[analyzer] [RetainCountChecker] Fix object type for CF/Obj-C bridged casts

George Karpenkov · George Karpenkov · commit b6c6ab312e9f · 2019-02-01T02:13:02.000Z
Having an incorrect type for a cast causes the checker to incorrectly dismiss the operation under ARC, leading to a false positive use-after-release on the test. rdar://47709885 Differential Revision: https://reviews.llvm.org/D57557 llvm-svn: 352824
diff --git a/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp
@@ -185,7 +185,16 @@ void RetainCountChecker::checkPostStmt(const CastExpr *CE,
   if (!BE)
     return;
 
-  ArgEffect AE = ArgEffect(IncRef, ObjKind::ObjC);
+  QualType QT = CE->getType();
+  ObjKind K;
+  if (coreFoundation::isCFObjectRef(QT)) {
+    K = ObjKind::CF;
+  } else {
+    assert(cocoa::isCocoaObjectRef(QT));
+    K = ObjKind::ObjC;
+  }
+
+  ArgEffect AE = ArgEffect(IncRef, K);
 
   switch (BE->getBridgeKind()) {
     case OBC_Bridge:
diff --git a/clang/test/Analysis/objc-arc.m b/clang/test/Analysis/objc-arc.m
@@ -123,7 +123,7 @@ void rdar9424882() {
 typedef const void *CFTypeRef;
 typedef const struct __CFString *CFStringRef;
 
-@interface NSString
+@interface NSString : NSObject
 - (id) self;
 @end
 
@@ -231,3 +231,16 @@ id rdar14061675() {
   return result;
 }
 
+typedef const void * CFTypeRef;
+typedef const struct __CFString * CFStringRef;
+typedef const struct __CFAllocator * CFAllocatorRef;
+extern const CFAllocatorRef kCFAllocatorDefault;
+
+extern CFTypeRef CFRetain(CFTypeRef cf);
+extern void CFRelease(CFTypeRef cf);
+
+void check_bridge_retained_cast() {
+    NSString *nsStr = [[NSString alloc] init];
+    CFStringRef cfStr = (__bridge_retained CFStringRef)nsStr;
+    CFRelease(cfStr); // no-warning
+}
