¶std::pair<const clang::Expr*, bool>
tryToFindPtrOrigin(const clang::Expr* E,
                   bool StopAtFirstRefCountedObj)

Description

This function de-facto defines a set of transformations that we consider safe (in heuristical sense). These transformation if passed a safe value as an input should provide a safe value (or an object that provides safe values). For more context see Static Analyzer checkers documentation - specifically webkit.UncountedCallArgsChecker checker. Allowed list of transformations: - constructors of ref-counted types (including factory methods) - getters of ref-counted types - member overloaded operators - casts - unary operators like `` & `` or ``*`` If passed expression is of type uncounted pointer/reference we try to find the "origin" of the pointer value. Origin can be for example a local variable, nullptr, constant or this-pointer. Certain subexpression nodes represent transformations that don't affect where the memory address originates from. We try to traverse such subexpressions to get to the relevant child nodes. Whenever we encounter a subexpression that either can't be ignored, we don't model its semantics or that has multiple children we stop. \p E is an expression of uncounted pointer/reference type. If \p StopAtFirstRefCountedObj is true and we encounter a subexpression that represents ref-counted object during the traversal we return relevant sub-expression and true.

Declared at: clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.h:54

Parameters

const clang::Expr* E

bool StopAtFirstRefCountedObj

Returns

subexpression that we traversed to and if \p StopAtFirstRefCountedObj is true we also return whether we stopped early.