We are working on inserting lifetime markers in the CFG. As described here:
I need advice.
Is the idea that we will add a visitor in RecursiveASTVisitor that is
called when an outofscope marker is seen? Then, could you say a little
about how I can do that? Or should we make something like the
LiveVariables approach or should the checkers parse the
CFG/ExplodedNode and search for these markers?
The attached patch is a proof-of-concept patch that inserts lifetime
markers in the cfg builder and writes debug messages when they are
later seen in the exprengine.
lifetime2.diff (9.62 KB)
Sorry, Daniel...we've been absolutely swamped with Swift stuff. I'm not so sure how the lifetime markers are intended to be used, but it seems to me that for local variables, the lifetime exactly matches the logic for auto destructors. Consequently, it makes sense to me that we could just use the same logic as the logic for inserting destructors, except that instead of a real destructor we'd just insert a dummy CFG element (either your lifetime marker element, or a normal CFGAutomaticObjectDtor but with a no-op bit set).
An advantage of treating lifetime tracking the same as destruction is that it extends (somewhat) naturally to non-auto memory as well: both dynamic allocations and temporaries could be checked in the same way.
What do you think? And what checks are you envisioning with this? Just the dereference-after-lifetime, or is there something else we can do as well?
P.S. I haven't discussed this problem at all with Anna or Ted, at least not recently, so I'm really just trying to work things out "out loud", so to speak. They may have better insights.