[clang-tidy] Check request: detect saving stack addresses beyond their lifetime

[asund]

This seems to be missed by existing stack address check as the address doesn't escape scope of the stack but is preserved between calls using a static variable.

auto f() {
  process stack_array[] = { method1, method2, method3 };
  static *process process_to_use = nullptr;

  if (!process) {
    // some expensive init later...
    process = &stack_array[n];
  }

  if (!process) {
   process->do_processing();  // segfault
  }
}

process_to_use has a stale value when the function is called again. stack_array needs to have static lifetime in this case.

[llvmbot]

@llvm/issue-subscribers-clang-tidy

Author: None (asund)

This seems to be missed by existing stack address check as the address doesn't escape scope of the stack but is preserved between calls using a static variable. ``` auto f() { process stack_array[] = { method1, method2, method3 }; static *process process_to_use = nullptr;

if (!process) {
// some expensive init later...
process = &stack_array[n];
}

if (!process) {
process->do_processing(); // segfault
}
}

process_to_use has a stale value when the function is called again. stack_array needs to have static lifetime in this case.
</details>

[EugeneZelenko]

I thin Clang Static Analyzer is better place for such check.

[chrchr-github]

Should it say process_to_use->do_processing(); in the example?

[chrchr-github]

This compilable example is caught by clang-analyzer-core.StackAddressEscape:

void g() {}
using fp_t = void (*)();
void f() {
  fp_t stack_array[] = { g };
  static fp_t* fp = nullptr;

  if (!fp) {
    fp = &stack_array[0];
  }

  (*fp)();
}

int main() {
    f();
    f();
}

https://godbolt.org/z/oscdKv5Mz

[llvmbot]

@llvm/issue-subscribers-clang-static-analyzer

Author: None (asund)

This seems to be missed by existing stack address check as the address doesn't escape scope of the stack but is preserved between calls using a static variable. ``` auto f() { process stack_array[] = { method1, method2, method3 }; static *process process_to_use = nullptr;

if (!process) {
// some expensive init later...
process = &stack_array[n];
}

if (!process) {
process->do_processing(); // segfault
}
}

process_to_use has a stale value when the function is called again. stack_array needs to have static lifetime in this case.
</details>