[clang] [WebKit checkers] Recognize adoptRef as a safe function (PR #119846)

Rashmi Mudduluru via cfe-commits cfe-commits at lists.llvm.org
Tue Dec 17 22:15:26 PST 2024 

================
@@ -365,3 +365,20 @@ namespace call_with_explicit_temporary_obj {
     RefPtr { provide() }->method();
   }
 }
+
+namespace call_with_adopt_ref {
+  class Obj {
+  public:
+    void ref() const;
+    void deref() const;
+    void method();
+  };
+
+  struct dummy {
+    RefPtr<Obj> any;
----------------
t-rasmud wrote:

@rniwa I ran this test case under the debugger and here's what I found: The call to `IsPtrOriginSafe` returns `true` in the absence of `struct dummy` when visiting the `CallExpr` causing the checker to not issue a warning:
```
CXXMemberCallExpr 0x147945af8 'void'
`-MemberExpr 0x147945ac8 '<bound member function type>' ->method 0x14793ccb0
  `-CXXOperatorCallExpr 0x147945988 'class call_with_adopt_ref::Obj *' '->'
    |-ImplicitCastExpr 0x147945970 'class call_with_adopt_ref::Obj *(*)(void) const' <FunctionToPointerDecay>
    | `-DeclRefExpr 0x1479458e8 'class call_with_adopt_ref::Obj *(void) const' lvalue CXXMethod 0x147944388 'operator->' 'class call_with_adopt_ref::Obj *(void) const'
    `-ImplicitCastExpr 0x1479458d0 'const struct RefPtr<class call_with_adopt_ref::Obj>' lvalue <NoOp>
      `-MaterializeTemporaryExpr 0x1479458b8 'RefPtr<Obj>':'struct RefPtr<class call_with_adopt_ref::Obj>' lvalue
        `-CXXBindTemporaryExpr 0x147945898 'RefPtr<Obj>':'struct RefPtr<class call_with_adopt_ref::Obj>' (CXXTemporary 0x147945898)
          `-CallExpr 0x1479407e8 'RefPtr<Obj>':'struct RefPtr<class call_with_adopt_ref::Obj>'
            |-ImplicitCastExpr 0x1479407d0 'RefPtr<Obj> (*)(class call_with_adopt_ref::Obj *)' <FunctionToPointerDecay>
            | `-DeclRefExpr 0x147940740 'RefPtr<Obj> (class call_with_adopt_ref::Obj *)' lvalue Function 0x14793fe00 'adoptRef' 'RefPtr<Obj> (class call_with_adopt_ref::Obj *)' (FunctionTemplate 0x14792ff48 'adoptRef')
            `-CXXNewExpr 0x14793f408 'Obj *' Function 0x14793d0c8 'operator new' 'void *(unsigned long)'
              `-CXXConstructExpr 0x14793f3e0 'Obj':'class call_with_adopt_ref::Obj' 'void (void) noexcept' 
```

Does this give any clue for the unexpected behavior?

https://github.com/llvm/llvm-project/pull/119846

More information about the cfe-commits mailing list