Skip to content

[alpha.webkit.UnretainedCallArgsChecker] Treat getter on a dependent smart pointer type as safe #161025

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[alpha.webkit.UnretainedCallArgsChecker] Treat getter on a dependent smart pointer type as safe #161025

wants to merge 1 commit into from
+37 −0

Conversation

rniwa
Copy link
Contributor

@rniwa rniwa commented Sep 27, 2025

Add the support for recognizing smart pointer type appearing as the type of the object pointer in CXXDependentScopeMemberExpr.

@rniwa
[alpha.webkit.UnretainedCallArgsChecker] Treat getter on a dependent …
b2f3e37 
…smart pointer type as safe

Add the support for recognizing smart pointer type appearing as the type of the object pointer
in CXXDependentScopeMemberExpr.
@rniwa rniwa requested a review from t-rasmud September 27, 2025 21:29
@llvmbot llvmbot added clang Clang issues not falling into any other category clang:static analyzer labels Sep 27, 2025
@llvmbot
Copy link
Member

llvmbot commented Sep 27, 2025
edited
Loading

@llvm/pr-subscribers-clang-static-analyzer-1

@llvm/pr-subscribers-clang

Author: Ryosuke Niwa (rniwa)

Changes

Add the support for recognizing smart pointer type appearing as the type of the object pointer in CXXDependentScopeMemberExpr.

Full diff: https://github.com/llvm/llvm-project/pull/161025.diff

2 Files Affected:

  • (modified) clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp (+8)
  • (modified) clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm (+29)
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
index 00a1b8b6e7e89..0bc7cb9db8272 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -165,6 +165,14 @@ bool tryToFindPtrOrigin(
           if (isSingleton(E->getFoundDecl()))
             return callback(E, true);
         }
+
+        if (auto *MemberExpr = dyn_cast<CXXDependentScopeMemberExpr>(CalleeE)) {
+          auto *Base = MemberExpr->getBase();
+          auto MemberName = MemberExpr->getMember().getAsString();
+          bool IsGetter = MemberName == "get" || MemberName == "ptr";
+          if (Base && isSafePtrType(Base->getType()) && IsGetter)
+            return callback(E, true);
+        }
       }
 
       // Sometimes, canonical type erroneously turns Ref<T> into T.
diff --git a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
index c9d2fe861bb49..111a22d6c8b73 100644
--- a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
+++ b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
@@ -561,6 +561,35 @@ void foo() {
 
 } // namespace ns_retained_return_value
 
+namespace template_function {
+
+class Base {
+public:
+    virtual ~Base() = default;
+    void send(dispatch_queue_t) const;
+    void ref() const;
+    void deref() const;
+};
+
+template<typename Traits>
+class Derived : public Base {
+public:
+    virtual ~Derived() = default;
+
+    void send(typename Traits::MessageType) const;
+
+    virtual OSObjectPtr<dispatch_queue_t> msg(typename Traits::MessageType) const = 0;
+};
+
+template<typename Traits>
+void Derived<Traits>::send(typename Traits::MessageType messageType) const
+{
+    OSObjectPtr dictionary = msg(messageType);
+    Base::send(dictionary.get());
+}
+
+} // namespace template_function
+
 @interface TestObject : NSObject
 - (void)doWork:(NSString *)msg, ...;
 - (void)doWorkOnSelf;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t-rasmud t-rasmud Awaiting requested review from t-rasmud

Assignees
No one assigned
Labels
clang:static analyzer clang Clang issues not falling into any other category
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rniwa @llvmbot