Holds if e is a fully-converted expression that evaluates to a non-const
address derived from the address of va and is stored in a variable or
passed across functions. This means e is the Expr.getFullyConverted-form
of:
- The right-hand side of an assignment or initialization;
- A function argument or return value;
- The argument to
throw. - An entry in an
AggregateLiteral, including the compiler-generatedClassAggregateLiteralthat initializes aLambdaExpression; or - An expression in an inline assembly statement.
This predicate omits pointers or reference to const types. See
variableAddressEscapesTree for a version of this predicate that includes
those.
If va has reference type, the escape analysis concerns the value pointed
to by the reference rather than the reference itself. The C++ language
offers no way to take the address of a reference, so this predicate will
never produce any results for the reference itself. Callers that are not
interested in the value referred to by references should exclude variable
accesses to reference-typed values.
Import path
import semmle.code.cpp.dataflow.EscapesTreepredicate variableAddressEscapesTreeNonConst(VariableAccess va, Expr e)