[clang] [LifetimeSafety] Add multi-block support to buildOriginFlowChain (PR #204592)

Sat, 20 Jun 2026 15:36:22 -0700 

suoyuan666 wrote:

> I ran GLM 5.2 on your PR here's a few issues it found that I agree with.
> 
>     1. There's a crash for this kind of code:
> 
> 
> ```c++
> void f() {
>   int* p;
>   while (*p) {
>     int x;
>     p = &x;
>   }
> }
> ```
> 
> I can't say I totally understand why, but I think it is related to the usage 
> of that pointer in the loop condition and it getting reassigned to a local in 
> the body that dies each iteration (perhaps we are missing a block?).

Thanks for the test case!

It looks like I should use `CFGBlock->preds()` to traverse blocks in reverse 
order instead of replying on `PostOrderCFGView`. In the provided example, the 
`UseFact` block (B4) comes before the `IssueFact`/`OriginFlowFact` block (B3) 
in post-order, which explains the incorrect behavior in the current 
implementation.

```txt
==========================================
       Lifetime Analysis Facts:
==========================================
Function: f
  Block B6:
  End of Block
  Block B5:
  End of Block
  Block B4:
    Use (1 (Decl: p, Type : int *), Read)
    Issue (0 (Path: p), ToOrigin: 0 (Expr: DeclRefExpr, Decl: p))
    OriginFlow: 
        Dest: 2 (Expr: ImplicitCastExpr, Type : int *)
        Src:  1 (Decl: p, Type : int *)
    OriginFlow: 
        Dest: 3 (Expr: UnaryOperator, Type : int &)
        Src:  2 (Expr: ImplicitCastExpr, Type : int *)
  End of Block
  Block B3:
    Issue (1 (Path: x), ToOrigin: 4 (Expr: DeclRefExpr, Decl: x))
    OriginFlow: 
        Dest: 5 (Expr: UnaryOperator, Type : int *)
        Src:  4 (Expr: DeclRefExpr, Decl: x)
    Use (1 (Decl: p, Type : int *), Write)
    Issue (2 (Path: p), ToOrigin: 6 (Expr: DeclRefExpr, Decl: p))
    Use (5 (Expr: UnaryOperator, Type : int *), Read)
    OriginFlow: 
        Dest: 1 (Decl: p, Type : int *)
        Src:  5 (Expr: UnaryOperator, Type : int *)
    OriginFlow: 
        Dest: 7 (Expr: BinaryOperator, Type : int *&)
        Src:  6 (Expr: DeclRefExpr, Decl: p)
    OriginFlow: 
        Dest: 8 (Expr: BinaryOperator, Type : int *)
        Src:  1 (Decl: p, Type : int *)
    Expire (x)
  End of Block
  Block B2:
  End of Block
  Block B1:
    Expire (p, Origin: 1 (Decl: p, Type : int *))
  End of Block
  Block B0:
  End of Block
```

https://github.com/llvm/llvm-project/pull/204592
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to