Hi all,
TL;DR : If safer C++ static analyzer bot emits a false positive warning, try
replacing
the use of `auto` with the explicit type.
It has been a while since we deployed the safer C++ static analyzer bot for
WebKit.
The safer C++ enforcement has been quite successful in reducing the total number
of security bugs in the enforced code as we had anticipated.
Thank you to many of you who have been fixing safer C++ warnings found in your
PR.
I wanted to give you one heads up that clang static analyzer can get easily
confused
by the use of `auto` keyword. Consider the following code:
ensureWeakOnHTMLMediaElementContext([track = WTFMove(track), enabled](auto&
mediaElement) mutable {
auto audioTrack =
AudioTrack::create(mediaElement.protectedScriptExecutionContext().get(), track);
audioTrack->setEnabled(enabled);
mediaElement.addAudioTrack(WTFMove(audioTrack));
});
The static analyzer was emitting a (false positive) warning for the first
argument to
`AudioTrack::create` even though `protectedScriptExecutionContext()` returns a
`RefPtr`.
This happens because the lambda function argument `mediaElement` uses `auto`.
Because of this `auto`, static analyzer fails to determine the actual type of
`mediaElement`.
This in turn prevents the static analyzer from determining the return type of
`protectedScriptExecutionContext()` and causes it to conclude that it may not
be safe
despite the fact it returns `RefPtr<ScriptExecutionContext>`.
In this case, specifying the explicit type of the lambda argument eliminates
this issue.
So, next time safer C++ bot finds an obvious a false positive in your PR, try
replacing
`auto` by the explicit type. That might just eliminate the warning.
- R. Niwa
_______________________________________________
webkit-dev mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-dev
