updated
https://github.com/llvm/llvm-project/pull/89497
>From 91915f68902ade86c0bf8eba643428017ae8bb3c Mon Sep 17 00:00:00 2001
From: Congcong Cai
Date: Sat, 20 Apr 2024 17:58:19 +0800
Subject: [PATCH 1/3] [tidy] add new check
bugprone-return-const-ref-from-parameter
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
---
.../bugprone/BugproneTidyModule.cpp | 3 ++
.../clang-tidy/bugprone/CMakeLists.txt| 1 +
.../ReturnConstRefFromParameterCheck.cpp | 41 +++
.../ReturnConstRefFromParameterCheck.h| 35
clang-tools-extra/docs/ReleaseNotes.rst | 6 +++
.../return-const-ref-from-parameter.rst | 30 ++
.../docs/clang-tidy/checks/list.rst | 9 ++--
.../return-const-ref-from-parameter.cpp | 31 ++
8 files changed, 152 insertions(+), 4 deletions(-)
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
create mode 100644
clang-tools-extra/docs/clang-tidy/checks/bugprone/return-const-ref-from-parameter.rst
create mode 100644
clang-tools-extra/test/clang-tidy/checkers/bugprone/return-const-ref-from-parameter.cpp
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 2931325d8b5798..1b92d2e60cc173 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -54,6 +54,7 @@
#include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h"
+#include "ReturnConstRefFromParameterCheck.h"
#include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h"
@@ -137,6 +138,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-inaccurate-erase");
CheckFactories.registerCheck(
"bugprone-incorrect-enable-if");
+CheckFactories.registerCheck(
+"bugprone-return-const-ref-from-parameter");
CheckFactories.registerCheck(
"bugprone-switch-missing-default-case");
CheckFactories.registerCheck(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 081ba67efe1538..2d303191f88650 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -26,6 +26,7 @@ add_clang_library(clangTidyBugproneModule
ImplicitWideningOfMultiplicationResultCheck.cpp
InaccurateEraseCheck.cpp
IncorrectEnableIfCheck.cpp
+ ReturnConstRefFromParameterCheck.cpp
SuspiciousStringviewDataUsageCheck.cpp
SwitchMissingDefaultCaseCheck.cpp
IncDecInConditionsCheck.cpp
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
new file mode 100644
index 00..87fc663231496e
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
+ "return const reference parameter cause potential use-after-free "
+
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,35 @@
+//===--- ReturnConstRefFromParameterCheck.h - clang-tidy *- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+#define
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Detects the function which returns the const reference from parameter which
+/// causes potential use after free if the caller uses xvalue as argument.
HerrCai0907 wrote:
looks better.
Could you explain more about why here should use constant reference. const
reference can map to `const &` semantics directly.
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
HerrCai0907 wrote:
Yes, "ret" is bind with ReturnStmt. So the cast should always success.
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -341,9 +342,9 @@ Clang-Tidy Checks :doc:`portability-std-allocator-const `, :doc:`readability-avoid-const-params-in-decls `, "Yes" :doc:`readability-avoid-nested-conditional-operator `, - :doc:`readability-avoid-return-with-void-value `, + :doc:`readability-avoid-return-with-void-value `, "Yes" :doc:`readability-avoid-unconditional-preprocessor-if `, - :doc:`readability-braces-around-statements `, "Yes" SimplyDanny wrote: This should be separate changes. https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
SimplyDanny wrote:
Is it safe to assume that `R` is valid and not `nullptr`?
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
SimplyDanny wrote:
I always wonder where these little methods are supposed to be implemented.
Wondering because the implementation for `isLanguageVersionSupported` is also
in the header file.
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,30 @@ +.. title:: clang-tidy - bugprone-return-const-ref-from-parameter + +bugprone-return-const-ref-from-parameter + + +Detects the function which returns the const reference from parameter which +causes potential use after free if the caller uses xvalue as argument. + +In c++, const reference parameter can accept xvalue which will be destructed +after the call. When the function returns this parameter also as const reference, +then the returned reference can be used after the object it refers to has been +destroyed. SimplyDanny wrote: ```suggestion In C++, constant reference parameters can accept xvalues which will be destructed after the call. When the function returns such a parameter also as constant reference, then the returned reference can be used after the object it refers to has been destroyed. ``` https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,35 @@
+//===--- ReturnConstRefFromParameterCheck.h - clang-tidy *- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#ifndef
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+#define
LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_RETURNCONSTREFFROMPARAMETERCHECK_H
+
+#include "../ClangTidyCheck.h"
+
+namespace clang::tidy::bugprone {
+
+/// Detects the function which returns the const reference from parameter which
+/// causes potential use after free if the caller uses xvalue as argument.
SimplyDanny wrote:
```suggestion
/// Detects statements that return constant reference parameters as constant
/// references. This might cause potential use after free errors if the caller
/// uses xvalues as arguments.
```
https://github.com/llvm/llvm-project/pull/89497
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
@@ -0,0 +1,30 @@ +.. title:: clang-tidy - bugprone-return-const-ref-from-parameter + +bugprone-return-const-ref-from-parameter + + +Detects the function which returns the const reference from parameter which +causes potential use after free if the caller uses xvalue as argument. + +In c++, const reference parameter can accept xvalue which will be destructed EugeneZelenko wrote: ```suggestion In C++, const reference parameter can accept xvalue which will be destructed ``` https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 edited https://github.com/llvm/llvm-project/pull/89497 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
llvmbot wrote:
@llvm/pr-subscribers-clang-tidy
Author: Congcong Cai (HerrCai0907)
Changes
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
---
Full diff: https://github.com/llvm/llvm-project/pull/89497.diff
8 Files Affected:
- (modified) clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp (+3)
- (modified) clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt (+1)
- (added)
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
(+41)
- (added)
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h (+35)
- (modified) clang-tools-extra/docs/ReleaseNotes.rst (+6)
- (added)
clang-tools-extra/docs/clang-tidy/checks/bugprone/return-const-ref-from-parameter.rst
(+30)
- (modified) clang-tools-extra/docs/clang-tidy/checks/list.rst (+5-4)
- (added)
clang-tools-extra/test/clang-tidy/checkers/bugprone/return-const-ref-from-parameter.cpp
(+31)
``diff
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 2931325d8b5798..1b92d2e60cc173 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -54,6 +54,7 @@
#include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h"
+#include "ReturnConstRefFromParameterCheck.h"
#include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h"
@@ -137,6 +138,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-inaccurate-erase");
CheckFactories.registerCheck(
"bugprone-incorrect-enable-if");
+CheckFactories.registerCheck(
+"bugprone-return-const-ref-from-parameter");
CheckFactories.registerCheck(
"bugprone-switch-missing-default-case");
CheckFactories.registerCheck(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 081ba67efe1538..2d303191f88650 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -26,6 +26,7 @@ add_clang_library(clangTidyBugproneModule
ImplicitWideningOfMultiplicationResultCheck.cpp
InaccurateEraseCheck.cpp
IncorrectEnableIfCheck.cpp
+ ReturnConstRefFromParameterCheck.cpp
SuspiciousStringviewDataUsageCheck.cpp
SwitchMissingDefaultCaseCheck.cpp
IncDecInConditionsCheck.cpp
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
new file mode 100644
index 00..87fc663231496e
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr(to(parmVarDecl(hasType(
+ hasCanonicalType(matchers::isReferenceToConst(
+ .bind("ret"),
+ this);
+}
+
+void ReturnConstRefFromParameterCheck::check(
+const MatchFinder::MatchResult &Result) {
+ const auto *R = Result.Nodes.getNodeAs("ret");
+ diag(R->getRetValue()->getBeginLoc(),
+ "return const reference parameter cause potential use-after-free "
+ "when function accepts immediately constructed value.");
+}
+
+} // namespace clang::tidy::bugprone
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
new file mode 100644
index 00..96d02aa2563edf
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bug
[clang-tools-extra] [tidy] add new check bugprone-return-const-ref-from-parameter (PR #89497)
https://github.com/HerrCai0907 created
https://github.com/llvm/llvm-project/pull/89497
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
>From 91915f68902ade86c0bf8eba643428017ae8bb3c Mon Sep 17 00:00:00 2001
From: Congcong Cai
Date: Sat, 20 Apr 2024 17:58:19 +0800
Subject: [PATCH] [tidy] add new check bugprone-return-const-ref-from-parameter
Detects the function which returns the const reference from parameter which
causes potential use after free if the caller uses xvalue as argument.
In c++, const reference parameter can accept xvalue which will be destructed
after the call. When the function returns this parameter also as const
reference,
then the returned reference can be used after the object it refers to has been
destroyed.
Fixes: #85253
---
.../bugprone/BugproneTidyModule.cpp | 3 ++
.../clang-tidy/bugprone/CMakeLists.txt| 1 +
.../ReturnConstRefFromParameterCheck.cpp | 41 +++
.../ReturnConstRefFromParameterCheck.h| 35
clang-tools-extra/docs/ReleaseNotes.rst | 6 +++
.../return-const-ref-from-parameter.rst | 30 ++
.../docs/clang-tidy/checks/list.rst | 9 ++--
.../return-const-ref-from-parameter.cpp | 31 ++
8 files changed, 152 insertions(+), 4 deletions(-)
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
create mode 100644
clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.h
create mode 100644
clang-tools-extra/docs/clang-tidy/checks/bugprone/return-const-ref-from-parameter.rst
create mode 100644
clang-tools-extra/test/clang-tidy/checkers/bugprone/return-const-ref-from-parameter.cpp
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 2931325d8b5798..1b92d2e60cc173 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -54,6 +54,7 @@
#include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h"
+#include "ReturnConstRefFromParameterCheck.h"
#include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h"
@@ -137,6 +138,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-inaccurate-erase");
CheckFactories.registerCheck(
"bugprone-incorrect-enable-if");
+CheckFactories.registerCheck(
+"bugprone-return-const-ref-from-parameter");
CheckFactories.registerCheck(
"bugprone-switch-missing-default-case");
CheckFactories.registerCheck(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index 081ba67efe1538..2d303191f88650 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -26,6 +26,7 @@ add_clang_library(clangTidyBugproneModule
ImplicitWideningOfMultiplicationResultCheck.cpp
InaccurateEraseCheck.cpp
IncorrectEnableIfCheck.cpp
+ ReturnConstRefFromParameterCheck.cpp
SuspiciousStringviewDataUsageCheck.cpp
SwitchMissingDefaultCaseCheck.cpp
IncDecInConditionsCheck.cpp
diff --git
a/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
new file mode 100644
index 00..87fc663231496e
--- /dev/null
+++ b/clang-tools-extra/clang-tidy/bugprone/ReturnConstRefFromParameterCheck.cpp
@@ -0,0 +1,41 @@
+//===--- ReturnConstRefFromParameterCheck.cpp - clang-tidy
===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "ReturnConstRefFromParameterCheck.h"
+#include "../utils/Matchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+std::optional
+ReturnConstRefFromParameterCheck::getCheckTraversalKind() const {
+ // Use 'AsIs' to make sure the return type is exactly the same as the
+ // parameter type.
+ return TK_AsIs;
+}
+
+void ReturnConstRefFromParameterCheck::registerMatchers(MatchFinder *Finder) {
+ Finder->addMatcher(
+ returnStmt(hasReturnValue(declRefExpr
