Author: Ryosuke Niwa Date: 2025-06-09T07:33:15-07:00 New Revision: de961997cbfae1d01c959528a9aeb12fa8c87618
URL: https://github.com/llvm/llvm-project/commit/de961997cbfae1d01c959528a9aeb12fa8c87618 DIFF: https://github.com/llvm/llvm-project/commit/de961997cbfae1d01c959528a9aeb12fa8c87618.diff LOG: [WebKit checkers] Add an annotation for pointer conversion. (#141277) This PR adds the WebKit checker support for [[clang::annotate_type("webkit.pointerconversion")]]. When this attribute is set on the return value of a function, the function is treated as safe to call anywhere and the return value's pointer origin is the argument.` Added: Modified: clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp clang/test/Analysis/Checkers/WebKit/call-args-safe-functions.cpp Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp index 4ddd11495f534..cd33476344a34 100644 --- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp @@ -468,6 +468,18 @@ bool isPtrConversion(const FunctionDecl *F) { FunctionName == "checked_objc_cast") return true; + auto ReturnType = F->getReturnType(); + if (auto *Type = ReturnType.getTypePtrOrNull()) { + if (auto *AttrType = dyn_cast<AttributedType>(Type)) { + if (auto *Attr = AttrType->getAttr()) { + if (auto *AnnotateType = dyn_cast<AnnotateTypeAttr>(Attr)) { + if (AnnotateType->getAnnotation() == "webkit.pointerconversion") + return true; + } + } + } + } + return false; } diff --git a/clang/test/Analysis/Checkers/WebKit/call-args-safe-functions.cpp b/clang/test/Analysis/Checkers/WebKit/call-args-safe-functions.cpp index a87446564870c..5c540a58debaf 100644 --- a/clang/test/Analysis/Checkers/WebKit/call-args-safe-functions.cpp +++ b/clang/test/Analysis/Checkers/WebKit/call-args-safe-functions.cpp @@ -1,10 +1,12 @@ // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.webkit.UncountedCallArgsChecker -verify %s -// expected-no-diagnostics + +#include "mock-types.h" class Base { public: - inline void ref(); - inline void deref(); + void ref(); + void deref(); + void doWork(); }; class Derived : public Base { @@ -21,6 +23,7 @@ class SubDerived final : public Derived { class OtherObject { public: Derived* obj(); + Base* base(); }; class String { @@ -44,6 +47,12 @@ inline Target* uncheckedDowncast(Source* source) return static_cast<Target*>(source); } +template<typename Target, typename Source> +Target* [[clang::annotate_type("webkit.pointerconversion")]] newCastFunction(Source*); + +template<typename Target, typename Source> +Target* [[clang::annotate_type("unrelated-annotation")]] badCastFunction(Source*); + template<typename... Types> String toString(const Types&... values); @@ -52,5 +61,17 @@ void foo(OtherObject* other) dynamicDowncast<SubDerived>(other->obj()); checkedDowncast<SubDerived>(other->obj()); uncheckedDowncast<SubDerived>(other->obj()); + newCastFunction<SubDerived>(other->obj()); + badCastFunction<SubDerived>(other->obj()); + // expected-warning@-1{{Call argument is uncounted and unsafe}} toString(other->obj()); } + +struct SomeStruct { + Derived* [[clang::annotate_type("webkit.pointerconversion")]] ptrConversion(Base*); + + void foo(OtherObject& otherObj) { + RefPtr ptr = otherObj.base(); + ptrConversion(ptr.get())->doWork(); + } +}; _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
