[CIR][Lifetime] Detect dangling pointers on Owner types

bcardosolopes · bcardosolopes · commit aae6e6682e07 · 2022-10-17T15:21:03.000-07:00
First example now works and we can successfully diagnose a
basic dangling ref to owner type.

- Handle kills for references owners o', but kill(o') not yet implemented,
  should be done together with its own use/test case.
- Make sure invalidating moved-from adds proper state.
- Add testcase.
diff --git a/clang/lib/CIR/Dialect/Transforms/LifetimeCheck.cpp b/clang/lib/CIR/Dialect/Transforms/LifetimeCheck.cpp
@@ -297,18 +297,34 @@ void LifetimeCheckPass::LexicalScopeGuard::cleanup() {
       if (pointee == ptr)
         continue;
 
-      // If the local value is part of this pset, it means
-      // we need to invalidate it, otherwise keep searching.
-      // FIXME: add support for x', x'', etc...
+      // If the local value is part of this pset, it means we need to invalidate
+      // it, otherwise keep searching. Note that this assumes a current pset
+      // cannot have multiple entries for values and owned values at the same
+      // time, for example this should not be possible: pset(s) = {o, o'}.
       auto &pset = mapEntry.second;
-      State valState = State::getLocalValue(pointee);
-      if (!pset.contains(valState))
-        continue;
-
-      // Erase the reference and mark this invalid.
-      // FIXME: add a way to just mutate the state.
-      pset.erase(valState);
-      pset.insert(State::getInvalid());
+      auto killValueInPset = [&](mlir::Value v) {
+        State valState = State::getLocalValue(v);
+        if (pset.contains(valState)) {
+          // Erase the reference and mark this invalid.
+          // FIXME: add a way to just mutate the state.
+          pset.erase(valState);
+          pset.insert(State::getInvalid());
+          return;
+        }
+
+        if (Pass.owners.count(v)) {
+          valState = State::getOwnedBy(v);
+          if (pset.contains(valState)) {
+            pset.erase(valState);
+            pset.insert(State::getInvalid());
+            return;
+          }
+          // TODO: o'', ...
+        }
+      };
+
+      // KILL(x) for a particular pset.
+      killValueInPset(pointee);
       Pass.pmapInvalidHist[ptr] =
           std::make_pair(getEndLocForHist(*Pass.currScope), pointee);
     }
@@ -846,7 +862,10 @@ void LifetimeCheckPass::checkMoveAssignment(CallOp callOp,
   // where we finally materialize it back to the original pointer category.
   // TODO: should CIR ops retain xvalue information somehow?
   getPmap()[dst] = getPmap()[src];
-  getPmap()[src].clear(); // TODO: should we add null to 'src' pset?
+  // TODO: should this be null? or should we swap dst/src pset state?
+  // For now just consider moved-from state as invalid.
+  getPmap()[src].clear();
+  getPmap()[src].insert(State::getInvalid());
 }
 
 // User defined ctors that initialize from owner types is one
diff --git a/clang/test/CIR/Transforms/lifetime-check-owner.cpp b/clang/test/CIR/Transforms/lifetime-check-owner.cpp
@@ -0,0 +1,26 @@
+// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -fclangir-enable -fclangir-lifetime-check="history=all;remarks=all" -clangir-verify-diagnostics -emit-cir %s -o %t.cir
+
+struct [[gsl::Owner(int)]] MyIntOwner {
+  int val;
+  MyIntOwner(int v) : val(v) {}
+  int &operator*();
+};
+
+struct [[gsl::Pointer(int)]] MyIntPointer {
+  int *ptr;
+  MyIntPointer(int *p = nullptr) : ptr(p) {}
+  MyIntPointer(const MyIntOwner &);
+  int &operator*();
+  MyIntOwner toOwner();
+};
+
+void yolo() {
+  MyIntPointer p;
+  {
+    MyIntOwner o(1);
+    p = o;
+    *p = 3; // expected-remark {{pset => { o' }}}
+  }       // expected-note {{pointee 'o' invalidated at end of scope}}
+  *p = 4; // expected-warning {{use of invalid pointer 'p'}}
+  // expected-remark@-1 {{pset => { invalid }}}
+}
