[clang] [analyzer] MallocChecker – Fix false positive leak for smart pointers in temporary objects (PR #152751)

[Donát Nagy via cfe-commits]

================
@@ -3068,12 +3124,242 @@ void MallocChecker::checkDeadSymbols(SymbolReaper &SymReaper,
   C.addTransition(state->set<RegionState>(RS), N);
 }
 
+// Helper function to check if a name is a recognized smart pointer name
+static bool isSmartPtrName(StringRef Name) {
+  return Name == "unique_ptr" || Name == "shared_ptr";
+}
+
+// Allowlist of owning smart pointers we want to recognize.
+// Start with unique_ptr and shared_ptr. (intentionally exclude weak_ptr)
+static bool isSmartOwningPtrType(QualType QT) {
+  QT = QT->getCanonicalTypeUnqualified();
+
+  // First try TemplateSpecializationType (for std smart pointers)
+  if (const auto *TST = QT->getAs<TemplateSpecializationType>()) {
+    const TemplateDecl *TD = TST->getTemplateName().getAsTemplateDecl();
+    if (!TD)
+      return false;
+
+    const auto *ND = dyn_cast_or_null<NamedDecl>(TD->getTemplatedDecl());
+    if (!ND)
+      return false;
+
+    // Check if it's in std namespace
+    if (!isWithinStdNamespace(ND))
+      return false;
----------------
NagyDonat wrote:

What is the rationale behind checking for namespace `std` here while you don't check it in two other situations?

My first instinct is that I'd prefer consistently checking for namespace `std` (because I'm vary of making assumptions about the behavior of custom user-defined classes), but I can also understand consistently not checking (because that would more aggressively eliminate results that may be false positive). I don't see a reason for this intermediate approach, but I'm not opposed to it if you can explain why is this the right thing to do. (In that case, please add a source code comment with a brief explanation.)

https://github.com/llvm/llvm-project/pull/152751