[clang] 65c895d - [alpha.webkit.UnretainedCallArgsChecker] Treat getter on a dependent smart pointer type as safe (#161025)

[via cfe-commits]

Author: Ryosuke Niwa
Date: 2025-10-16T15:15:39-07:00
New Revision: 65c895dfe084860847e9e220ff9f1b283ebcb289

URL: https://github.com/llvm/llvm-project/commit/65c895dfe084860847e9e220ff9f1b283ebcb289
DIFF: https://github.com/llvm/llvm-project/commit/65c895dfe084860847e9e220ff9f1b283ebcb289.diff

LOG: [alpha.webkit.UnretainedCallArgsChecker] Treat getter on a dependent smart pointer type as safe (#161025)

Add the support for recognizing smart pointer type appearing as the type
of the object pointer in CXXDependentScopeMemberExpr.

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
    clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
index 419d2631fef81..84adbf318e9f8 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -173,6 +173,14 @@ bool tryToFindPtrOrigin(
           if (isSingleton(E->getFoundDecl()))
             return callback(E, true);
         }
+
+        if (auto *MemberExpr = dyn_cast<CXXDependentScopeMemberExpr>(CalleeE)) {
+          auto *Base = MemberExpr->getBase();
+          auto MemberName = MemberExpr->getMember().getAsString();
+          bool IsGetter = MemberName == "get" || MemberName == "ptr";
+          if (Base && isSafePtrType(Base->getType()) && IsGetter)
+            return callback(E, true);
+        }
       }
 
       // Sometimes, canonical type erroneously turns Ref<T> into T.

diff  --git a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
index 4f231ee8b1c84..8bef24f93ceed 100644
--- a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
+++ b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
@@ -596,6 +596,35 @@ void foo() {
 
 } // namespace sel_string
 
+namespace template_function {
+
+class Base {
+public:
+    virtual ~Base() = default;
+    void send(dispatch_queue_t) const;
+    void ref() const;
+    void deref() const;
+};
+
+template<typename Traits>
+class Derived : public Base {
+public:
+    virtual ~Derived() = default;
+
+    void send(typename Traits::MessageType) const;
+
+    virtual OSObjectPtr<dispatch_queue_t> msg(typename Traits::MessageType) const = 0;
+};
+
+template<typename Traits>
+void Derived<Traits>::send(typename Traits::MessageType messageType) const
+{
+    OSObjectPtr dictionary = msg(messageType);
+    Base::send(dictionary.get());
+}
+
+} // namespace template_function
+
 @interface TestObject : NSObject
 - (void)doWork:(NSString *)msg, ...;
 - (void)doWorkOnSelf;