benedekaibas wrote: In [6d6a21d](https://github.com/llvm/llvm-project/pull/200145/commits/6d6a21dfeea40933ee1722d3e3414e43e07aff76) I have implemented the `checkLifetimeEnd` and `checkLocation` callbacks. First I tried to only use `checkLifetimeEnd` to catch the out-of-scope dangling pointer dereferences cases (implementatation here: https://github.com/benedekaibas/llvm-project/commit/1e780d08cdca36eca738f57c610142bb8a4ae343). As of my understanding on the `CFG::LifetimeEnds` the implementation currently does not differentiate between inner scope and outer scope in a function. Since the `StackFrame` just represents the function currently it is not possible to differentiate between the scopes. That is why just `checkLifetimeEnd` failed on the lit test even though catching this bug (https://godbolt.org/z/xbKa54xed). That is why I have decided to create a set for the dead sources and record the died variables from `checkLifetimeEnd` in that set. Then in the `checkLocation` I can emit the warning if the bound source is in the dead source set.
I think if we would make the change in the `CFG::LifetimeEnds` to differentiate between inner and outer scope that would lead to easier detection in the checker. I'd like to experiment with it over the weekend and see if my concept is actually correct. If yes then `checkLocation` would not need to check if the bound source is in the dead set since in `checkLifetimeEnd` I would be able to differentiate between the scopes and only emit the warning if the variable inside the given function is actually the source and not just a variable that is not a recorded source of any bindings. https://github.com/llvm/llvm-project/pull/200145 _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
