[clang] [alpha.webkit.UncheckedCallArgsChecker] Checker fails to recognize CanMakeCheckedPtrBase (PR #136500)
via cfe-commits
cfe-commits at lists.llvm.org
Sun Apr 20 11:13:04 PDT 2025
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang
@llvm/pr-subscribers-clang-static-analyzer-1
Author: Ryosuke Niwa (rniwa)
<details>
<summary>Changes</summary>
This PR fixes the bug that alpha.webkit.UncheckedCallArgsChecker did not recognize CanMakeCheckedPtrBase due to getAsCXXRecordDecl returning nullptr for it in hasPublicMethodInBase. Manually grab getTemplatedDecl out of TemplateSpecializationType then CXXRecordDecl to workaround this bug in clang frontend.
---
Full diff: https://github.com/llvm/llvm-project/pull/136500.diff
2 Files Affected:
- (modified) clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp (+12-2)
- (added) clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp (+34)
``````````diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
index 811888e119449..25b77ef989388 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
@@ -46,8 +46,18 @@ hasPublicMethodInBase(const CXXBaseSpecifier *Base, StringRef NameToMatch) {
return std::nullopt;
const CXXRecordDecl *R = T->getAsCXXRecordDecl();
- if (!R)
- return std::nullopt;
+ if (!R) {
+ auto CT = Base->getType().getCanonicalType();
+ if (auto *TST = dyn_cast<TemplateSpecializationType>(CT)) {
+ auto TmplName = TST->getTemplateName();
+ if (!TmplName.isNull()) {
+ if (auto *TD = TmplName.getAsTemplateDecl())
+ R = dyn_cast_or_null<CXXRecordDecl>(TD->getTemplatedDecl());
+ }
+ }
+ if (!R)
+ return std::nullopt;
+ }
if (!R->hasDefinition())
return std::nullopt;
diff --git a/clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp b/clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp
new file mode 100644
index 0000000000000..8685978ebf1ac
--- /dev/null
+++ b/clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp
@@ -0,0 +1,34 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.webkit.UncheckedCallArgsChecker -verify %s
+
+void WTFCrash(void);
+
+enum class Tag : bool { Value };
+
+template <typename StorageType, Tag> class CanMakeCheckedPtrBase {
+public:
+ void incrementCheckedPtrCount() const { ++m_checkedPtrCount; }
+ inline void decrementCheckedPtrCount() const
+ {
+ if (!m_checkedPtrCount)
+ WTFCrash();
+ --m_checkedPtrCount;
+ }
+
+private:
+ mutable StorageType m_checkedPtrCount { 0 };
+};
+
+template<typename T, Tag tag>
+class CanMakeCheckedPtr : public CanMakeCheckedPtrBase<unsigned int, tag> {
+};
+
+class CheckedObject : public CanMakeCheckedPtr<CheckedObject, Tag::Value> {
+public:
+ void doWork();
+};
+
+CheckedObject* provide();
+void foo() {
+ provide()->doWork();
+ // expected-warning at -1{{Call argument for 'this' parameter is unchecked and unsafe}}
+}
``````````
</details>
https://github.com/llvm/llvm-project/pull/136500
More information about the cfe-commits
mailing list