search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
29.01k stars 11.95k forks source link

Analyzer should catch return of local address even when address passed through function #11126

Open llvmbot opened 13 years ago

llvmbot commented 13 years ago
Bugzilla Link 10754
Version trunk
OS Linux
Reporter LLVM Bugzilla Contributor
CC @efriedma-quic,@tkremenek

Extended Description

Take the following code:

int &foo(); long const &nop(long const &l) { return l; } long const returns_temp_missed() { return &nop(foo()); // temp object created } long const returns_temp_caught() { long const &lr = foo(); // temp object created. return &lr; }

Both returns_temp functions optimize to the same code, but clang --analyze only catches the second one.

We've caught two instances of this recently when gcc's DCE pass deleted the initialization of the local variable whose address was returned, and then its -Wuninitialized warning complained, in the calling function, that was used without initialization. Clang should be able to give us a better warning than that.

tkremenek commented 13 years ago

Another case of "we don't do any interprocedural analysis".

More specifically, context-sensitive interprocedural analysis.

efriedma-quic commented 13 years ago

Another case of "we don't do any interprocedural analysis".

llvmbot commented 13 years ago

assigned to @tkremenek