[clang] [alpha.webkit.UncountedCallArgsChecker] Recognize CXXUnresolvedConstructExpr as a safe origin. (PR #130258)
via cfe-commits
cfe-commits at lists.llvm.org
Thu Mar 6 23:50:45 PST 2025
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang-static-analyzer-1
@llvm/pr-subscribers-clang
Author: Ryosuke Niwa (rniwa)
<details>
<summary>Changes</summary>
Handle CXXUnresolvedConstructExpr in tryToFindPtrOrigin so that constructing Ref, RefPtr, CheckedRef, CheckedPtr, ... constructed in such a way that its type is unresolved at AST level will be still treated as a safe pointer origin.
Also fix a bug in isPtrOfType that it was not recognizing DeducedTemplateSpecializationType.
---
Full diff: https://github.com/llvm/llvm-project/pull/130258.diff
3 Files Affected:
- (modified) clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp (+4)
- (modified) clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp (+8-7)
- (modified) clang/test/Analysis/Checkers/WebKit/call-args.cpp (+35)
``````````diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
index dc86c4fcc64b1..885203550b8a8 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -43,6 +43,10 @@ bool tryToFindPtrOrigin(
break;
}
}
+ if (auto *TempExpr = dyn_cast<CXXUnresolvedConstructExpr>(E)) {
+ if (isSafePtrType(TempExpr->getTypeAsWritten()))
+ return callback(TempExpr, true);
+ }
if (auto *POE = dyn_cast<PseudoObjectExpr>(E)) {
if (auto *RF = POE->getResultExpr()) {
E = RF;
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
index 7899b19854806..8a304a07296fc 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
@@ -162,13 +162,14 @@ static bool isPtrOfType(const clang::QualType T, Predicate Pred) {
type = elaboratedT->desugar();
continue;
}
- auto *SpecialT = type->getAs<TemplateSpecializationType>();
- if (!SpecialT)
- return false;
- auto *Decl = SpecialT->getTemplateName().getAsTemplateDecl();
- if (!Decl)
- return false;
- return Pred(Decl->getNameAsString());
+ if (auto *SpecialT = type->getAs<TemplateSpecializationType>()) {
+ auto *Decl = SpecialT->getTemplateName().getAsTemplateDecl();
+ return Decl && Pred(Decl->getNameAsString());
+ } else if (auto *DTS = type->getAs<DeducedTemplateSpecializationType>()) {
+ auto *Decl = DTS->getTemplateName().getAsTemplateDecl();
+ return Decl && Pred(Decl->getNameAsString());
+ } else
+ break;
}
return false;
}
diff --git a/clang/test/Analysis/Checkers/WebKit/call-args.cpp b/clang/test/Analysis/Checkers/WebKit/call-args.cpp
index b4613d5090f29..e7afd9798da3e 100644
--- a/clang/test/Analysis/Checkers/WebKit/call-args.cpp
+++ b/clang/test/Analysis/Checkers/WebKit/call-args.cpp
@@ -359,6 +359,41 @@ namespace call_with_ptr_on_ref {
}
}
+namespace call_with_explicit_construct_from_auto {
+
+ struct Impl {
+ void ref() const;
+ void deref() const;
+
+ static Ref<Impl> create();
+ };
+
+ template <typename T>
+ struct ArgObj {
+ T* t;
+ };
+
+ struct Object {
+ Object();
+ Object(Ref<Impl>&&);
+
+ Impl* impl() const { return m_impl.get(); }
+
+ static Object create(ArgObj<char>&) { return Impl::create(); }
+ static void bar(Impl&);
+
+ private:
+ RefPtr<Impl> m_impl;
+ };
+
+ template<typename CharacterType> void foo()
+ {
+ auto result = Object::create(ArgObj<CharacterType> { });
+ Object::bar(Ref { *result.impl() });
+ }
+
+}
+
namespace call_with_explicit_temporary_obj {
void foo() {
Ref { *provide() }->method();
``````````
</details>
https://github.com/llvm/llvm-project/pull/130258
More information about the cfe-commits
mailing list