[WebKit checkers] Treat NULL, 0, and nil like nullptr (llvm#157700)

rniwa · rniwa · commit 20ed04d5caf7 · 2025-09-13T00:42:29.000-07:00
This PR makes WebKit checkers treat NULL, 0, and nil like nullptr in
various places.
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -217,6 +217,16 @@ bool isASafeCallArg(const Expr *E) {
   return isa<CXXThisExpr>(E);
 }
 
+bool isNullPtr(const clang::Expr *E) {
+  if (isa<CXXNullPtrLiteralExpr>(E) || isa<GNUNullExpr>(E))
+    return true;
+  if (auto *Int = dyn_cast_or_null<IntegerLiteral>(E)) {
+    if (Int->getValue().isZero())
+      return true;
+  }
+  return false;
+}
+
 bool isConstOwnerPtrMemberExpr(const clang::Expr *E) {
   if (auto *MCE = dyn_cast<CXXMemberCallExpr>(E)) {
     if (auto *Callee = MCE->getDirectCallee()) {
@@ -275,7 +285,7 @@ class EnsureFunctionVisitor
   bool VisitReturnStmt(const ReturnStmt *RS) {
     if (auto *RV = RS->getRetValue()) {
       RV = RV->IgnoreParenCasts();
-      if (isa<CXXNullPtrLiteralExpr>(RV))
+      if (isNullPtr(RV))
         return true;
       return isConstOwnerPtrMemberExpr(RV);
     }
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.h b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.h
@@ -66,6 +66,9 @@ bool tryToFindPtrOrigin(
 /// \returns Whether \p E is a safe call arugment.
 bool isASafeCallArg(const clang::Expr *E);
 
+/// \returns true if E is nullptr or __null.
+bool isNullPtr(const clang::Expr *E);
+
 /// \returns true if E is a MemberExpr accessing a const smart pointer type.
 bool isConstOwnerPtrMemberExpr(const clang::Expr *E);
 
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ForwardDeclChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ForwardDeclChecker.cpp
@@ -272,7 +272,7 @@ class ForwardDeclChecker : public Checker<check::ASTDecl<TranslationUnitDecl>> {
           ArgExpr = ArgExpr->IgnoreParenCasts();
       }
     }
-    if (isa<CXXNullPtrLiteralExpr>(ArgExpr) || isa<IntegerLiteral>(ArgExpr) ||
+    if (isNullPtr(ArgExpr) || isa<IntegerLiteral>(ArgExpr) ||
         isa<CXXDefaultArgExpr>(ArgExpr))
       return;
     if (auto *DRE = dyn_cast<DeclRefExpr>(ArgExpr)) {
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefCallArgsChecker.cpp
@@ -217,13 +217,11 @@ class RawPtrRefCallArgsChecker
         [&](const clang::Expr *ArgOrigin, bool IsSafe) {
           if (IsSafe)
             return true;
-          if (isa<CXXNullPtrLiteralExpr>(ArgOrigin)) {
-            // foo(nullptr)
+          if (isNullPtr(ArgOrigin))
             return true;
-          }
           if (isa<IntegerLiteral>(ArgOrigin)) {
             // FIXME: Check the value.
-            // foo(NULL)
+            // foo(123)
             return true;
           }
           if (isa<ObjCStringLiteral>(ArgOrigin))
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLocalVarsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/RawPtrRefLocalVarsChecker.cpp
@@ -295,7 +295,7 @@ class RawPtrRefLocalVarsChecker
                 if (isa<CXXThisExpr>(InitArgOrigin))
                   return true;
 
-                if (isa<CXXNullPtrLiteralExpr>(InitArgOrigin))
+                if (isNullPtr(InitArgOrigin))
                   return true;
 
                 if (isa<IntegerLiteral>(InitArgOrigin))
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/RetainPtrCtorAdoptChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/RetainPtrCtorAdoptChecker.cpp
@@ -177,7 +177,8 @@ class RetainPtrCtorAdoptChecker
       CreateOrCopyFnCall.insert(Arg); // Avoid double reporting.
       return;
     }
-    if (Result == IsOwnedResult::Owned || Result == IsOwnedResult::Skip) {
+    if (Result == IsOwnedResult::Owned || Result == IsOwnedResult::Skip ||
+        isNullPtr(Arg)) {
       CreateOrCopyFnCall.insert(Arg);
       return;
     }
@@ -486,7 +487,7 @@ class RetainPtrCtorAdoptChecker
           continue;
         }
       }
-      if (isa<CXXNullPtrLiteralExpr>(E))
+      if (isNullPtr(E))
         return IsOwnedResult::NotOwned;
       if (auto *DRE = dyn_cast<DeclRefExpr>(E)) {
         auto QT = DRE->getType();
diff --git a/clang/test/Analysis/Checkers/WebKit/call-args-checked-const-member.cpp b/clang/test/Analysis/Checkers/WebKit/call-args-checked-const-member.cpp
@@ -71,12 +71,21 @@ class Foo {
     return m_obj5.get();
   }
 
+  CheckedObj* ensureObj6() {
+    if (!m_obj6)
+      const_cast<std::unique_ptr<CheckedObj>&>(m_obj6) = new CheckedObj;
+    if (m_obj6->next())
+      return (CheckedObj *)0;
+    return m_obj6.get();
+  }
+
 private:
   const std::unique_ptr<CheckedObj> m_obj1;
   std::unique_ptr<CheckedObj> m_obj2;
   const std::unique_ptr<CheckedObj> m_obj3;
   const std::unique_ptr<CheckedObj> m_obj4;
   const std::unique_ptr<CheckedObj> m_obj5;
+  const std::unique_ptr<CheckedObj> m_obj6;
 };
 
 void Foo::bar() {
@@ -87,6 +96,7 @@ void Foo::bar() {
   badEnsureObj4().method();
   // expected-warning@-1{{Call argument for 'this' parameter is unchecked and unsafe}}
   ensureObj5()->method();
+  ensureObj6()->method();
 }
 
 } // namespace call_args_const_unique_ptr
diff --git a/clang/test/Analysis/Checkers/WebKit/retain-ptr-ctor-adopt-use.mm b/clang/test/Analysis/Checkers/WebKit/retain-ptr-ctor-adopt-use.mm
@@ -13,6 +13,8 @@ void basic_correct() {
   auto ns4 = adoptNS([ns3 mutableCopy]);
   auto ns5 = adoptNS([ns3 copyWithValue:3]);
   auto ns6 = retainPtr([ns3 next]);
+  auto ns7 = retainPtr((SomeObj *)0);
+  auto ns8 = adoptNS(nil);
   CFMutableArrayRef cf1 = adoptCF(CFArrayCreateMutable(kCFAllocatorDefault, 10));
   auto cf2 = adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault));
   auto cf3 = adoptCF(checked_cf_cast<CFArrayRef>(CFCopyArray(cf1)));
@@ -111,6 +113,10 @@ - (void)setValue:value {
   return adoptCF(rawBuffer);
 }
 
+RetainPtr<SomeObj> return_nil() {
+  return nil;
+}
+
 RetainPtr<SomeObj> return_nullptr() {
   return nullptr;
 }
diff --git a/clang/test/Analysis/Checkers/WebKit/uncounted-local-vars.cpp b/clang/test/Analysis/Checkers/WebKit/uncounted-local-vars.cpp
@@ -121,6 +121,7 @@ void foo8(RefCountable* obj) {
     RefCountable *bar = foo->trivial() ? foo.get() : nullptr;
     // expected-warning@-1{{Local variable 'bar' is uncounted and unsafe [alpha.webkit.UncountedLocalVarsChecker]}}
     foo = nullptr;
+    foo = (RefCountable *)0;
     bar->method();
   }
 }
diff --git a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
@@ -456,6 +456,8 @@ - (void)doWorkOnSelf {
   // expected-warning@-1{{Call argument is unretained and unsafe}}
   // expected-warning@-2{{Call argument is unretained and unsafe}}
   [self doWork:@"hello", RetainPtr<SomeObj> { provide() }.get(), RetainPtr<CFMutableArrayRef> { provide_cf() }.get()];
+  [self doWork:__null];
+  [self doWork:nil];
 }
 
 - (SomeObj *)getSomeObj {

Original file line number	Diff line number	Diff line change
`@@ -272,7 +272,7 @@ class ForwardDeclChecker : public Checker<check::ASTDecl<TranslationUnitDecl>> {`
`272`	`272`	`ArgExpr = ArgExpr->IgnoreParenCasts();`
`273`	`273`	`}`
`274`	`274`	`}`
`275`		`- if (isa<CXXNullPtrLiteralExpr>(ArgExpr) \|\| isa<IntegerLiteral>(ArgExpr) \|\|`
	`275`	`+ if (isNullPtr(ArgExpr) \|\| isa<IntegerLiteral>(ArgExpr) \|\|`
`276`	`276`	`isa<CXXDefaultArgExpr>(ArgExpr))`
`277`	`277`	`return;`
`278`	`278`	`if (auto *DRE = dyn_cast<DeclRefExpr>(ArgExpr)) {`
Original file line number	Diff line number	Diff line change
`@@ -177,7 +177,8 @@ class RetainPtrCtorAdoptChecker`
`177`	`177`	`CreateOrCopyFnCall.insert(Arg); // Avoid double reporting.`
`178`	`178`	`return;`
`179`	`179`	`}`
`180`		`- if (Result == IsOwnedResult::Owned \|\| Result == IsOwnedResult::Skip) {`
	`180`	`+ if (Result == IsOwnedResult::Owned \|\| Result == IsOwnedResult::Skip \|\|`
	`181`	`+ isNullPtr(Arg)) {`
`181`	`182`	`CreateOrCopyFnCall.insert(Arg);`
`182`	`183`	`return;`
`183`	`184`	`}`
`@@ -486,7 +487,7 @@ class RetainPtrCtorAdoptChecker`
`486`	`487`	`continue;`
`487`	`488`	`}`
`488`	`489`	`}`
`489`		`- if (isa<CXXNullPtrLiteralExpr>(E))`
	`490`	`+ if (isNullPtr(E))`
`490`	`491`	`return IsOwnedResult::NotOwned;`
`491`	`492`	`if (auto *DRE = dyn_cast<DeclRefExpr>(E)) {`
`492`	`493`	`auto QT = DRE->getType();`
Original file line number	Diff line number	Diff line change
`@@ -121,6 +121,7 @@ void foo8(RefCountable* obj) {`
`121`	`121`	`RefCountable *bar = foo->trivial() ? foo.get() : nullptr;`
`122`	`122`	`// expected-warning@-1{{Local variable 'bar' is uncounted and unsafe [alpha.webkit.UncountedLocalVarsChecker]}}`
`123`	`123`	`foo = nullptr;`
	`124`	`+ foo = (RefCountable *)0;`
`124`	`125`	`bar->method();`
`125`	`126`	`}`
`126`	`127`	`}`
Original file line number	Diff line number	Diff line change
`@@ -456,6 +456,8 @@ - (void)doWorkOnSelf {`
`456`	`456`	`// expected-warning@-1{{Call argument is unretained and unsafe}}`
`457`	`457`	`// expected-warning@-2{{Call argument is unretained and unsafe}}`
`458`	`458`	`[self doWork:@"hello", RetainPtr<SomeObj> { provide() }.get(), RetainPtr<CFMutableArrayRef> { provide_cf() }.get()];`
	`459`	`+ [self doWork:__null];`
	`460`	`+ [self doWork:nil];`
`459`	`461`	`}`
`460`	`462`
`461`	`463`	`- (SomeObj *)getSomeObj {`