Automerge: [LifetimeSafety] Introduce a liveness-based lifetime policy (#159991)

This PR replaces the forward `ExpiredLoansAnalysis` with a backward
`LiveOriginAnalysis` that tracks which origins are live at each program
point, along with confidence levels (Definite or Maybe). The new
approach:

- Tracks liveness of origins rather than expiration of loans
- Uses a backward dataflow analysis to determine which origins are live
at each point.
- Provides more precise confidence levels for use-after-free warnings
and avoids previous false-positives

The `LifetimeChecker` now checks for use-after-free by examining if an
origin is live when a loan expires, rather than checking if a loan is
expired when an origin is used.

More details describing the design flaw in using `ExpiredLoans` is
mentioned in
llvm/llvm-project#156959 (comment)

Fixes: llvm/llvm-project#156959

(With this, we can build LLVM with no false-positives 🎉 )

<details>

<summary>
Benchmark report
</summary>

# Lifetime Analysis Performance Report
> Generated on: 2025-09-24 13:08:03

---

## Test Case: Pointer Cycle in Loop

**Timing Results:**

| N (Input Size) | Total Time | Analysis Time (%) | Fact Generator (%) |
Loan Propagation (%) | Live Origins (%) |

|:---------------|-----------:|------------------:|-------------------:|---------------------:|------------------:|
| 50 | 54.12 ms | 80.80% | 0.00% | 80.42% | 0.00% |
| 75 | 150.22 ms | 91.54% | 0.00% | 91.19% | 0.00% |
| 100 | 317.12 ms | 94.90% | 0.00% | 94.77% | 0.00% |
| 200 | 2.40 s | 98.58% | 0.00% | 98.54% | 0.03% |
| 300 | 9.85 s | 99.25% | 0.00% | 99.24% | 0.01% |

**Complexity Analysis:**

| Analysis Phase    | Complexity O(n<sup>k</sup>) |
|:------------------|:--------------------------|
| Total Analysis    | O(n<sup>3.47</sup> &pm; 0.06) |
| FactGenerator     | (Negligible)              |
| LoanPropagation   | O(n<sup>3.47</sup> &pm; 0.06) |
| LiveOrigins       | (Negligible)              |

---

## Test Case: CFG Merges

**Timing Results:**

| N (Input Size) | Total Time | Analysis Time (%) | Fact Generator (%) |
Loan Propagation (%) | Live Origins (%) |

|:---------------|-----------:|------------------:|-------------------:|---------------------:|------------------:|
| 400 | 105.22 ms | 72.61% | 0.68% | 71.38% | 0.52% |
| 1000 | 610.74 ms | 88.88% | 0.33% | 88.32% | 0.23% |
| 2000 | 2.50 s | 95.32% | 0.21% | 94.99% | 0.11% |
| 5000 | 17.20 s | 98.20% | 0.14% | 98.01% | 0.05% |

**Complexity Analysis:**

| Analysis Phase    | Complexity O(n<sup>k</sup>) |
|:------------------|:--------------------------|
| Total Analysis    | O(n<sup>2.14</sup> &pm; 0.00) |
| FactGenerator     | O(n<sup>1.59</sup> &pm; 0.05) |
| LoanPropagation   | O(n<sup>2.14</sup> &pm; 0.00) |
| LiveOrigins       | O(n<sup>1.19</sup> &pm; 0.04) |

---

## Test Case: Deeply Nested Loops

**Timing Results:**

| N (Input Size) | Total Time | Analysis Time (%) | Fact Generator (%) |
Loan Propagation (%) | Live Origins (%) |

|:---------------|-----------:|------------------:|-------------------:|---------------------:|------------------:|
| 50 | 141.95 ms | 91.14% | 0.00% | 90.99% | 0.00% |
| 100 | 1.09 s | 98.17% | 0.00% | 98.13% | 0.00% |
| 150 | 3.87 s | 99.28% | 0.00% | 99.27% | 0.00% |
| 200 | 9.81 s | 99.61% | 0.00% | 99.60% | 0.00% |

**Complexity Analysis:**

| Analysis Phase    | Complexity O(n<sup>k</sup>) |
|:------------------|:--------------------------|
| Total Analysis    | O(n<sup>3.23</sup> &pm; 0.02) |
| FactGenerator     | (Negligible)              |
| LoanPropagation   | O(n<sup>3.23</sup> &pm; 0.02) |
| LiveOrigins       | (Negligible)              |

---

## Test Case: Switch Fan-out

**Timing Results:**

| N (Input Size) | Total Time | Analysis Time (%) | Fact Generator (%) |
Loan Propagation (%) | Live Origins (%) |

|:---------------|-----------:|------------------:|-------------------:|---------------------:|------------------:|
| 500 | 155.10 ms | 72.03% | 0.47% | 67.49% | 4.06% |
| 1000 | 568.40 ms | 85.60% | 0.24% | 80.53% | 4.83% |
| 2000 | 2.25 s | 93.00% | 0.13% | 86.99% | 5.88% |
| 4000 | 9.06 s | 96.62% | 0.10% | 89.68% | 6.84% |

**Complexity Analysis:**

| Analysis Phase    | Complexity O(n<sup>k</sup>) |
|:------------------|:--------------------------|
| Total Analysis    | O(n<sup>2.07</sup> &pm; 0.01) |
| FactGenerator     | O(n<sup>1.52</sup> &pm; 0.13) |
| LoanPropagation   | O(n<sup>2.06</sup> &pm; 0.01) |
| LiveOrigins       | O(n<sup>2.23</sup> &pm; 0.00) |

---

<details>

Author: usx95

clang/include/clang/Analysis/Analyses/LifetimeSafety.h

@@ -29,12 +29,18 @@
 namespace clang::lifetimes {
 
 /// Enum to track the confidence level of a potential error.
-enum class Confidence {
+enum class Confidence : uint8_t {
   None,
   Maybe,   // Reported as a potential error (-Wlifetime-safety-strict)
   Definite // Reported as a definite error (-Wlifetime-safety-permissive)
 };
 
+enum class LivenessKind : uint8_t {
+  Dead,  // Not alive
+  Maybe, // Live on some path but not all paths (may-be-live)
+  Must   // Live on all paths (must-be-live)
+};
+
 class LifetimeSafetyReporter {
 public:
   LifetimeSafetyReporter() = default;
@@ -55,6 +61,7 @@ class Fact;
 class FactManager;
 class LoanPropagationAnalysis;
 class ExpiredLoansAnalysis;
+class LiveOriginAnalysis;
 struct LifetimeFactory;
 
 /// A generic, type-safe wrapper for an ID, distinguished by its `Tag` type.
@@ -89,6 +96,7 @@ inline llvm::raw_ostream &operator<<(llvm::raw_ostream &OS, OriginID ID) {
 // TODO(opt): Consider using a bitset to represent the set of loans.
 using LoanSet = llvm::ImmutableSet<LoanID>;
 using OriginSet = llvm::ImmutableSet<OriginID>;
+using OriginLoanMap = llvm::ImmutableMap<OriginID, LoanSet>;
 
 /// A `ProgramPoint` identifies a location in the CFG by pointing to a specific
 /// `Fact`. identified by a lifetime-related event (`Fact`).
@@ -110,8 +118,16 @@ class LifetimeSafetyAnalysis {
   /// Returns the set of loans an origin holds at a specific program point.
   LoanSet getLoansAtPoint(OriginID OID, ProgramPoint PP) const;
 
-  /// Returns the set of loans that have expired at a specific program point.
-  std::vector<LoanID> getExpiredLoansAtPoint(ProgramPoint PP) const;
+  /// Returns the set of origins that are live at a specific program point,
+  /// along with the confidence level of their liveness.
+  ///
+  /// An origin is considered live if there are potential future uses of that
+  /// origin after the given program point. The confidence level indicates
+  /// whether the origin is definitely live (Definite) due to being domintated
+  /// by a set of uses or only possibly live (Maybe) only on some but not all
+  /// control flow paths.
+  std::vector<std::pair<OriginID, LivenessKind>>
+  getLiveOriginsAtPoint(ProgramPoint PP) const;
 
   /// Finds the OriginID for a given declaration.
   /// Returns a null optional if not found.
@@ -138,7 +154,7 @@ class LifetimeSafetyAnalysis {
   std::unique_ptr<LifetimeFactory> Factory;
   std::unique_ptr<FactManager> FactMgr;
   std::unique_ptr<LoanPropagationAnalysis> LoanPropagation;
-  std::unique_ptr<ExpiredLoansAnalysis> ExpiredLoans;
+  std::unique_ptr<LiveOriginAnalysis> LiveOrigins;
 };
 } // namespace internal
 } // namespace clang::lifetimes