From f44963f8bd1012ba877d363c9683bb2b03e8eb86 Mon Sep 17 00:00:00 2001 From: Ryosuke Niwa Date: Tue, 4 Feb 2025 02:02:19 -0800 Subject: [PATCH 1/2] [webkit.UncountedLambdaCapturesChecker] Fix a bug that the checker didn't take the object pointer into account. When a callee is a method call (e.g. calling a lambda), we need to skip the object pointer to match the parameter list with the call arguments. This manifests as a bug that the checker erroneously generate a warning for a lambda capture (L1) which is passed to a no-escape argument of another lambda (L2). --- .../WebKit/UncountedLambdaCapturesChecker.cpp | 4 +++- .../Checkers/WebKit/uncounted-lambda-captures.cpp | 12 +++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp index a57499d52acd0..53ef423bd82e7 100644 --- a/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp @@ -109,8 +109,10 @@ class UncountedLambdaCapturesChecker bool VisitCallExpr(CallExpr *CE) override { checkCalleeLambda(CE); if (auto *Callee = CE->getDirectCallee()) { - bool TreatAllArgsAsNoEscape = shouldTreatAllArgAsNoEscape(Callee); unsigned ArgIndex = 0; + if (auto *CXXCallee = dyn_cast(Callee)) + ArgIndex = CXXCallee->isInstance(); + bool TreatAllArgsAsNoEscape = shouldTreatAllArgAsNoEscape(Callee); for (auto *Param : Callee->parameters()) { if (ArgIndex >= CE->getNumArgs()) return true; diff --git a/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp index 2173245bc7af3..0f5ec8d836432 100644 --- a/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp +++ b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp @@ -252,13 +252,23 @@ struct RefCountableWithLambdaCapturingThis { call(lambda); } - void method_captures_this_with_guardian_refPtr() { + void method_captures_this_with_guardian_refptr() { auto lambda = [this, protectedThis = RefPtr { &*this }]() { nonTrivial(); }; call(lambda); } + + void forEach(const WTF::Function&); + void method_captures_this_with_lambda_with_no_escape() { + auto run = [&]([[clang::noescape]] const WTF::Function& func) { + forEach(func); + }; + run([&](RefCountable&) { + nonTrivial(); + }); + } }; struct NonRefCountableWithLambdaCapturingThis { From 052687a955b8719c1dbd213b2def56e7d50b8d23 Mon Sep 17 00:00:00 2001 From: Ryosuke Niwa Date: Tue, 4 Feb 2025 21:12:10 -0800 Subject: [PATCH 2/2] Remove an extra blank line --- .../test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp index 0f5ec8d836432..2a1a164557cdb 100644 --- a/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp +++ b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures.cpp @@ -259,7 +259,6 @@ struct RefCountableWithLambdaCapturingThis { call(lambda); } - void forEach(const WTF::Function&); void method_captures_this_with_lambda_with_no_escape() { auto run = [&]([[clang::noescape]] const WTF::Function& func) {