Description
Affected rules
A18-5-8
Description
Copy elision allows a call to a copy or move constructor to be omitted in certain cases where it is safe to do so ([class.copy]/31), such as copying/moving from a temporary object or where a copy/move occurs as part of a return from a function and the source is an local scope variable within that function.
Where copy elision applies, the CodeQL C++ extractor appears to remove the implicit copy/move calls. This is problematic because the query for this rule uses the presence of a copy/move constructor to determine whether an object outlives the lifetime of the function, thus causing false positives.
Example
Consider the following example:
std::unique_ptr<C1> Create(const std::string& s) noexcept {
return std::make_unique<C1>(s);
}Without copy elision, we would assume an implicit move/copy constructor call would exist here. However, due to copy elision the constructor call does not exist.
Proposed solution
MakeSharedOrUnique.isAlwaysFreed() should be updated to consider the local data flow to the expression of a return statement as evidence that the heap memory associated with the shared or unique pointer is not freed within this function.