[clang] [WebKit Checkers] Treat a boxed value as a safe pointer origin (PR #161133)

Ryosuke Niwa via cfe-commits cfe-commits at lists.llvm.org
Sun Sep 28 23:02:27 PDT 2025 

https://github.com/rniwa created https://github.com/llvm/llvm-project/pull/161133

None

>From 7c628aa473f93bbbd202d80d5f50a3913b76818d Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa at webkit.org>
Date: Sun, 28 Sep 2025 23:01:24 -0700
Subject: [PATCH] [WebKit Checkers] Treat a boxed value as a safe pointer
 origin

---
 clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp |  2 ++
 .../Analysis/Checkers/WebKit/unretained-call-args.mm  | 11 +++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
index 00a1b8b6e7e89..9060ec0f07771 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -208,6 +208,8 @@ bool tryToFindPtrOrigin(
       continue;
     }
     if (auto *BoxedExpr = dyn_cast<ObjCBoxedExpr>(E)) {
+      if (StopAtFirstRefCountedObj)
+        return callback(BoxedExpr, true);
       E = BoxedExpr->getSubExpr();
       continue;
     }
diff --git a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
index c9d2fe861bb49..a989e7161d24b 100644
--- a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
+++ b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
@@ -398,15 +398,21 @@ void foo() {
   void baz(const NSDictionary *);
   void boo(NSNumber *);
   void boo(CFTypeRef);
-  void foo() {
+
+  struct Details {
+    int value;
+  };
+
+  void foo(Details* details) {
     CFArrayCreateMutable(kCFAllocatorDefault, 10);
     bar(@[@"hello"]);
     baz(@{@"hello": @3});
     boo(@YES);
     boo(@NO);
+    boo(@(details->value));
   }
 }
-
+#if 0
 namespace call_with_cf_string {
   void bar(CFStringRef);
   void foo() {
@@ -601,3 +607,4 @@ - (NSString *)convertImage {
   return stringForImage(image.get());
 }
 @end
+#endif
\ No newline at end of file

More information about the cfe-commits mailing list