From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id D5C713858C50; Wed, 19 Apr 2023 08:59:45 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D5C713858C50 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1681894785; bh=Mfi6hbUyG6FBbosfUwcZU8T9hhCsfbRrBnm1LnFph5A=; h=From:To:Subject:Date:In-Reply-To:References:From; b=tmUIIUy/PWEOhZkY+KUmupEcf+YJq7KTxd+GOW1fdM68f/eEIBrwNkrUbYVzNp7uy ujBn3JI2C8pPE24yVNbJl/fdGaarm9UbzOljVnlVrzEzkydmCKjMOpDj8xKLtbQEeZ 5WwmoKJq8Bppdd1u2V6hVaxN01WfFod6FXq4k2lk= From: "redi at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/109548] Detect c_str() dangling problems Date: Wed, 19 Apr 2023 08:59:42 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: enhancement X-Bugzilla-Who: redi at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cf_reconfirmed_on bug_status everconfirmed Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109548 Jonathan Wakely changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed| |2023-04-19 Status|UNCONFIRMED |NEW Ever confirmed|0 |1 --- Comment #1 from Jonathan Wakely --- We could special-case std::basic_string::c_str() here but maybe it would be better to add an attribute for describing the lifetime of pointers/referenc= es returned from member functions. We could annotate string::c_str() and string::data() and string::begin() et= c. to indicate that they share the lifetime of *this: [[gnu::lifetime(this)]] const charT* basic_string::c_str() const noexcept; And maybe annotate member functions of view-like types to say that they _do= n't_ share the lifetime of *this: [[gnu::lifetime(!this)]] T* span::data() const noexcept; (!this) is not visually distinct from (this) though, so a different syntax would be better. Maybe lifetime(nullptr) or lifetime(0)? It might not be possible to use lifetime(this) annotations for non-trivial analysis, because of cases like this: std::string s =3D "abc"; auto p =3D s.c_str(); // OK s.clear(); // p now dangles *p; // ERR Without creating a DSL for describing iterator invalidation of members like string::clear() and string::insert() we can probably only use such an attri= bute to allow the front-end to diagnose the simplest cases like foo().c_str() in comment 0.=