From 7c628aa473f93bbbd202d80d5f50a3913b76818d Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa@webkit.org>
Date: Sun, 28 Sep 2025 23:01:24 -0700
Subject: [PATCH 1/2] [WebKit Checkers] Treat a boxed value as a safe pointer
 origin

---
 clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp |  2 ++
 .../Analysis/Checkers/WebKit/unretained-call-args.mm  | 11 +++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
index 00a1b8b6e7e89..9060ec0f07771 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -208,6 +208,8 @@ bool tryToFindPtrOrigin(
       continue;
     }
     if (auto *BoxedExpr = dyn_cast<ObjCBoxedExpr>(E)) {
+      if (StopAtFirstRefCountedObj)
+        return callback(BoxedExpr, true);
       E = BoxedExpr->getSubExpr();
       continue;
     }
diff --git a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
index c9d2fe861bb49..a989e7161d24b 100644
--- a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
+++ b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
@@ -398,15 +398,21 @@ void foo() {
   void baz(const NSDictionary *);
   void boo(NSNumber *);
   void boo(CFTypeRef);
-  void foo() {
+
+  struct Details {
+    int value;
+  };
+
+  void foo(Details* details) {
     CFArrayCreateMutable(kCFAllocatorDefault, 10);
     bar(@[@"hello"]);
     baz(@{@"hello": @3});
     boo(@YES);
     boo(@NO);
+    boo(@(details->value));
   }
 }
-
+#if 0
 namespace call_with_cf_string {
   void bar(CFStringRef);
   void foo() {
@@ -601,3 +607,4 @@ - (NSString *)convertImage {
   return stringForImage(image.get());
 }
 @end
+#endif
\ No newline at end of file

From 8d7b261423dde71ee7f1792b7fe6bc7a189e91da Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rniwa@webkit.org>
Date: Mon, 29 Sep 2025 00:18:52 -0700
Subject: [PATCH 2/2] Revert disabling of subsequent test cases

---
 clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
index a989e7161d24b..7046386e3e49b 100644
--- a/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
+++ b/clang/test/Analysis/Checkers/WebKit/unretained-call-args.mm
@@ -412,7 +412,7 @@ void foo(Details* details) {
     boo(@(details->value));
   }
 }
-#if 0
+
 namespace call_with_cf_string {
   void bar(CFStringRef);
   void foo() {
@@ -607,4 +607,3 @@ - (NSString *)convertImage {
   return stringForImage(image.get());
 }
 @end
-#endif
\ No newline at end of file