Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A18-5-8: Objects with an elided copy/move are falsely reported as not outliving a function #20

Closed
lcartey opened this issue Jul 15, 2022 · 0 comments · Fixed by #596
Closed

A18-5-8: Objects with an elided copy/move are falsely reported as not outliving a function #20

lcartey opened this issue Jul 15, 2022 · 0 comments · Fixed by #596
Assignees
@knewbury01
Labels
Difficulty-Low A false positive or false negative report which is expected to take <1 day effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards

Comments

@lcartey
Copy link
Collaborator

lcartey commented Jul 15, 2022

Affected rules

  • A18-5-8

Description

Copy elision allows a call to a copy or move constructor to be omitted in certain cases where it is safe to do so ([class.copy]/31), such as copying/moving from a temporary object or where a copy/move occurs as part of a return from a function and the source is an local scope variable within that function.

Where copy elision applies, the CodeQL C++ extractor appears to remove the implicit copy/move calls. This is problematic because the query for this rule uses the presence of a copy/move constructor to determine whether an object outlives the lifetime of the function, thus causing false positives.

Example

Consider the following example:

std::unique_ptr<C1> Create(const std::string& s) noexcept {
  return std::make_unique<C1>(s);
}

Without copy elision, we would assume an implicit move/copy constructor call would exist here. However, due to copy elision the constructor call does not exist.

Proposed solution

MakeSharedOrUnique.isAlwaysFreed() should be updated to consider the local data flow to the expression of a return statement as evidence that the heap memory associated with the shared or unique pointer is not freed within this function.
@lcartey lcartey added Difficulty-Low A false positive or false negative report which is expected to take <1 day effort to address Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards false positive/false negative An issue related to observed false positives or false negatives. labels Jul 15, 2022
@lcartey lcartey self-assigned this Aug 12, 2022
@lcartey lcartey mentioned this issue Jan 6, 2023
Open
@knewbury01 knewbury01 self-assigned this May 23, 2024
knewbury01 added a commit to knewbury01/codeql-coding-standards that referenced this issue May 23, 2024
@knewbury01
A18-5-8: address fp report github#20, add return expression flow for …
c2b32b0 
…NRVO elision
@knewbury01 knewbury01 mentioned this issue May 23, 2024
Merged
30 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@knewbury01 knewbury01

Labels
Difficulty-Low A false positive or false negative report which is expected to take <1 day effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards
Projects
Coding Standards Public Development Board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

A18-5-8: address fp report knewbury01/codeql-coding-standards
2 participants
@lcartey @knewbury01