================
@@ -396,6 +396,131 @@ void loan_from_previous_iteration(MyObj safe, bool
condition) {
} // expected-note {{destroyed here}}
}
+//===----------------------------------------------------------------------===//
+// Basic Definite Use-After-Return (Return-Stack-Address) (-W...permissive)
+// These are cases where the pointer is guaranteed to be dangling at the use
site.
+//===----------------------------------------------------------------------===//
+
+MyObj* simple_return_stack_address(){
+ MyObj s;
+ MyObj* p = &s; // expected-warning {{returning reference to stack allocated
object}}
+ return p; // expected-note {{returned here}}
+}
+
+MyObj* conditional_assign_unconditional_return(MyObj safe, bool c){
+ MyObj s;
+ MyObj* p = &safe;
+ if(c){
+ p = &s; // expected-warning {{returning reference to stack allocated
object}}
+ }
+ return p; // expected-note {{returned here}}
+}
+
+View conditional_assign_both_branches(MyObj safe, bool c){
+
+ MyObj s;
+ View p;
+ if (c) {
+ p = s; // expected-warning {{returning reference to stack allocated
object}}
+ } else {
+ p = safe;
+ }
+ return p; // expected-note {{returned here}}
+
+}
+
+View reassign_safe_to_local(MyObj safe){
+ MyObj local;
+ View p = safe;
+
+ p = local; // expected-warning {{returning reference to stack allocated
object}}
+ return p; // expected-note {{returned here}}
+}
+
+View pointer_chain_to_local(){
+ MyObj local;
+ View p1 = local; // expected-warning {{returning reference to stack
allocated object}}
+
+ View p2 = p1;
+
+ return p2; // expected-note {{returned here}}
+}
+
+View multiple_assign_multiple_return(MyObj safe, bool c1, bool c2){
+ MyObj local1;
+ MyObj local2;
+ View p;
+ if(c1){
+ p = local1; // expected-warning {{returning reference to stack
allocated object}}
+ return p; // expected-note {{returned here}}
+ }
+ else if(c2){
+ p = local2; // expected-warning {{returning reference to stack
allocated object}}
+ return p; // expected-note {{returned here}}
+ }
+ p = safe;
+ return p;
+}
+
+View multiple_assign_single_return(MyObj safe, bool c1, bool c2){
+ MyObj local1;
+ MyObj local2;
+ View p;
+ if(c1){
+ p = local1; // expected-warning {{returning reference to stack
allocated object}}
+ }
+ else if(c2){
+ p = local2; // expected-warning {{returning reference to stack
allocated object}}
+ }
+ else{
+ p = safe;
+ }
+
+ return p; // expected-note 2 {{returned here}}
+}
+
+View direct_return_of_local(){
+ MyObj stack;
+ return stack; // expected-warning {{returning reference to stack
allocated object}}
+ // expected-note@-1 {{returned here}}
+}
+
+MyObj& reference_return_of_local(){
+ MyObj stack;
+ return stack; // expected-warning {{returning reference to stack
allocated object}}
+ // expected-note@-1 {{returned here}}
+ // expected-warning@-2 {{reference to stack memory
associated with local variable 'stack' returned}}
+}
+
+//===----------------------------------------------------------------------===//
+// Use-After-Scope & Use-After-Return (Return-Stack-Address) Combined
+// These are cases where the diagnostic kind is determined by location
+//===----------------------------------------------------------------------===//
+
+MyObj* uaf_before_uar(){
+ MyObj* p;
+ {
+ MyObj local_obj;
+ p = &local_obj; // expected-warning {{object whose reference is captured
does not live long enough}}
+ } // expected-note {{destroyed here}}
+ return p; // expected-note {{later used here}}
+}
+
+MyObj* uar_before_uaf(MyObj safe, bool c){
+ MyObj* p;
+ {
+ MyObj local_obj;
+ p = &local_obj; // expected-warning {{returning reference to stack
allocated object}}
+ if(c){
+ return p; // expected-note {{returned here}}
+ }
+
----------------
kashika0112 wrote:
Done
https://github.com/llvm/llvm-project/pull/165370
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
