[clang] 7a008c0 - [alpha.webkit.UncountedCallArgsChecker] Protect the const member getter's this argument (#201147)

Thu, 04 Jun 2026 03:34:05 -0700 

Author: Ryosuke Niwa
Date: 2026-06-04T03:33:53-07:00
New Revision: 7a008c0ad92a434e3bd419f4bb1c94ce85c56844

URL: 
https://github.com/llvm/llvm-project/commit/7a008c0ad92a434e3bd419f4bb1c94ce85c56844
DIFF: 
https://github.com/llvm/llvm-project/commit/7a008c0ad92a434e3bd419f4bb1c94ce85c56844.diff

LOG: [alpha.webkit.UncountedCallArgsChecker] Protect the const member getter's 
this argument (#201147)

This PR fixes a bug that when a const member variable getter is
detected, we don't check if its object argument is kept alive for the
duration of the function call.

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp
    clang/test/Analysis/Checkers/WebKit/call-args.cpp

Removed: 
    


################################################################################
diff  --git 
a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp 
b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp
index fe889f962b157..8ea058a32524c 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp
@@ -267,8 +267,12 @@ class RawPtrRefCallArgsChecker
             return true;
           if (isASafeCallArg(ArgOrigin))
             return true;
-          if (EFA.isACallToEnsureFn(ArgOrigin))
-            return true;
+          if (EFA.isACallToEnsureFn(ArgOrigin)) {
+            auto *MCE = dyn_cast<CXXMemberCallExpr>(ArgOrigin);
+            assert(MCE);
+            if (isPtrOriginSafe(MCE->getImplicitObjectArgument()))
+              return true;
+          }
           if (isSafeExpr(ArgOrigin))
             return true;
           return false;

diff  --git a/clang/test/Analysis/Checkers/WebKit/call-args.cpp 
b/clang/test/Analysis/Checkers/WebKit/call-args.cpp
index bcd3a9592d55d..a9bcacebc007a 100644
--- a/clang/test/Analysis/Checkers/WebKit/call-args.cpp
+++ b/clang/test/Analysis/Checkers/WebKit/call-args.cpp
@@ -535,11 +535,22 @@ namespace call_on_member {
 
     void work();
 
+    RefCountable& constObj() const { return *m_constObj; }
+
   private:
     RefPtr<RefCountable> m_obj;
     const RefPtr<RefCountable> m_constObj;
   };
 
+  SomeObj* provide();
+
+  void foo() {
+    provide()->constObj().method();
+    // expected-warning@-1{{Call argument for 'this' parameter is uncounted 
and unsafe}}
+    Ref { provide()->constObj() }->method();
+    RefPtr { provide() }->constObj().method();
+  }
+
 }
 
 namespace call_with_weak_ptr {


        
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to