This is an archive of the discontinued LLVM Phabricator instance.

Differential D10425

Warn, if parameter is used in ctor body after being used for move-construct
Needs ReviewPublic

Authored by ismailp on Jun 12 2015, 3:53 PM.

Details

Reviewers
dblaikie
rsmith
Summary

If a member of type unique_ptr or shared_ptr is move-constructed from
a parameter in ctor-init, the parameter will be left with nullptr at
the completion of member's initialization. If the parameter's and
member's names are the same, use of member's name in the constructor
body will not refer to the member, but to the parameter.

#include <memory>
struct X {
  int v;
  X() : v() { }
  int f() { return v + 42; }
};

struct Y {
  std::unique_ptr<X> p;
  int x;
  explicit Y(std::unique_ptr<X> p)
    : p{std::move(p)} {
    x = p->f();  // 'p' is nullptr
    decltype(p->f()) v = x; // ignore unevaluated context
  }
  int f() const { return x; }
};

int main() {
  std::unique_ptr<X> p(new X);
  Y y(std::move(p));
  return y.f();
}

Diff Detail

Event Timeline

ismailp updated this revision to Diff 27614.Jun 12 2015, 3:53 PM
ismailp retitled this revision from to Warn, if parameter is used in ctor body after being used for move-construct.
ismailp updated this object.
ismailp edited the test plan for this revision. (Show Details)
ismailp added reviewers: rsmith, dblaikie.
ismailp added a subscriber: Unknown Object (MLST).
dblaikie edited edge metadata.Jun 25 2015, 10:26 AM

A few thoughts - but probably having some review by rtreiu would be good. He's more involved in the diagnostic development than I am.

Have you run this over any substantial existing codebase to see what the stats are like (true/false positives, etc)?

The other issue is that, of course, we'd like a much more general version of this warning but it's unclear how much work that'll be and what the right tradeoff is for compile time. Some common analysis might be shared between a bunch of such warnings - we already have "sometimes-uninitialized" which is a CFG diagnostic that could be useful (treat moved-from as the uninitialized state and do the same analysis).

lib/Sema/SemaDecl.cpp
10694

I'm not sure how much of an efficiency concern there is doing a generic RAV here, rather than something more targeted. I mean I suppose in general the std::move could happen in any subexpression of an init - but I assume the case you're trying to catch here is just the one where the name of the parameter and variable are the same (or very similar - like foo_ and foo, etc) and the user accidentally uses the parameter instead of the variable they moved-in-to?

10783

I forget, is CPlusPlus11 true in modes greater than 11? (so we still get the warning in 14, etc?)

test/SemaCXX/rval-references.cpp
95

This test case seems a bit long/verbose - you probably don't need to reproduce a substantial amount of this template machinery to reproduce the warning (a trivial movable type rather than a copy of a substantial amount of unique_ptr would suffice, for example - and there's no need for the extra type traits (remove_ref, etc) work in the faux-move implementation, etc)

dblaikie added a comment.Jun 25 2015, 11:46 AM

+rtrieu

ismailp added a comment.Jul 12 2015, 4:51 AM
In D10425#194696, @dblaikie wrote:

A few thoughts - but probably having some review by rtreiu would be good. He's more involved in the diagnostic development than I am.

Have you run this over any substantial existing codebase to see what the stats are like (true/false positives, etc)?

No, I haven't, but I heard Google has a large C++11 codebase :) I saw this bug in clang's source code (I didn't submit patch for it yet, can do it in a few days).

The other issue is that, of course, we'd like a much more general version of this warning but it's unclear how much work that'll be and what the right tradeoff is for compile time. Some common analysis might be shared between a bunch of such warnings - we already have "sometimes-uninitialized" which is a CFG diagnostic that could be useful (treat moved-from as the uninitialized state and do the same analysis).

I'll take a look at that and see whether this analysis can be merged into sometimes-uninitialized.

lib/Sema/SemaDecl.cpp
10694

Yes, this patch is trying to find such accidental uses of parameters in constructor body. I chose constructor, because it's more likely to happen there. It's not deciding based on edit distance -- which sounds like a good idea -- but an exact match. Because it looks like a genuine bug (assuming parameter isn't assigned-to a sensible value again). In fact, whether parameter and member have the same name doesn't matter, if parameter is used after move. But I focused on the case where parameter and member both have the same name, because it's harder to see by looking at the code.

10783

Yes, CPlusPlus14 sets CPlusPlus11.

test/SemaCXX/rval-references.cpp
95

Yes, I hated that, too! I've had bigger plans; if it can't move-from but copy-from, then it should be fine! It's not applicable to unique_ptr, but for other types. These tests will change more to address a few more issues.

ismailp mentioned this in D12119: Analyzer: Fix a crasher in UbigraphViz.Aug 18 2015, 3:52 PM

Revision Contents

PathSize
include/
clang/
Basic/
4 lines
4 lines
lib/
Sema/
113 lines
test/
SemaCXX/
79 lines

Diff 27614

include/clang/Basic/DiagnosticGroups.td

Show First 20 LinesShow All 301 Lines▼ Show 20 Lines
def ReturnStackAddress : DiagGroup<"return-stack-address">; def ReturnStackAddress : DiagGroup<"return-stack-address">;
def ReturnTypeCLinkage : DiagGroup<"return-type-c-linkage">; def ReturnTypeCLinkage : DiagGroup<"return-type-c-linkage">;
def ReturnType : DiagGroup<"return-type", [ReturnTypeCLinkage]>; def ReturnType : DiagGroup<"return-type", [ReturnTypeCLinkage]>;
def BindToTemporaryCopy : DiagGroup<"bind-to-temporary-copy", def BindToTemporaryCopy : DiagGroup<"bind-to-temporary-copy",
[CXX98CompatBindToTemporaryCopy]>; [CXX98CompatBindToTemporaryCopy]>;
def SelfAssignmentField : DiagGroup<"self-assign-field">; def SelfAssignmentField : DiagGroup<"self-assign-field">;
def SelfAssignment : DiagGroup<"self-assign", [SelfAssignmentField]>; def SelfAssignment : DiagGroup<"self-assign", [SelfAssignmentField]>;
def SelfMove : DiagGroup<"self-move">; def SelfMove : DiagGroup<"self-move">;
def UseOfMovedParameter : DiagGroup<"use-of-moved-parameter">;
def SemiBeforeMethodBody : DiagGroup<"semicolon-before-method-body">; def SemiBeforeMethodBody : DiagGroup<"semicolon-before-method-body">;
def Sentinel : DiagGroup<"sentinel">; def Sentinel : DiagGroup<"sentinel">;
def MissingMethodReturnType : DiagGroup<"missing-method-return-type">; def MissingMethodReturnType : DiagGroup<"missing-method-return-type">;
def Shadow : DiagGroup<"shadow">; def Shadow : DiagGroup<"shadow">;
def Shorten64To32 : DiagGroup<"shorten-64-to-32">; def Shorten64To32 : DiagGroup<"shorten-64-to-32">;
def : DiagGroup<"sign-promo">; def : DiagGroup<"sign-promo">;
def SignCompare : DiagGroup<"sign-compare">; def SignCompare : DiagGroup<"sign-compare">;
def : DiagGroup<"stack-protector">; def : DiagGroup<"stack-protector">;
▲ Show 20 LinesShow All 257 Lines▼ Show 20 Linesdef Format2 : DiagGroup<"format=2",
[FormatNonLiteral, FormatSecurity, FormatY2K]>; [FormatNonLiteral, FormatSecurity, FormatY2K]>;
def TypeSafety : DiagGroup<"type-safety">; def TypeSafety : DiagGroup<"type-safety">;
def IntToVoidPointerCast : DiagGroup<"int-to-void-pointer-cast">; def IntToVoidPointerCast : DiagGroup<"int-to-void-pointer-cast">;
def IntToPointerCast : DiagGroup<"int-to-pointer-cast", def IntToPointerCast : DiagGroup<"int-to-pointer-cast",
[IntToVoidPointerCast]>; [IntToVoidPointerCast]>;
def Move : DiagGroup<"move", [PessimizingMove, RedundantMove, SelfMove]>; def Move : DiagGroup<"move", [PessimizingMove, RedundantMove, SelfMove,
UseOfMovedParameter]>;
def Extra : DiagGroup<"extra", [ def Extra : DiagGroup<"extra", [
MissingFieldInitializers, MissingFieldInitializers,
IgnoredQualifiers, IgnoredQualifiers,
InitializerOverrides, InitializerOverrides,
SemiBeforeMethodBody, SemiBeforeMethodBody,
MissingMethodReturnType, MissingMethodReturnType,
SignCompare, SignCompare,
▲ Show 20 LinesShow All 182 LinesShow Last 20 Lines

include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,788 Lines▼ Show 20 Linesdef warn_redundant_move_on_return : Warning<
InGroup<RedundantMove>, DefaultIgnore; InGroup<RedundantMove>, DefaultIgnore;
def warn_pessimizing_move_on_return : Warning< def warn_pessimizing_move_on_return : Warning<
"moving a local object in a return statement prevents copy elision">, "moving a local object in a return statement prevents copy elision">,
InGroup<PessimizingMove>, DefaultIgnore; InGroup<PessimizingMove>, DefaultIgnore;
def warn_pessimizing_move_on_initialization : Warning< def warn_pessimizing_move_on_initialization : Warning<
"moving a temporary object prevents copy elision">, "moving a temporary object prevents copy elision">,
InGroup<PessimizingMove>, DefaultIgnore; InGroup<PessimizingMove>, DefaultIgnore;
def note_remove_move : Note<"remove std::move call here">; def note_remove_move : Note<"remove std::move call here">;
def warn_move_from_param_to_member : Warning<
"parameter '%0' owns nullptr, because it has been moved into member "
"'%0' ; did you mean 'this->%0'?">, InGroup<UseOfMovedParameter>;
def note_moved_from_here : Note<"parameter '%0' moved into member '%0' here">;
def warn_string_plus_int : Warning< def warn_string_plus_int : Warning<
"adding %0 to a string does not append to the string">, "adding %0 to a string does not append to the string">,
InGroup<StringPlusInt>; InGroup<StringPlusInt>;
def warn_string_plus_char : Warning< def warn_string_plus_char : Warning<
"adding %0 to a string pointer does not append to the string">, "adding %0 to a string pointer does not append to the string">,
InGroup<StringPlusChar>; InGroup<StringPlusChar>;
def note_string_plus_scalar_silence : Note< def note_string_plus_scalar_silence : Note<
▲ Show 20 LinesShow All 2,867 LinesShow Last 20 Lines

lib/Sema/SemaDecl.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 10,596 Lines▼ Show 20 Lines else if (ObjCMethodDecl *MD = dyn_cast_or_null<ObjCMethodDecl>(Decl))
MD->setHasSkippedBody(); MD->setHasSkippedBody();
return ActOnFinishFunctionBody(Decl, nullptr); return ActOnFinishFunctionBody(Decl, nullptr);
} }
Decl *Sema::ActOnFinishFunctionBody(Decl *D, Stmt *BodyArg) { Decl *Sema::ActOnFinishFunctionBody(Decl *D, Stmt *BodyArg) {
return ActOnFinishFunctionBody(D, BodyArg, false); return ActOnFinishFunctionBody(D, BodyArg, false);
} }
namespace {
class FindUsesOfParamsMovedFrom
: public EvaluatedExprVisitor<FindUsesOfParamsMovedFrom> {
const ParmVarDecl *Param;
llvm::SmallVector<SourceRange, 4> &UseRanges;
using Inherited = EvaluatedExprVisitor<FindUsesOfParamsMovedFrom>;
public:
FindUsesOfParamsMovedFrom(ASTContext &Context, const ParmVarDecl *Param,
llvm::SmallVector<SourceRange, 4> &UseRanges)
: Inherited(Context), Param(Param), UseRanges(UseRanges) {}
void VisitCallExpr(CallExpr *CE) {
if (CXXOperatorCallExpr *OCE = dyn_cast<CXXOperatorCallExpr>(CE))
// We care about operator-> of smart pointers
// Check that thr first arg is Param!
if (OCE->getOperator() != OO_Arrow) {
return;
}
for (auto *Arg : CE->arguments()) {
if (DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Arg->IgnoreCasts()))
if (dyn_cast<ParmVarDecl>(DRE->getDecl()) == Param) {
UseRanges.push_back(CE->getSourceRange());
return;
}
}
Inherited::VisitCallExpr(CE);
}
};
class FieldInitMovedFromParamVisitor
: public EvaluatedExprVisitor<FieldInitMovedFromParamVisitor> {
ParmVarDecl *Param;
StringRef FieldName;
static bool IsCXX11MovableSmartPtrType(QualType T) {
CXXRecordDecl *RD = T->getAsCXXRecordDecl();
if (!RD)
return false;
if (!RD->isInStdNamespace())
return false;
StringRef Name = RD->getName();
return Name == "shared_ptr" || Name == "unique_ptr";
}
bool CheckMovedFromParam(Expr *E) {
if (DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(E)) {
if (ParmVarDecl *PVD = dyn_cast<ParmVarDecl>(DRE->getDecl())) {
if (PVD->getName() == FieldName &&
IsCXX11MovableSmartPtrType(PVD->getType())) {
Param = PVD;
return true;
}
}
}
return false;
}
public:
typedef EvaluatedExprVisitor<FieldInitMovedFromParamVisitor> Inherited;
FieldInitMovedFromParamVisitor(ASTContext &Context, StringRef FieldName)
: Inherited(Context), Param(nullptr), FieldName(FieldName) {}
void VisitCallExpr(CallExpr *E) {
if (E->getNumArgs() == 1) {
if (FunctionDecl *FD = E->getDirectCallee()) {
if (FD->isInStdNamespace() && FD->getIdentifier() &&
FD->getIdentifier()->isStr("move") &&
CheckMovedFromParam(E->getArg(0)))
return;
}
}
Inherited::VisitCallExpr(E);
}
ParmVarDecl *getParam() { return Param; }
};
}
static void DiagnoseUseOfMovedParams(Sema &SemaRef, const FunctionDecl *FD) {
// FIXME: This is limited to ctors for now
const CXXConstructorDecl *CD = dyn_cast<CXXConstructorDecl>(FD);
if (!CD)
return;
llvm::SmallVector<std::pair<ParmVarDecl *, SourceRange>, 4> ParamsAndMoveLoc;
for (const auto *FieldInit : CD->inits()) {
FieldDecl *FD = FieldInit->getAnyMember();
if (!FD)
continue;
Expr *E = FieldInit->getInit();
if (!E)
continue;
FieldInitMovedFromParamVisitor V(FD->getASTContext(), FD->getName());
V.Visit(E);
dblaikieUnsubmitted
Not Done
ReplyInline Actions

I'm not sure how much of an efficiency concern there is doing a generic RAV here, rather than something more targeted. I mean I suppose in general the std::move could happen in any subexpression of an init - but I assume the case you're trying to catch here is just the one where the name of the parameter and variable are the same (or very similar - like foo_ and foo, etc) and the user accidentally uses the parameter instead of the variable they moved-in-to?

dblaikie: I'm not sure how much of an efficiency concern there is doing a generic RAV here, rather than…
ismailpAuthorUnsubmitted
Not Done
ReplyInline Actions

Yes, this patch is trying to find such accidental uses of parameters in constructor body. I chose constructor, because it's more likely to happen there. It's not deciding based on edit distance -- which sounds like a good idea -- but an exact match. Because it looks like a genuine bug (assuming parameter isn't assigned-to a sensible value again). In fact, whether parameter and member have the same name doesn't matter, if parameter is used after move. But I focused on the case where parameter and member both have the same name, because it's harder to see by looking at the code.

ismailp: Yes, this patch is trying to find such accidental uses of parameters in constructor body. I…
if (ParmVarDecl *P = V.getParam())
ParamsAndMoveLoc.push_back(std::make_pair(P, E->getSourceRange()));
}
for (const auto &Pair : ParamsAndMoveLoc) {
llvm::SmallVector<SourceRange, 4> UseRanges;
FindUsesOfParamsMovedFrom Vis(CD->getASTContext(), Pair.first, UseRanges);
Vis.Visit(CD->getBody());
for (const SourceRange &UseRange : UseRanges) {
SourceLocation Loc = UseRange.getBegin();
StringRef Name = Pair.first->getName();
SemaRef.Diag(Loc, diag::warn_move_from_param_to_member)
<< Name << UseRange << FixItHint::CreateInsertion(Loc, "this->");
SemaRef.Diag(Pair.second.getBegin(), diag::note_moved_from_here)
<< Name << Pair.second;
}
}
}
Decl *Sema::ActOnFinishFunctionBody(Decl *dcl, Stmt *Body, Decl *Sema::ActOnFinishFunctionBody(Decl *dcl, Stmt *Body,
bool IsInstantiation) { bool IsInstantiation) {
FunctionDecl *FD = dcl ? dcl->getAsFunction() : nullptr; FunctionDecl *FD = dcl ? dcl->getAsFunction() : nullptr;
sema::AnalysisBasedWarnings::Policy WP = AnalysisWarnings.getDefaultPolicy(); sema::AnalysisBasedWarnings::Policy WP = AnalysisWarnings.getDefaultPolicy();
sema::AnalysisBasedWarnings::Policy *ActivePolicy = nullptr; sema::AnalysisBasedWarnings::Policy *ActivePolicy = nullptr;
if (FD) { if (FD) {
▲ Show 20 LinesShow All 52 Lines▼ Show 20 Lines if (FD) {
// MSVC permits the use of pure specifier (=0) on function definition, // MSVC permits the use of pure specifier (=0) on function definition,
// defined at class scope, warn about this non-standard construct. // defined at class scope, warn about this non-standard construct.
if (getLangOpts().MicrosoftExt && FD->isPure() && FD->isCanonicalDecl()) if (getLangOpts().MicrosoftExt && FD->isPure() && FD->isCanonicalDecl())
Diag(FD->getLocation(), diag::ext_pure_function_definition); Diag(FD->getLocation(), diag::ext_pure_function_definition);
if (!FD->isInvalidDecl()) { if (!FD->isInvalidDecl()) {
// Don't diagnose unused parameters of defaulted or deleted functions. // Don't diagnose unused parameters of defaulted or deleted functions.
if (!FD->isDeleted() && !FD->isDefaulted()) if (!FD->isDeleted() && !FD->isDefaulted()) {
DiagnoseUnusedParameters(FD->param_begin(), FD->param_end()); DiagnoseUnusedParameters(FD->param_begin(), FD->param_end());
if (getLangOpts().CPlusPlus11)
dblaikieUnsubmitted
Not Done
ReplyInline Actions

I forget, is CPlusPlus11 true in modes greater than 11? (so we still get the warning in 14, etc?)

dblaikie: I forget, is CPlusPlus11 true in modes greater than 11? (so we still get the warning in 14, etc?
ismailpAuthorUnsubmitted
Not Done
ReplyInline Actions

Yes, CPlusPlus14 sets CPlusPlus11.

ismailp: Yes, CPlusPlus14 sets CPlusPlus11.
DiagnoseUseOfMovedParams(*this, FD);
}
DiagnoseSizeOfParametersAndReturnValue(FD->param_begin(), FD->param_end(), DiagnoseSizeOfParametersAndReturnValue(FD->param_begin(), FD->param_end(),
FD->getReturnType(), FD); FD->getReturnType(), FD);
// If this is a structor, we need a vtable. // If this is a structor, we need a vtable.
if (CXXConstructorDecl *Constructor = dyn_cast<CXXConstructorDecl>(FD)) if (CXXConstructorDecl *Constructor = dyn_cast<CXXConstructorDecl>(FD))
MarkVTableUsed(FD->getLocation(), Constructor->getParent()); MarkVTableUsed(FD->getLocation(), Constructor->getParent());
else if (CXXDestructorDecl *Destructor = dyn_cast<CXXDestructorDecl>(FD)) else if (CXXDestructorDecl *Destructor = dyn_cast<CXXDestructorDecl>(FD))
MarkVTableUsed(FD->getLocation(), Destructor->getParent()); MarkVTableUsed(FD->getLocation(), Destructor->getParent());
▲ Show 20 LinesShow All 3,616 LinesShow Last 20 Lines

test/SemaCXX/rval-references.cpp

Show First 20 LinesShow All 86 Lines▼ Show 20 Lines if (0) // Copy from global can't be elided
return gmo; // expected-error {{call to deleted constructor}} return gmo; // expected-error {{call to deleted constructor}}
else if (0) // Copy from local static can't be elided else if (0) // Copy from local static can't be elided
return mo; // expected-error {{call to deleted constructor}} return mo; // expected-error {{call to deleted constructor}}
else if (0) // Copy from reference can't be elided else if (0) // Copy from reference can't be elided
return r; // expected-error {{call to deleted constructor}} return r; // expected-error {{call to deleted constructor}}
else // Construction from different type can't be elided else // Construction from different type can't be elided
return i; // expected-error {{no viable conversion from 'int' to 'MoveOnly'}} return i; // expected-error {{no viable conversion from 'int' to 'MoveOnly'}}
} }
dblaikieUnsubmitted
Not Done
ReplyInline Actions

This test case seems a bit long/verbose - you probably don't need to reproduce a substantial amount of this template machinery to reproduce the warning (a trivial movable type rather than a copy of a substantial amount of unique_ptr would suffice, for example - and there's no need for the extra type traits (remove_ref, etc) work in the faux-move implementation, etc)

dblaikie: This test case seems a bit long/verbose - you probably don't need to reproduce a substantial…
ismailpAuthorUnsubmitted
Not Done
ReplyInline Actions

Yes, I hated that, too! I've had bigger plans; if it can't move-from but copy-from, then it should be fine! It's not applicable to unique_ptr, but for other types. These tests will change more to address a few more issues.

ismailp: Yes, I hated that, too! I've had bigger plans; if it can't move-from but copy-from, then it…
namespace std {
template <class T>
struct remove_reference { typedef T type; };
template <class T>
struct remove_reference<T &> { typedef T type; };
template <class T>
struct remove_reference<T &&> { typedef T type; };
template <typename T>
typename remove_reference<T>::type &&move(T &&arg) {
return static_cast<typename remove_reference<T>::type &&>(arg);
}
template <typename T>
class unique_ptr {
T *p;
public:
unique_ptr() : p(nullptr) {}
unique_ptr(T *p) : p(std::move(p)) {}
unique_ptr(unique_ptr &&other) : p(other.release()) {}
T *release() {
T *tmp = p;
p = nullptr;
return tmp;
}
T *get() const { return p; }
T *operator->() const { return get(); }
};
}
namespace ParmMovedFromWarning {
struct X {
int v;
X() : v(0) {}
int f() {
v += 42;
return v;
}
};
int f(std::unique_ptr<X> p) {
return p->f();
}
template <typename T>
T g(T v) {
return v + 42;
}
struct Y {
std::unique_ptr<X> p;
explicit Y(std::unique_ptr<X> p);
};
struct YBraceInit {
std::unique_ptr<X> p;
explicit YBraceInit(std::unique_ptr<X> p)
: p{std::move(p)} { }
};
Y::Y(std::unique_ptr<X> p)
: p(std::move(p)) { // expected-note 3{{here}}
p->f(); // expected-warning {{moved into member}}
f(std::move(p)); // expected-warning {{moved into member}}
p->v = 42; // expected-warning {{moved into member}}
g<decltype(p->f())>(decltype(p->v){});
decltype(p->f()) k = 0;
decltype(f(std::move(p))) j = 0;
}
void gain() {
std::unique_ptr<X> p(new X);
Y y(std::move(p));
}
}