================
@@ -559,9 +553,49 @@ class FactGeneratorVisitor : public
ConstStmtVisitor<FactGeneratorVisitor> {
return false;
}
+ void handleAssignment(const Expr *LHSExpr, const Expr *RHSExpr) {
+ // Find the underlying variable declaration for the left-hand side.
+ if (const auto *DRE_LHS =
+ dyn_cast<DeclRefExpr>(LHSExpr->IgnoreParenImpCasts())) {
+ markUseAsWrite(DRE_LHS);
+ if (const auto *VD_LHS = dyn_cast<ValueDecl>(DRE_LHS->getDecl()))
+ if (hasOrigin(VD_LHS->getType()))
+ // We are interested in assignments like `ptr1 = ptr2` or `ptr =
&var`
+ // LHS must be a pointer/reference type that can be an origin.
+ // RHS must also represent an origin (either another pointer/ref or
an
+ // address-of).
+ addAssignOriginFact(*VD_LHS, *RHSExpr);
+ }
+ }
+
+ // A DeclRefExpr is a use of the referenced decl. It is checked for
+ // use-after-free unless it is being written to (e.g. on the left-hand side
+ // of an assignment).
+ void handleUse(const DeclRefExpr *DRE) {
+ const auto *VD = dyn_cast<ValueDecl>(DRE->getDecl());
+ if (VD && hasOrigin(VD->getType())) {
+ OriginID OID = FactMgr.getOriginMgr().get(*VD);
+ UseFact *UF = FactMgr.createFact<UseFact>(OID, DRE);
+ CurrentBlockFacts.push_back(UF);
+ assert(!UseFacts.contains(DRE));
----------------
usx95 wrote:
2 different references to a declaration are given two distinct DRE.
`int a; int b = a + a;` The two `a`s on the RHS would have two different DRE to
the underlying decl.
Since we do not visit same expression twice, we can assume that we have never
seen this usage before.
Does that answer your question ?
https://github.com/llvm/llvm-project/pull/154316
_______________________________________________
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
