[clang] [webkit.UncountedLambdaCapturesChecker] Ignore a lambda which gets called immediately (PR #162977)
Ryosuke Niwa via cfe-commits
cfe-commits at lists.llvm.org
Tue Dec 9 12:50:08 PST 2025
https://github.com/rniwa updated https://github.com/llvm/llvm-project/pull/162977
>From e8fc47e57f4aab7d556c94882ed6f9cf2389a927 Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa at webkit.org>
Date: Fri, 10 Oct 2025 23:43:46 -0700
Subject: [PATCH 1/2] [webkit.UncountedLambdaCapturesChecker] Ignore a lambda
which gets called immediately
Recognize more ways in which a lambda can be declared and called immediately.
---
.../WebKit/RawPtrRefLambdaCapturesChecker.cpp | 10 ++++++++++
.../WebKit/uncounted-lambda-captures.cpp | 17 +++++++++++++++++
2 files changed, 27 insertions(+)
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLambdaCapturesChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLambdaCapturesChecker.cpp
index f60d1936b7584..94b0b522c8894 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLambdaCapturesChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLambdaCapturesChecker.cpp
@@ -343,6 +343,16 @@ class RawPtrRefLambdaCapturesChecker
auto *Callee = CE->getCallee();
if (!Callee)
return;
+ Callee = Callee->IgnoreParenCasts();
+ if (auto *MTE = dyn_cast<MaterializeTemporaryExpr>(Callee))
+ Callee = MTE->getSubExpr();
+ if (!Callee)
+ return;
+ Callee = Callee->IgnoreParenCasts();
+ if (auto *L = dyn_cast<LambdaExpr>(Callee)) {
+ LambdasToIgnore.insert(L); // Calling a lambda upon creation is safe.
+ return;
+ }
auto *DRE = dyn_cast<DeclRefExpr>(Callee->IgnoreParenCasts());
if (!DRE)
return;
diff --git a/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp
index fd1eecdda64fd..1560dc14deeb7 100644
--- a/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp
+++ b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp
@@ -512,6 +512,23 @@ void capture_copy_in_lambda(CheckedObj& checked) {
});
}
+struct TemplateFunctionCallsLambda {
+ void ref() const;
+ void deref() const;
+
+ RefCountable* obj();
+
+ template <typename T>
+ RefPtr<T> method(T* t) {
+ auto ret = ([&]() -> RefPtr<T> {
+ if constexpr (T::isEncodable)
+ return t;
+ return obj() ? t : nullptr;
+ })();
+ return ret;
+ }
+};
+
class Iterator {
public:
Iterator(void* array, unsigned long sizeOfElement, unsigned int index);
>From fbae9df1cf37f71ef8a2089468154db44fa6a837 Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa at webkit.org>
Date: Tue, 9 Dec 2025 12:49:09 -0800
Subject: [PATCH 2/2] Move the nullptr check and IgnoreParenCasts after to
inside the if statement for clarity.
---
.../Checkers/WebKit/RawPtrRefLambdaCapturesChecker.cpp | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLambdaCapturesChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLambdaCapturesChecker.cpp
index 94b0b522c8894..3be1649ff2ffd 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLambdaCapturesChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLambdaCapturesChecker.cpp
@@ -344,11 +344,12 @@ class RawPtrRefLambdaCapturesChecker
if (!Callee)
return;
Callee = Callee->IgnoreParenCasts();
- if (auto *MTE = dyn_cast<MaterializeTemporaryExpr>(Callee))
+ if (auto *MTE = dyn_cast<MaterializeTemporaryExpr>(Callee)) {
Callee = MTE->getSubExpr();
- if (!Callee)
- return;
- Callee = Callee->IgnoreParenCasts();
+ if (!Callee)
+ return;
+ Callee = Callee->IgnoreParenCasts();
+ }
if (auto *L = dyn_cast<LambdaExpr>(Callee)) {
LambdasToIgnore.insert(L); // Calling a lambda upon creation is safe.
return;
More information about the cfe-commits
mailing list