[clang] [alpha.webkit.UnretainedCallArgsChecker] Treat getter on a dependent smart pointer type as safe (PR #161025)

Ryosuke Niwa via cfe-commits cfe-commits at lists.llvm.org
Sat Sep 27 14:29:22 PDT 2025 

https://github.com/rniwa created https://github.com/llvm/llvm-project/pull/161025

Add the support for recognizing smart pointer type appearing as the type of the object pointer in CXXDependentScopeMemberExpr.

>From b2f3e3724d42963216724e1373542807c5523d83 Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa at webkit.org>
Date: Sat, 27 Sep 2025 14:26:46 -0700
Subject: [PATCH] [alpha.webkit.UnretainedCallArgsChecker] Treat getter on a
 dependent smart pointer type as safe

Add the support for recognizing smart pointer type appearing as the type of the object pointer
in CXXDependentScopeMemberExpr.
---
 .../Checkers/WebKit/ASTUtils.cpp              |  8 +++++
 .../Checkers/WebKit/unretained-call-args.mm   | 29 +++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
index 00a1b8b6e7e89..0bc7cb9db8272 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -165,6 +165,14 @@ bool tryToFindPtrOrigin(
           if (isSingleton(E->getFoundDecl()))
             return callback(E, true);
         }
+
+        if (auto *MemberExpr = dyn_cast<CXXDependentScopeMemberExpr>(CalleeE)) {
+          auto *Base = MemberExpr->getBase();
+          auto MemberName = MemberExpr->getMember().getAsString();
+          bool IsGetter = MemberName == "get" || MemberName == "ptr";
+          if (Base && isSafePtrType(Base->getType()) && IsGetter)
+            return callback(E, true);
+        }
       }
 
       // Sometimes, canonical type erroneously turns Ref<T> into T.
diff --git a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
index c9d2fe861bb49..111a22d6c8b73 100644
--- a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
+++ b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
@@ -561,6 +561,35 @@ void foo() {
 
 } // namespace ns_retained_return_value
 
+namespace template_function {
+
+class Base {
+public:
+    virtual ~Base() = default;
+    void send(dispatch_queue_t) const;
+    void ref() const;
+    void deref() const;
+};
+
+template<typename Traits>
+class Derived : public Base {
+public:
+    virtual ~Derived() = default;
+
+    void send(typename Traits::MessageType) const;
+
+    virtual OSObjectPtr<dispatch_queue_t> msg(typename Traits::MessageType) const = 0;
+};
+
+template<typename Traits>
+void Derived<Traits>::send(typename Traits::MessageType messageType) const
+{
+    OSObjectPtr dictionary = msg(messageType);
+    Base::send(dictionary.get());
+}
+
+} // namespace template_function
+
 @interface TestObject : NSObject
 - (void)doWork:(NSString *)msg, ...;
 - (void)doWorkOnSelf;

More information about the cfe-commits mailing list