[alpha.webkit.UncountedCallArgsChecker] Recognize CXXUnresolvedConstructExpr as a safe origin. #130258
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…uctExpr as a safe origin. Handle CXXUnresolvedConstructExpr in tryToFindPtrOrigin so that constructing Ref, RefPtr, CheckedRef, CheckedPtr, ... constructed in such a way that its type is unresolved at AST level will be still treated as a safe pointer origin. Also fix a bug in isPtrOfType that it was not recognizing DeducedTemplateSpecializationType.
llvmbot
added
clang
Member
|
@llvm/pr-subscribers-clang-static-analyzer-1 @llvm/pr-subscribers-clang Author: Ryosuke Niwa (rniwa) ChangesHandle CXXUnresolvedConstructExpr in tryToFindPtrOrigin so that constructing Ref, RefPtr, CheckedRef, CheckedPtr, ... constructed in such a way that its type is unresolved at AST level will be still treated as a safe pointer origin. Also fix a bug in isPtrOfType that it was not recognizing DeducedTemplateSpecializationType. Full diff: https://github.com/llvm/llvm-project/pull/130258.diff 3 Files Affected:
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
index dc86c4fcc64b1..885203550b8a8 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -43,6 +43,10 @@ bool tryToFindPtrOrigin(
break;
}
}
+ if (auto *TempExpr = dyn_cast<CXXUnresolvedConstructExpr>(E)) {
+ if (isSafePtrType(TempExpr->getTypeAsWritten()))
+ return callback(TempExpr, true);
+ }
if (auto *POE = dyn_cast<PseudoObjectExpr>(E)) {
if (auto *RF = POE->getResultExpr()) {
E = RF;
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
index 7899b19854806..8a304a07296fc 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
@@ -162,13 +162,14 @@ static bool isPtrOfType(const clang::QualType T, Predicate Pred) {
type = elaboratedT->desugar();
continue;
}
- auto *SpecialT = type->getAs<TemplateSpecializationType>();
- if (!SpecialT)
- return false;
- auto *Decl = SpecialT->getTemplateName().getAsTemplateDecl();
- if (!Decl)
- return false;
- return Pred(Decl->getNameAsString());
+ if (auto *SpecialT = type->getAs<TemplateSpecializationType>()) {
+ auto *Decl = SpecialT->getTemplateName().getAsTemplateDecl();
+ return Decl && Pred(Decl->getNameAsString());
+ } else if (auto *DTS = type->getAs<DeducedTemplateSpecializationType>()) {
+ auto *Decl = DTS->getTemplateName().getAsTemplateDecl();
+ return Decl && Pred(Decl->getNameAsString());
+ } else
+ break;
}
return false;
}
diff --git a/clang/test/Analysis/Checkers/WebKit/call-args.cpp b/clang/test/Analysis/Checkers/WebKit/call-args.cpp
index b4613d5090f29..e7afd9798da3e 100644
--- a/clang/test/Analysis/Checkers/WebKit/call-args.cpp
+++ b/clang/test/Analysis/Checkers/WebKit/call-args.cpp
@@ -359,6 +359,41 @@ namespace call_with_ptr_on_ref {
}
}
+namespace call_with_explicit_construct_from_auto {
+
+ struct Impl {
+ void ref() const;
+ void deref() const;
+
+ static Ref<Impl> create();
+ };
+
+ template <typename T>
+ struct ArgObj {
+ T* t;
+ };
+
+ struct Object {
+ Object();
+ Object(Ref<Impl>&&);
+
+ Impl* impl() const { return m_impl.get(); }
+
+ static Object create(ArgObj<char>&) { return Impl::create(); }
+ static void bar(Impl&);
+
+ private:
+ RefPtr<Impl> m_impl;
+ };
+
+ template<typename CharacterType> void foo()
+ {
+ auto result = Object::create(ArgObj<CharacterType> { });
+ Object::bar(Ref { *result.impl() });
+ }
+
+}
+
namespace call_with_explicit_temporary_obj {
void foo() {
Ref { *provide() }->method();
|
Contributor
Author
|
Thanks for the review! |
Collaborator
|
LLVM Buildbot has detected a new failure on builder Full details are available at: https://lab.llvm.org/buildbot/#/builders/73/builds/14201 Here is the relevant piece of the build log for the reference |
rniwa
added a commit
to rniwa/llvm-project
that referenced
this pull request
Apr 22, 2025
…uctExpr as a safe origin. (llvm#130258) Handle CXXUnresolvedConstructExpr in tryToFindPtrOrigin so that constructing Ref, RefPtr, CheckedRef, CheckedPtr, ... constructed in such a way that its type is unresolved at AST level will be still treated as a safe pointer origin. Also fix a bug in isPtrOfType that it was not recognizing DeducedTemplateSpecializationType.
rniwa
added a commit
to rniwa/llvm-project
that referenced
this pull request
Aug 21, 2025
…uctExpr as a safe origin. (llvm#130258) Handle CXXUnresolvedConstructExpr in tryToFindPtrOrigin so that constructing Ref, RefPtr, CheckedRef, CheckedPtr, ... constructed in such a way that its type is unresolved at AST level will be still treated as a safe pointer origin. Also fix a bug in isPtrOfType that it was not recognizing DeducedTemplateSpecializationType.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Handle CXXUnresolvedConstructExpr in tryToFindPtrOrigin so that constructing Ref, RefPtr, CheckedRef, CheckedPtr, ... constructed in such a way that its type is unresolved at AST level will be still treated as a safe pointer origin.
Also fix a bug in isPtrOfType that it was not recognizing DeducedTemplateSpecializationType.