Author: Ryosuke Niwa Date: 2025-03-07T14:40:33-08:00 New Revision: c419acdf82d3b33cf151f78865469cf155ddf372
URL: https://github.com/llvm/llvm-project/commit/c419acdf82d3b33cf151f78865469cf155ddf372 DIFF: https://github.com/llvm/llvm-project/commit/c419acdf82d3b33cf151f78865469cf155ddf372.diff LOG: [alpha.webkit.UncountedCallArgsChecker] Recognize CXXUnresolvedConstructExpr as a safe origin. (#130258) Handle CXXUnresolvedConstructExpr in tryToFindPtrOrigin so that constructing Ref, RefPtr, CheckedRef, CheckedPtr, ... constructed in such a way that its type is unresolved at AST level will be still treated as a safe pointer origin. Also fix a bug in isPtrOfType that it was not recognizing DeducedTemplateSpecializationType. Added: Modified: clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp clang/test/Analysis/Checkers/WebKit/call-args.cpp Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp index 58020ec4e084d..c8151e932997e 100644 --- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp @@ -43,6 +43,10 @@ bool tryToFindPtrOrigin( break; } } + if (auto *TempExpr = dyn_cast<CXXUnresolvedConstructExpr>(E)) { + if (isSafePtrType(TempExpr->getTypeAsWritten())) + return callback(TempExpr, true); + } if (auto *POE = dyn_cast<PseudoObjectExpr>(E)) { if (auto *RF = POE->getResultExpr()) { E = RF; diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp index 7899b19854806..8a304a07296fc 100644 --- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp @@ -162,13 +162,14 @@ static bool isPtrOfType(const clang::QualType T, Predicate Pred) { type = elaboratedT->desugar(); continue; } - auto *SpecialT = type->getAs<TemplateSpecializationType>(); - if (!SpecialT) - return false; - auto *Decl = SpecialT->getTemplateName().getAsTemplateDecl(); - if (!Decl) - return false; - return Pred(Decl->getNameAsString()); + if (auto *SpecialT = type->getAs<TemplateSpecializationType>()) { + auto *Decl = SpecialT->getTemplateName().getAsTemplateDecl(); + return Decl && Pred(Decl->getNameAsString()); + } else if (auto *DTS = type->getAs<DeducedTemplateSpecializationType>()) { + auto *Decl = DTS->getTemplateName().getAsTemplateDecl(); + return Decl && Pred(Decl->getNameAsString()); + } else + break; } return false; } diff --git a/clang/test/Analysis/Checkers/WebKit/call-args.cpp b/clang/test/Analysis/Checkers/WebKit/call-args.cpp index b4613d5090f29..e7afd9798da3e 100644 --- a/clang/test/Analysis/Checkers/WebKit/call-args.cpp +++ b/clang/test/Analysis/Checkers/WebKit/call-args.cpp @@ -359,6 +359,41 @@ namespace call_with_ptr_on_ref { } } +namespace call_with_explicit_construct_from_auto { + + struct Impl { + void ref() const; + void deref() const; + + static Ref<Impl> create(); + }; + + template <typename T> + struct ArgObj { + T* t; + }; + + struct Object { + Object(); + Object(Ref<Impl>&&); + + Impl* impl() const { return m_impl.get(); } + + static Object create(ArgObj<char>&) { return Impl::create(); } + static void bar(Impl&); + + private: + RefPtr<Impl> m_impl; + }; + + template<typename CharacterType> void foo() + { + auto result = Object::create(ArgObj<CharacterType> { }); + Object::bar(Ref { *result.impl() }); + } + +} + namespace call_with_explicit_temporary_obj { void foo() { Ref { *provide() }->method(); _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
