[clang] [alpha.webkit.UncheckedCallArgsChecker] Checker fails to recognize CanMakeCheckedPtrBase (PR #136500)

Sun, 20 Apr 2025 11:12:50 -0700 

https://github.com/rniwa created 
https://github.com/llvm/llvm-project/pull/136500

This PR fixes the bug that alpha.webkit.UncheckedCallArgsChecker did not 
recognize CanMakeCheckedPtrBase due to getAsCXXRecordDecl returning nullptr for 
it in hasPublicMethodInBase. Manually grab getTemplatedDecl out of 
TemplateSpecializationType then CXXRecordDecl to workaround this bug in clang 
frontend.

>From 3cdf1565993030a56003c37e14e024e07ca75da1 Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rn...@webkit.org>
Date: Sun, 20 Apr 2025 11:00:13 -0700
Subject: [PATCH] [alpha.webkit.UncheckedCallArgsChecker] Checker fails to
 recognize CanMakeCheckedPtrBase

This PR fixes the bug that alpha.webkit.UncheckedCallArgsChecker did not 
recognize
CanMakeCheckedPtrBase due to getAsCXXRecordDecl returning nullptr for it in
hasPublicMethodInBase. Manually grab getTemplatedDecl out of 
TemplateSpecializationType
then CXXRecordDecl to workaround this bug in clang frontend.
---
 .../Checkers/WebKit/PtrTypesSemantics.cpp     | 14 ++++++--
 .../Checkers/WebKit/unchecked-call-arg.cpp    | 34 +++++++++++++++++++
 2 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp

diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp 
b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
index 811888e119449..25b77ef989388 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
@@ -46,8 +46,18 @@ hasPublicMethodInBase(const CXXBaseSpecifier *Base, 
StringRef NameToMatch) {
     return std::nullopt;
 
   const CXXRecordDecl *R = T->getAsCXXRecordDecl();
-  if (!R)
-    return std::nullopt;
+  if (!R) {
+    auto CT = Base->getType().getCanonicalType();
+    if (auto *TST = dyn_cast<TemplateSpecializationType>(CT)) {
+      auto TmplName = TST->getTemplateName();
+      if (!TmplName.isNull()) {
+        if (auto *TD = TmplName.getAsTemplateDecl())
+          R = dyn_cast_or_null<CXXRecordDecl>(TD->getTemplatedDecl());
+      }
+    }
+    if (!R)
+      return std::nullopt;
+  }
   if (!R->hasDefinition())
     return std::nullopt;
 
diff --git a/clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp 
b/clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp
new file mode 100644
index 0000000000000..8685978ebf1ac
--- /dev/null
+++ b/clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp
@@ -0,0 +1,34 @@
+// RUN: %clang_analyze_cc1 
-analyzer-checker=alpha.webkit.UncheckedCallArgsChecker -verify %s
+
+void WTFCrash(void);
+
+enum class Tag : bool { Value };
+
+template <typename StorageType, Tag> class CanMakeCheckedPtrBase {
+public:
+  void incrementCheckedPtrCount() const { ++m_checkedPtrCount; }
+  inline void decrementCheckedPtrCount() const
+  {
+      if (!m_checkedPtrCount)
+        WTFCrash();
+      --m_checkedPtrCount;
+  }
+
+private:
+  mutable StorageType m_checkedPtrCount { 0 };
+};
+
+template<typename T, Tag tag>
+class CanMakeCheckedPtr : public CanMakeCheckedPtrBase<unsigned int, tag> {
+};
+
+class CheckedObject : public CanMakeCheckedPtr<CheckedObject, Tag::Value> {
+public:
+  void doWork();
+};
+
+CheckedObject* provide();
+void foo() {
+  provide()->doWork();
+  // expected-warning@-1{{Call argument for 'this' parameter is unchecked and 
unsafe}}
+}

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to