Search code examples
c++c++11undefined-behaviorclang++dangling-pointer

Detect dangling references to temporary


Clang 3.9 extremely reuses memory used by temporaries.

This code is UB (simplified code):

template <class T>
class my_optional
{
public:
    bool has{ false };
    T value;

    const T& get_or_default(const T& def)
    {
        return has ? value : def;
    }
};

void use(const std::string& s)
{
    // ...
}

int main()
{
    my_optional<std::string> m;
    // ...
    const std::string& s = m.get_or_default("default value");
    use(s); // s is dangling if default returned
}

We have tons of code something like above (my_optional is just a simple example to illustrate it).

Because of UB all clang compiler since 3.9 starts to reuse this memory, and it is lawful behavior.

The question is: how to detect such dangling references at compile time or with something like sanitizer at runtime? No clang sanitizer can detect them.

Upd. Please do not answer: "use std::optional". Read carefully: question is NOT about it.
Upd2. Please do not answer: "your code design is bad". Read carefully: question is NOT about code design.


Solution

  • You can detect misuses of this particular API by adding an additional overload:

    const T& get_or_default(T&& rvalue) = delete;
    

    If the argument given to get_or_default is a true rvalue, it will be chosen instead, so compilation will fail.

    As for detecting such errors at runtime, try using Clang's AddressSanitizer with use-after-return (ASAN_OPTIONS=detect_stack_use_after_return=1) and/or use-after-scope (-fsanitize-address-use-after-scope) detection enabled.