[analyzer] Model another special-case kind of cast for OSObject RetainCountChecker

Differential Revision: https://reviews.llvm.org/D56951 llvm-svn: 351864
author: George Karpenkov <ekarpenkov@apple.com> 2019-01-22 19:50:47 +0000
committer: George Karpenkov <ekarpenkov@apple.com> 2019-01-22 19:50:47 +0000
commit: db0c66eeb02c44f0e36a1ed6cb1309453bc89905 (patch)
tree: 06c9e94a9cc66d780afab1bd3f5bf134b6881657 /clang/lib
parent: b8ecd7e49b83ecdcc2c3e86e1040a27cc499bb0c (diff)
download: bcm5719-llvm-db0c66eeb02c44f0e36a1ed6cb1309453bc89905.tar.gz
bcm5719-llvm-db0c66eeb02c44f0e36a1ed6cb1309453bc89905.zip
2 files changed, 25 insertions, 8 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp
index 4b8d7bd262a..e86d63804b8 100644
--- a/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp
@@ -849,7 +849,6 @@ void RetainCountChecker::processNonLeakError(ProgramStateRef St,
 //===----------------------------------------------------------------------===//
 
 bool RetainCountChecker::evalCall(const CallExpr *CE, CheckerContext &C) const {
-  // Get the callee. We're only interested in simple C functions.
   ProgramStateRef state = C.getState();
   const FunctionDecl *FD = C.getCalleeDecl(CE);
   if (!FD)
@@ -874,18 +873,27 @@ bool RetainCountChecker::evalCall(const CallExpr *CE, CheckerContext &C) const {
 
   // Bind the return value.
   if (BSmr == BehaviorSummary::Identity ||
-      BSmr == BehaviorSummary::IdentityOrZero) {
-    SVal RetVal = state->getSVal(CE->getArg(0), LCtx);
+      BSmr == BehaviorSummary::IdentityOrZero ||
+      BSmr == BehaviorSummary::IdentityThis) {
+
+    const Expr *BindReturnTo =
+        (BSmr == BehaviorSummary::IdentityThis)
+            ? cast<CXXMemberCallExpr>(CE)->getImplicitObjectArgument()
+            : CE->getArg(0);
+    SVal RetVal = state->getSVal(BindReturnTo, LCtx);
 
     // If the receiver is unknown or the function has
     // 'rc_ownership_trusted_implementation' annotate attribute, conjure a
     // return value.
+    // FIXME: this branch is very strange.
     if (RetVal.isUnknown() ||
         (hasTrustedImplementationAnnotation && !ResultTy.isNull())) {
       SValBuilder &SVB = C.getSValBuilder();
       RetVal =
           SVB.conjureSymbolVal(nullptr, CE, LCtx, ResultTy, C.blockCount());
     }
+
+    // Bind the value.
     state = state->BindExpr(CE, LCtx, RetVal, /*Invalidate=*/false);
 
     if (BSmr == BehaviorSummary::IdentityOrZero) {
diff --git a/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp b/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp
index 42d87b4e27d..6ebbc03c580 100644
--- a/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp
@@ -152,6 +152,10 @@ static bool isOSObjectDynamicCast(StringRef S) {
   return S == "safeMetaCast";
 }
 
+static bool isOSObjectThisCast(StringRef S) {
+  return S == "metaCast";
+}
+
 static bool isOSIteratorSubclass(const Decl *D) {
   return isSubclass(D, "OSIterator");
 }
@@ -219,13 +223,13 @@ RetainSummaryManager::getSummaryForOSObject(const FunctionDecl *FD,
     const CXXRecordDecl *PD = RetTy->getPointeeType()->getAsCXXRecordDecl();
     if (PD && isOSObjectSubclass(PD)) {
       if (const IdentifierInfo *II = FD->getIdentifier()) {
-        if (isOSObjectDynamicCast(II->getName()))
+        StringRef FuncName = II->getName();
+        if (isOSObjectDynamicCast(FuncName) || isOSObjectThisCast(FuncName))
           return getDefaultSummary();
 
         // All objects returned with functions *not* starting with
         // get, or iterators, are returned at +1.
-        if ((!II->getName().startswith("get") &&
-             !II->getName().startswith("Get")) ||
+        if ((!FuncName.startswith("get") && !FuncName.startswith("Get")) ||
             isOSIteratorSubclass(PD)) {
           return getOSSummaryCreateRule(FD);
         } else {
@@ -703,8 +707,13 @@ RetainSummaryManager::canEval(const CallExpr *CE, const FunctionDecl *FD,
     // the input was non-zero),
     // or that it returns zero (when the cast failed, or the input
     // was zero).
-    if (TrackOSObjects && isOSObjectDynamicCast(FName)) {
-      return BehaviorSummary::IdentityOrZero;
+    if (TrackOSObjects) {
+      if (isOSObjectDynamicCast(FName) && FD->param_size() >= 1) {
+        return BehaviorSummary::IdentityOrZero;
+      } else if (isOSObjectThisCast(FName) && isa<CXXMethodDecl>(FD) &&
+                 !cast<CXXMethodDecl>(FD)->isStatic()) {
+        return BehaviorSummary::IdentityThis;
+      }
     }
 
     const FunctionDecl* FDD = FD->getDefinition();
author	George Karpenkov <ekarpenkov@apple.com>	2019-01-22 19:50:47 +0000
committer	George Karpenkov <ekarpenkov@apple.com>	2019-01-22 19:50:47 +0000
commit	db0c66eeb02c44f0e36a1ed6cb1309453bc89905 (patch)
tree	06c9e94a9cc66d780afab1bd3f5bf134b6881657 /clang/lib
parent	b8ecd7e49b83ecdcc2c3e86e1040a27cc499bb0c (diff)
download	bcm5719-llvm-db0c66eeb02c44f0e36a1ed6cb1309453bc89905.tar.gz bcm5719-llvm-db0c66eeb02c44f0e36a1ed6cb1309453bc89905.zip