Description of problem:
clang's Thread Safety Analysis does not extend across function pointers. Function pointers are very common in C code, making it hard to use TSA in C programs.

There is a workaround in the form of annotating the function pointers
themselves. This way at least the analyzer guarantees the lock is
held when the function pointer value is loaded, but it doesn't actually
analyze the function pointer target function or check that the call
is made while the lock is still held.

Marc-André Lureau had patches for this five years ago but does not have the time to get them upstream:
https://github.com/elmarco/clang/commits/qemu-ta

Version-Release number of selected component (if applicable):
clang-15.0.7-2.el9.x86_64

How reproducible:
100%

Steps to Reproduce:
1. cat >a.c
#include <pthread.h>

typedef pthread_mutex_t _attribute_((capability("mutex"))) mutex;

static mutex lock = PTHREAD_MUTEX_INITIALIZER;
static int counter _attribute_((guarded_by(lock)));

void mutex_lock(mutex *m) _attribute((acquire_capability(lock))) __attribute_((no_thread_safety_analysis))
{
pthread_mutex_lock(m);
}

void mutex_unlock(mutex *m) _attribute((release_capability(lock))) __attribute_((no_thread_safety_analysis))
{
pthread_mutex_unlock(m);
}

static void counter_inc(void) _attribute_((requires_capability(lock)))
{
counter++;
}

int main(int argc, char **argv)
{
/* TSA does not detect that lock must be held */
void (*counter_inc_fn)(void) = counter_inc;
counter_inc_fn();
return 0;
}
^D
2. $ clang -Wthread-safety -o a a.c

Actual results:
No TSA warning is emitted.

Expected results:
TSA warns that counter_inc() was called without holding lock.

Additional info: