<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/99628>99628</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [analyzer] CDM::CXXMethod mode CallDescription matching causes serious regressions and FNs
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang:static analyzer
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          steakhal
      </td>
    </tr>
</table>

<pre>
    Turns out the recent (#90974) `CallDescription` matching improvements can cause regressions when using standard library implementations where method we want to match comes from an implementation specific base class, such as in this example:
https://compiler-explorer.com/z/ErMbhxfPv
```c++
unsigned int sleep(unsigned int seconds);
namespace std {
class __mutex_base {
public:
  void lock();
};
class mutex : public __mutex_base{
public:
  void unlock();
  bool try_lock();
};
}

void top() {
  std::mutex m;
 m.lock();
  sleep(3); // caught by clang-18, FN for clang-19
 m.unlock();
}
```

In this case, the `BlockInCriticalSectionChecker` wants to match the `std::mutex::lock` and `std::mutex::unlock` member functions using the `CDM::CXXMethod` matching mode. However, one could only match the `lock` by `std::__mutex_base::lock`, causing a mismatch.

This issue is more generic and not entirely specific to this checker. I expect similar bugs to happen for any other checker using `CDM::CXXMethod`.

If we don't do about this, we are going to have a serious regression in the clang-19 release.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyEVU9v47gP_TTKhWjgyKkTH3xok1_w66GDBXYOcytomY61lSVDlNNkPv1Ccv40sx0MYCSKYj4-Pj1SyKz3lqgSj8_icTvDMXTOVxwI3zs0s9o1p-r76C2DGwOEjsCTIhtAyLWQeZmVq6WQJYgi26AxW2Ll9RC0s6LIoMegOm33oPvBuwP1ZAODQgsKR45Ye0_M2lmGj44sjBzf5oC2Qd-A0bVHf4rhJgVjuLzrCXoKnWvgg-ADbYDgpnygXE8MrXc9oP0lFnggpVutoEYmUAaZhdwAj6oDZNAWQqcZ6IgxTuRPItuK7KkLYeD4S-6E3CnXD9qQf6DjYJwnP1euF3L3U8jd__xr3R3bvw5ToCiy6VFCPscn7Y426d6AtgHYEA1Cru83STnbsJClyM9BFnviARUBhwbE6rydaoC3t34MdHxLZV3_G8baaHWtAuDgdAPGqfd0fjdssdpe1xNgggORP8EEcpfhDwlG-0UKgNo5A8Gf3v5AIK6nRfpMkMENU8StOIg6xNT500S2v-Xq518yuEidT9swHWd0474LUJ-iIez-YbGOnth9g9b5y1Z5Rf6yuhvny4F_LuHlbCsVtZOb1EiiyJ4j0IvdeB20QvM3qejRTUfqnXxsoGhsvjn7HHZf9rRMlIoM0Da_e-XMO_Yl9TV5aEerpoaa-u4Mv9m-TgGbHz9eU4_d9XLvGprD_90HHcjHYpwlUG40DThrTvdULxnr0x2rOy995h_x4myIiRB6zQlt_lnL71FIzTwSaIbeeYI9WfJapeKtC0A2aE_mdOv24M4HMGk7hxeg40AqAOteG_RQj_ukdIfDQDadPNoTuNCRv4SddfqdRnc0X9o4mRpnhVwFaBxgPY1QnQbOBwFG5i4JH9MeCBCYvHYjf5qM00iiqw3BkyFkms-aKm_KvMQZVYuVXOTrx0UhZ11VY1lSuW5XaolS1e2qLQq1yppiWRYoWzXTlczkMlstykWWy6Wcq6wtcF0UjWxQlflKLDPqUZu5MYd-7vx-lvSuyrKQ65nBmgynK0PKREvkTxznazwBNKef0Rcy3ie-iggPUVuxzIzmwDfMoINJN8816HEL_xU2GQ5-uV1udkw3CX8hHCc77L7xbPSmuh_gex26sT5P7Ujo_PUwePcPqSDkLlXMQu6mog-V_DcAAP__Su5I3A">