or [[gnu::owner]] attribute in -fanalyzer

redi at gcc dot gnu.org via Gcc-bugs Thu, 21 Jul 2022 10:38:31 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106390


            Bug ID: 106390
           Summary: Support gsl::owner<T> and/or [[gnu::owner]] attribute
                    in -fanalyzer
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: redi at gcc dot gnu.org
            Blocks: 97110
  Target Milestone: ---

Check that "owned" resources are freed:

https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#c31-all-resources-acquired-by-a-class-must-be-released-by-the-classs-destructor

This would require the analyzer to recognize the gsl::owner alias and treat it
specially. The definition of gsl::owner is simply a typedef for a raw pointer:

template <class T, class = std::enable_if_t<std::is_pointer<T>::value>>
using owner = T;

(Reference impl at https://github.com/microsoft/GSL but I plan to add a <gsl>
header to libstdc++ too, making use of GCC extensions.)

The point is to permit static analysis to treat that pointer differently to a
non-owning pointer (which just aliases some other object that isn't owned). If
the code just uses T* it's unclear what the semantics of that member are. If it
uses gsl::owner<T*> it's explicit that the class "owns" that pointer and is
directly responsible for deallocating it.

Pointers stored as a gsl::owner must be freed in a destructor, unless ownership
has been transferred to another object via move semantics.

class S {
public:
  S();
  S(S&&);
  ~S() { } // bug! owned resource not freed
private:
  struct Impl;
  gsl::owner<Impl*> m_pimpl;
};

A more general solution would be a new [[gnu::owner]] attribute that can be
added to any data member to say it owns a resource. So the following would be
equivalent to the example above:

class S {
public:
  S();
  S(S&&);
  ~S() { } // bug! owned resource not freed
private:
  struct Impl;
  [[gnu::owner]] Impl* m_pimpl;
};

This attribute would be extensible to non-pointer types such as file
descriptors and other resources where ownership is transferred by move
constructors and freed by destructors etc.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97110
[Bug 97110] [meta-bug] tracker bug for supporting C++ in -fanalyzer

[Bug analyzer/106390] New: Support gsl::owner and/or [[gnu::owner]] attribute in -fanalyzer

Reply via email to