Merge Webkit checker fixes #10219
Open
Merge Webkit checker fixes #10219
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…iables to NS and CF types. (llvm#127554) This PR adds alpha.webkit.UnretainedLocalVarsChecker by generalizing RawPtrRefLocalVarsChecker. It checks local variables to NS or CF types are guarded with a RetainPtr or not. The new checker is effective for NS and CF types in Objective-C++ code without ARC, and it's effective for CF types in code with ARC.
…gsChecker (llvm#129424) Simply add awareness of BindingDecl to the logic for identifying local assignments.
…uctExpr as a safe origin. (llvm#130258) Handle CXXUnresolvedConstructExpr in tryToFindPtrOrigin so that constructing Ref, RefPtr, CheckedRef, CheckedPtr, ... constructed in such a way that its type is unresolved at AST level will be still treated as a safe pointer origin. Also fix a bug in isPtrOfType that it was not recognizing DeducedTemplateSpecializationType.
…or lambda capturing NS or CF types. (llvm#128651) Add a new WebKit checker for checking that lambda captures of CF types use RetainPtr either when ARC is disabled or enabled, and those of NS types use RetainPtr when ARC is disabled.
… unretained member variables and ivars. (llvm#128641) Add a new WebKit checker for member variables and instance variables of NS and CF types. A member variable or instance variable to a CF type should be RetainPtr regardless of whether ARC is enabled or disabled, and that of a NS type should be RetainPtr when ARC is disabled.
Prior to this PR, WebKit checkers erroneously treated functions to be safe if it has a trivial body even if it was marked as virtual. In the case of a virtual function, it can have an override which does not pass the triviality check so we must not make such an assumption. This PR also restricts the allowed operator overloading while finding the pointer origin to just operators on smart pointer types: Ref, RefPtr, CheckedRef, CheckedPtr, RetainPtr, WeakPtr, WeakRef, unique_ptr, and UniqueRef.
…This) (llvm#130925) In WebKit, it's a common pattern for a lambda to capture "this" along with "protectedThis" of Ref/RefPtr type, and re-capture "this" and "std::move(protectedThis)" for a nested inner lambda. Recognize this pattern and treat it as safe.
…n of Ref from a Ref return value safe. (llvm#130911) Fix a bug that an explicit construction of Ref out of a Ref return value would not be treated as safe. It is definitely safe albit redundant.
…ker for correct use of RetainPtr, adoptNS, and adoptCF (llvm#128679) Add a new WebKit checker to validate the correct use of RetainPtr constructor as well as adoptNS and adoptCF functions. adoptNS and adoptCf are used for +1 semantics and RetainPtr constructor is used for +0 semantics.
…d declarations (llvm#130554) Add a new static analyzer which emits warnings for function call arguments, local variables, and member variables that are only forward declared. These forward declaration prevents other WebKit checkers from checking the safety of code.
…eated as safe. (llvm#131500) …os_log functions should be treated as safe in call arguments checkers. Also treat __builtin_* functions and __libcpp_verbose_abort functions as "trivial" for the purpose in call argument checkers.
…s treated as if it's ref countable. (llvm#131249) This PR fixes a regression that webkit.NoUncountedMemberChecker and alpha.webkit.NoUncheckedMemberChecker emits warnings for every class as if they supported ref counting and checked ptr because we were erroneously coercing the return value of isRefCountable and isCheckedPtrCapable, which is std::optional<bool>, to boolean values.
…ase. (llvm#132497) This PR adds the support for WTF::NoVirtualDestructorBase, which signifies to the checker that the class is exempt from having a virtual destructor.
…ctions. (llvm#132784) Recognize dynamic_objc_cast, checked_objc_cast, dynamic_cf_cast, and checked_cf_cast.
…ive-C types in ivars. (llvm#132833) This PR fixes the bug that we weren't generating warnings when a raw poiner is used to point to a NS type in Objective-C ivars. Also fix the bug that we weren't suppressing this warning in system headers.
… ivar / property of a forward declared type (llvm#133755) Prior to this PR, we were emitting warnings for Objective-C ivars and properties if the forward declaration of the type appeared first in a non-system header. This PR fixes the checker so tha we'd ignore ivars and properties defined for a forward declared type.
…llvm#133605) Objective-C selectors are supposed to return autoreleased object. Treat these return values as safe.
…vm#133804) There are some system libraries such as sqlite3 which forward declare a struct then use a pointer to that forward declared type in various APIs. Ignore these types ForwardDeclChecker like other pointer types.
…iteral as +1 (llvm#132350) This PR adds the support for recognizing the return value of copy / mutableCopy as +1. isAllocInit and isOwned now traverses PseudoObjectExpr to its last semantic expression.
…otectedSelf (llvm#132518) This PR adds the support for treating capturing of "self" as safe if the lambda simultaneously captures "protectedSelf", which is a RetainPtr of "self". This PR also fixes a bug that the checker wasn't generating a warning when "self" is implicitly captured. Note when "self" is implicitly captured, we use the lambda's getBeginLoc as a fallback source location.
…lvm#132316) This PR adds the support for recognizing calling adoptCF/adoptNS on the result of a cast operation on the return value of a function which creates NS or CF types. It also fixes a bug that we weren't reporting memory leaks when CF types are created without ever calling RetainPtr's constructor, adoptCF, or adoptNS. To do this, this PR adds a new mechanism to report a memory leak whenever create or copy CF functions are invoked unless this CallExpr has already been visited while validating a call to adoptCF. Also added an early exit when isOwned returns IsOwnedResult::Skip due to an unresolved template argument.
…te specialization (llvm#134545) This PR fixes a bug that when a template specialization is declared with a forward declaration of a template, the checker fails to find its definition in the same translation unit and erroneously emit an unsafe forward declaration warning.
…ainPtr::operator= (llvm#135526) Generalize the check for operator= so that it works for RetainPtr and CheckedPtr instead of just RefPtr.
…rArc (llvm#135532) WebKit uses #define to rename RetainPtr to RetainPtrArc so add the support for it.
This PR makes WebKit checkers treat a variable with global storage as safe instead of constraining to ones that start with k or _k.
…mart pointer classes (llvm#136503) This PR fixes member variable checker to allow the usage of T* in smart pointer classes. e.g. alpha.webkit.NoUncheckedPtrMemberChecker should allow T* to appear within RefPtr.
…nMakeCheckedPtrBase (llvm#136500) This PR fixes the bug that alpha.webkit.UncheckedCallArgsChecker did not recognize CanMakeCheckedPtrBase due to getAsCXXRecordDecl returning nullptr for it in hasPublicMethodInBase. Manually grab getTemplatedDecl out of TemplateSpecializationType then CXXRecordDecl to workaround this bug in clang frontend.
…on via a variable as safe. (llvm#135688) This PR makes the checker ignore a function call to lambda via a local variable.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge all the WebKit checker fixes landed after #10038.