Re: auto QString(Builder) considered VERY HARMFUL -> use clazy, especially before releases
- Date: Fri, 28 Sep 2018 01:03:01 +0200
- From: Albert Astals Cid <aacid@xxxxxxx>
- Subject: Re: auto QString(Builder) considered VERY HARMFUL -> use clazy, especially before releases
El dijous, 27 de setembre de 2018, a les 21:01:13 CEST, Friedrich W. H. Kossebau va escriure:
> Am Donnerstag, 27. September 2018, 20:08:54 CEST schrieb Andreas Hartmetz:
> > Today I fixed the third or so crash in KDE software due to the following
> > pattern:
> > const auto str = someString + anotherString;
> > What happens is that the type of str ends up being QStringBuilder
> > instead of QString. The QStringBuilder is destroyed after the semicolon,
> > and all access to "str" produces undefined behavior.
> The QStringBuilder actually survives as long as str is in scope, but the
> references it potentially takes from someString or anotherString (if e.g. some
> temporary QString object as returned from QStringLiteral or other QString-
> returning methods) will be no longer valid after the scope of the expression
> is left.
> So if str is finally resolved to a real QString, those references are dangling
> and non-funny things happen.
> > While I'm not a particularly big fan of using auto to hide variable
> > types anyway, this kind of usage is just wrong and must be avoided.
> > Please take care.
> Care can be done e.g. by deploying clazy with auto-unexpected-qstringbuilder:
> clazy-standalone \
> -checks=auto-unexpected-qstringbuilder -p <buildroot> <projectroot>
> One would recommend to run clazy over your code at least before releases, to
> catch all kind of potential issues :)
Or since this is a crasher, just run your app and it'll crash?
Or even better, add autotests that exercise the code and they'll crash too?