[clang] [alpha.webkit.UncountedCallArgsChecker] Protect the const member getter's this argument (PR #201147)

[Ryosuke Niwa via cfe-commits]

https://github.com/rniwa created https://github.com/llvm/llvm-project/pull/201147

This PR fixes a bug that when a const member variable getter is detected, we don't check if its object argument is kept alive for the duration of the function call.

>From 8c811b7b7406f2b16d8cf468c8a0edd0352d97a9 Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa at webkit.org>
Date: Tue, 2 Jun 2026 08:57:52 -0700
Subject: [PATCH] [alpha.webkit.UncountedCallArgsChecker] Protect the const
 member getter's this argument

This PR fixes a bug that when a const member variable getter is detected, we don't check
if its object argument is kept alive for the duration of the function call.
---
 .../Checkers/WebKit/RawPtrRefCallArgsChecker.cpp      |  8 ++++++--
 clang/test/Analysis/Checkers/WebKit/call-args.cpp     | 11 +++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp
index fe889f962b157..8ea058a32524c 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp
@@ -267,8 +267,12 @@ class RawPtrRefCallArgsChecker
             return true;
           if (isASafeCallArg(ArgOrigin))
             return true;
-          if (EFA.isACallToEnsureFn(ArgOrigin))
-            return true;
+          if (EFA.isACallToEnsureFn(ArgOrigin)) {
+            auto *MCE = dyn_cast<CXXMemberCallExpr>(ArgOrigin);
+            assert(MCE);
+            if (isPtrOriginSafe(MCE->getImplicitObjectArgument()))
+              return true;
+          }
           if (isSafeExpr(ArgOrigin))
             return true;
           return false;
diff --git a/clang/test/Analysis/Checkers/WebKit/call-args.cpp b/clang/test/Analysis/Checkers/WebKit/call-args.cpp
index f15991134c58a..40c6e7639b129 100644
--- a/clang/test/Analysis/Checkers/WebKit/call-args.cpp
+++ b/clang/test/Analysis/Checkers/WebKit/call-args.cpp
@@ -535,11 +535,22 @@ namespace call_on_member {
 
     void work();
 
+    RefCountable& constObj() const { return *m_constObj; }
+
   private:
     RefPtr<RefCountable> m_obj;
     const RefPtr<RefCountable> m_constObj;
   };
 
+  SomeObj* provide();
+
+  void foo() {
+    provide()->constObj().method();
+    // expected-warning at -1{{Call argument for 'this' parameter is uncounted and unsafe}}
+    Ref { provide()->constObj() }->method();
+    RefPtr { provide() }->constObj().method();
+  }
+
 }
 
 namespace call_with_weak_ptr {