Add LIFETIMEBOUND to CScript where needed #22278

pull MarcoFalke wants to merge 2 commits into bitcoin:master from MarcoFalke:2106-scriptBound changing 2 files +6 −5
  1. MarcoFalke commented at 8:35 PM on June 18, 2021: member

    Without this, stack-use-after-scope can only be detected at runtime with ASan or code review, both of which are expensive.

    Use LIFETIMEBOUND to turn this error into a compile warning.

    See https://releases.llvm.org/12.0.0/tools/clang/docs/AttributeReference.html#lifetimebound

    Example:

    const CScript a{WITH_LOCK(::cs_main, return CScript{} << OP_0 << OP_1)};

    Before: (no warning) After:

    warning: returning reference to local temporary object [-Wreturn-stack-address]
    const CScript a{WITH_LOCK(::cs_main, return CScript{} << OP_0 << OP_1)};
                                                ^~~~~~~~~
./sync.h:276:65: note: expanded from macro 'WITH_LOCK'
#define WITH_LOCK(cs, code) [&]() -> decltype(auto) { LOCK(cs); code; }()
                                                                ^~~~
  2. MarcoFalke added the label Refactoring on Jun 18, 2021
  3. sipa commented at 8:39 PM on June 18, 2021: member

    Interesting, I wouldn't have considered using lifetimebound for those, but it makes sense.

    utACK fabcaf39cd1516923c818b382ee3478b340f3db7.

    My understanding is that this cannot introduce bugs if it compiles with issues, as the attribute only adds warning/errors.

  4. DrahtBot commented at 11:36 PM on June 18, 2021: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    No conflicts as of last run.

  5. DrahtBot cross-referenced this on Jun 19, 2021 from issue Make script interpreter independent from storage type CScript by sipa
  6. bitcoin deleted a comment on Jun 21, 2021
  7. fanquake commented at 3:34 AM on September 2, 2021: member

    @theuni want to take a look here?

  8. sipa commented at 3:43 AM on September 2, 2021: member

    utACK

  9. theuni commented at 6:24 PM on September 2, 2021: member

    Concept ACK/utACK. I guess ideally we'd annotate anywhere we return references to *this or *this.foo?

    I tried switching the return type from decltype(auto) to auto, which works around this problem by allowing copies to be made as a typical return would, but that disables the ability to bind to a legit returned reference. However, it does have the nice side-effect of showing where these annotations would be useful :)

    The one it turned up is ChainstateManager::InitializeChainstate, maybe add an annotation there as well?

  10. MarcoFalke commented at 11:41 AM on September 3, 2021: member

    Concept ACK/utACK. I guess ideally we'd annotate anywhere we return references to *this or *this.foo?

    Correct. I think where foo is a (trivial?) built-in type, the annotation isn't needed because at least clang will figure it out by itself. Though, it shouldn't hurt, so maybe someone writes a clang-tidy script to do the refactor in a follow-up?

    The one it turned up is ChainstateManager::InitializeChainstate, maybe add an annotation there as well?

    Thanks, added a commit. Can be tested with this snippet:

    warning: returning reference to local temporary object [-Wreturn-stack-address]
    CChainState& c1 = WITH_LOCK(::cs_main, return ChainstateManager{}.InitializeChainstate(&mempool));
                                                  ^~~~~~~~~~~~~~~~~~~
./sync.h:276:65: note: expanded from macro 'WITH_LOCK'
#define WITH_LOCK(cs, code) [&]() -> decltype(auto) { LOCK(cs); code; }()
                                                                ^~~~
1 warning generated.
  11. Add LIFETIMEBOUND to CScript where needed fa5c896724
  12. Add LIFETIMEBOUND to InitializeChainstate fa7e6c56f5
  13. MarcoFalke force-pushed on Sep 3, 2021
  14. theuni commented at 4:35 PM on September 3, 2021: member

    utACK fa7e6c56f58678b310898a158053ee9ff8b27fe7.

  15. jonatack commented at 6:13 PM on September 3, 2021: contributor

    Light ACK fa7e6c56f58678b310898a158053ee9ff8b27fe7 debug build with clang 13, reproduced the example compiler warning in the pull description, and briefly looked at clang::lifetimebound support in earlier versions of clang; it is in clang 7 (https://releases.llvm.org/7.0.0/tools/clang/docs/AttributeReference.html#lifetimebound-clang-lifetimebound), did not see references to it in earlier docs

  16. fanquake merged this on Sep 4, 2021
  17. fanquake closed this on Sep 4, 2021
  18. sidhujag referenced this in commit 22ad63e600 on Sep 4, 2021
  19. MarcoFalke deleted the branch on Sep 5, 2021
  20. jonatack cross-referenced this on May 3, 2022 from issue blockstorage: add LIFETIMEBOUND to GetFirstStoredBlock()::start_time by jonatack
  21. MarcoFalke referenced this in commit d17bbc3c48 on May 4, 2022
  22. sidhujag referenced this in commit cedc09f1e9 on May 4, 2022
  23. bitcoin locked this on Sep 5, 2022
Contributors
MarcoFalkesipaDrahtBotfanquaketheunijonatack
Labels
Refactoring
Linked (view graph)
#25060 blockstorage: add LIFETIMEBOUND to GetFirstStoredBlock()::start_time
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:53 UTC