Dangling false positive if the the owner is also moved in the initializer. #114201

hokein · 2024-10-30T10:05:34Z

This issue is identified in #112751.

// case1
namespace std {
template<typename T>
struct unique_ptr {
  T &operator*();
  T *get() const [[clang::lifetimebound]];
};
} // namespace std

struct X {
  X(std::unique_ptr<int> up) :
    pointer(up.get()), owner(std::move(up)) {}

  int *pointer;
  std::unique_ptr<int> owner;
};

When we add the clang::lifetimebound annotation to unique_ptr::get(), clang emits a dangling-field warning for the pointer(up.get()) member initializer. This warning is a false positive in this context, as the owner member is moved as part of the initialization, retaining ownership.

Another example occurs in designated-initializer cases:

// case2
struct X {
   int *pointer;
   std::unique_ptr<int> owner;
};

X func(std::unique_ptr<int> up) {
   return {
      .pointer = up.get(),
      .owner = std::move(up)
   };
}

Fixing these false positives is hard because it would require tracking dependencies between expressions, which is beyond the capabilities of the current statement-local analysis.

The text was updated successfully, but these errors were encountered:

hokein · 2024-10-30T10:22:15Z

Interestingly, clang will emit the diagnostic on case 2 even the get() is not annotated with lifetimebound, https://godbolt.org/z/vYeG9Eb3Y.

The GSL analysis implicitly tracks the *this object for some hard-coded GSL owner methods (vector.get()), the case 1 have been filtered out here, but it is just for the GSL code path.

…ber initializer. (#114213) This patch extends the filtering heuristic to apply for the Lifetimebound code path. This will suppress a common false positive: ``` namespace std { template<typename T> struct unique_ptr { T &operator*(); T *get() const [[clang::lifetimebound]]; }; } // namespace std struct X { X(std::unique_ptr<int> up) : pointer(up.get()), owner(std::move(up)) {} int *pointer; std::unique_ptr<int> owner; }; ``` See #114201.

…ber initializer. (llvm#114213) This patch extends the filtering heuristic to apply for the Lifetimebound code path. This will suppress a common false positive: ``` namespace std { template<typename T> struct unique_ptr { T &operator*(); T *get() const [[clang::lifetimebound]]; }; } // namespace std struct X { X(std::unique_ptr<int> up) : pointer(up.get()), owner(std::move(up)) {} int *pointer; std::unique_ptr<int> owner; }; ``` See llvm#114201.

hokein added clang:diagnostics New/improved warning or error message in Clang, but not in clang-tidy or static analyzer clang:memory-safety Issue/FR relating to the lifetime analysis in Clang (-Wdangling, -Wreturn-local-addr) labels Oct 30, 2024

hokein mentioned this issue Oct 30, 2024

[clang] Suppress a dangling false positive when owner is moved in member initializer. #114213

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dangling false positive if the the owner is also moved in the initializer. #114201

Dangling false positive if the the owner is also moved in the initializer. #114201

hokein commented Oct 30, 2024

hokein commented Oct 30, 2024

Dangling false positive if the the owner is also moved in the initializer. #114201

Dangling false positive if the the owner is also moved in the initializer. #114201

Comments

hokein commented Oct 30, 2024

hokein commented Oct 30, 2024