[alpha.webkit.UncheckedCallArgsChecker] Checker fails to recognize CanMakeCheckedPtrBase #136500

rniwa · 2025-04-20T18:12:19Z

This PR fixes the bug that alpha.webkit.UncheckedCallArgsChecker did not recognize CanMakeCheckedPtrBase due to getAsCXXRecordDecl returning nullptr for it in hasPublicMethodInBase. Manually grab getTemplatedDecl out of TemplateSpecializationType then CXXRecordDecl to workaround this bug in clang frontend.

…nMakeCheckedPtrBase This PR fixes the bug that alpha.webkit.UncheckedCallArgsChecker did not recognize CanMakeCheckedPtrBase due to getAsCXXRecordDecl returning nullptr for it in hasPublicMethodInBase. Manually grab getTemplatedDecl out of TemplateSpecializationType then CXXRecordDecl to workaround this bug in clang frontend.

llvmbot · 2025-04-20T18:12:58Z

@llvm/pr-subscribers-clang

@llvm/pr-subscribers-clang-static-analyzer-1

Author: Ryosuke Niwa (rniwa)

Changes

This PR fixes the bug that alpha.webkit.UncheckedCallArgsChecker did not recognize CanMakeCheckedPtrBase due to getAsCXXRecordDecl returning nullptr for it in hasPublicMethodInBase. Manually grab getTemplatedDecl out of TemplateSpecializationType then CXXRecordDecl to workaround this bug in clang frontend.

Full diff: https://github.com/llvm/llvm-project/pull/136500.diff

2 Files Affected:

(modified) clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp (+12-2)
(added) clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp (+34)

diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
index 811888e119449..25b77ef989388 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
@@ -46,8 +46,18 @@ hasPublicMethodInBase(const CXXBaseSpecifier *Base, StringRef NameToMatch) {
     return std::nullopt;
 
   const CXXRecordDecl *R = T->getAsCXXRecordDecl();
-  if (!R)
-    return std::nullopt;
+  if (!R) {
+    auto CT = Base->getType().getCanonicalType();
+    if (auto *TST = dyn_cast<TemplateSpecializationType>(CT)) {
+      auto TmplName = TST->getTemplateName();
+      if (!TmplName.isNull()) {
+        if (auto *TD = TmplName.getAsTemplateDecl())
+          R = dyn_cast_or_null<CXXRecordDecl>(TD->getTemplatedDecl());
+      }
+    }
+    if (!R)
+      return std::nullopt;
+  }
   if (!R->hasDefinition())
     return std::nullopt;
 
diff --git a/clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp b/clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp
new file mode 100644
index 0000000000000..8685978ebf1ac
--- /dev/null
+++ b/clang/test/Analysis/Checkers/WebKit/unchecked-call-arg.cpp
@@ -0,0 +1,34 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.webkit.UncheckedCallArgsChecker -verify %s
+
+void WTFCrash(void);
+
+enum class Tag : bool { Value };
+
+template <typename StorageType, Tag> class CanMakeCheckedPtrBase {
+public:
+  void incrementCheckedPtrCount() const { ++m_checkedPtrCount; }
+  inline void decrementCheckedPtrCount() const
+  {
+      if (!m_checkedPtrCount)
+        WTFCrash();
+      --m_checkedPtrCount;
+  }
+
+private:
+  mutable StorageType m_checkedPtrCount { 0 };
+};
+
+template<typename T, Tag tag>
+class CanMakeCheckedPtr : public CanMakeCheckedPtrBase<unsigned int, tag> {
+};
+
+class CheckedObject : public CanMakeCheckedPtr<CheckedObject, Tag::Value> {
+public:
+  void doWork();
+};
+
+CheckedObject* provide();
+void foo() {
+  provide()->doWork();
+  // expected-warning@-1{{Call argument for 'this' parameter is unchecked and unsafe}}
+}

t-rasmud

LGTM!

rniwa · 2025-04-24T20:13:45Z

Thank you for the review!

…nMakeCheckedPtrBase (llvm#136500) This PR fixes the bug that alpha.webkit.UncheckedCallArgsChecker did not recognize CanMakeCheckedPtrBase due to getAsCXXRecordDecl returning nullptr for it in hasPublicMethodInBase. Manually grab getTemplatedDecl out of TemplateSpecializationType then CXXRecordDecl to workaround this bug in clang frontend.

rniwa requested a review from t-rasmud April 20, 2025 18:12

llvmbot added clang Clang issues not falling into any other category clang:static analyzer labels Apr 20, 2025

t-rasmud approved these changes Apr 24, 2025

View reviewed changes

rniwa merged commit a7e5312 into llvm:main Apr 24, 2025
12 of 14 checks passed

rniwa deleted the webkit-TemplateSpecializationType-CXXRecordDecl branch April 24, 2025 20:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[alpha.webkit.UncheckedCallArgsChecker] Checker fails to recognize CanMakeCheckedPtrBase #136500

[alpha.webkit.UncheckedCallArgsChecker] Checker fails to recognize CanMakeCheckedPtrBase #136500

rniwa commented Apr 20, 2025

llvmbot commented Apr 20, 2025 •

edited

Loading

t-rasmud left a comment

rniwa commented Apr 24, 2025

[alpha.webkit.UncheckedCallArgsChecker] Checker fails to recognize CanMakeCheckedPtrBase #136500

[alpha.webkit.UncheckedCallArgsChecker] Checker fails to recognize CanMakeCheckedPtrBase #136500

Conversation

rniwa commented Apr 20, 2025

llvmbot commented Apr 20, 2025 • edited Loading

t-rasmud left a comment

Choose a reason for hiding this comment

rniwa commented Apr 24, 2025

llvmbot commented Apr 20, 2025 •

edited

Loading