| .clang-format |
|
19 |
| alpha |
|
|
| ArithmeticArgChecker.cpp |
|
2891 |
| ArithmeticArgChecker.h |
|
600 |
| AssertAssignmentChecker.cpp |
|
771 |
| AssertAssignmentChecker.h |
|
612 |
| BaseCheck.h |
|
1096 |
| CanRunScriptChecker.cpp |
This checker implements the "can run script" analysis. The idea is to detect
functions that can run script that are being passed reference-counted
arguments (including "this") whose refcount might go to zero as a result of
the script running. We want to prevent that.
The approach is to attempt to enforce the following invariants on the call
graph:
1) Any caller of a MOZ_CAN_RUN_SCRIPT function is itself MOZ_CAN_RUN_SCRIPT.
2) If a virtual MOZ_CAN_RUN_SCRIPT method overrides a base class method,
that base class method is also MOZ_CAN_RUN_SCRIPT.
Invariant 2 ensures that we don't accidentally call a MOZ_CAN_RUN_SCRIPT
function via a base-class virtual call. Invariant 1 ensures that
the property of being able to run script propagates up the callstack. There
is an opt-out for invariant 1: A function (declaration _or_ implementation)
can be decorated with MOZ_CAN_RUN_SCRIPT_BOUNDARY to indicate that we do not
require it or any of its callers to be MOZ_CAN_RUN_SCRIPT even if it calls
MOZ_CAN_RUN_SCRIPT functions.
There are two known holes in invariant 1, apart from the
MOZ_CAN_RUN_SCRIPT_BOUNDARY opt-out:
- Functions called via function pointers can be MOZ_CAN_RUN_SCRIPT even if
their caller is not, because we have no way to determine from the function
pointer what function is being called.
- MOZ_CAN_RUN_SCRIPT destructors can happen in functions that are not
MOZ_CAN_RUN_SCRIPT.
https://bugzilla.mozilla.org/show_bug.cgi?id=1535523 tracks this.
Given those invariants we then require that when calling a MOZ_CAN_RUN_SCRIPT
function all refcounted arguments (including "this") satisfy one of these
conditions:
a) The argument is held via a strong pointer on the stack.
b) The argument is a const strong pointer member of "this". We know "this"
is being kept alive, and a const strong pointer member can't drop its ref
until "this" dies.
c) The argument is an argument of the caller (and hence held by a strong
pointer somewhere higher up the callstack).
d) The argument is explicitly annotated with MOZ_KnownLive, which indicates
that something is guaranteed to keep it alive (e.g. it's rooted via a JS
reflector).
e) The argument is constexpr and therefore cannot disappear.
|
20387 |
| CanRunScriptChecker.h |
|
1040 |
| Checks.inc |
|
2402 |
| ChecksIncludes.inc |
|
1769 |
| CustomAttributes.cpp |
Having annotations in the AST unexpectedly impacts codegen.
Ideally, we'd avoid having annotations at all, by using an API such as
the one from https://reviews.llvm.org/D31338, and storing the attributes
data separately from the AST on our own. Unfortunately, there is no such
API currently in clang, so we must do without.
We can do something similar, though, where we go through the AST before
running the checks, create a mapping of AST nodes to attributes, and
remove the attributes/annotations from the AST nodes.
Not all declarations can be reached from the decl() AST matcher, though,
so we do our best effort (getting the other declarations we look at in
checks). We emit a warning when checks look at a note that still has
annotations attached (aka, hasn't been seen during our first pass),
so that those don't go unnoticed. (-Werror should then take care of
making that an error)
|
4708 |
| CustomAttributes.h |
CustomAttributes_h__ |
1218 |
| CustomAttributes.inc |
|
960 |
| CustomMatchers.h |
|
18983 |
| CustomTypeAnnotation.cpp |
|
6352 |
| CustomTypeAnnotation.h |
|
2852 |
| DanglingOnTemporaryChecker.cpp |
|
10210 |
| DanglingOnTemporaryChecker.h |
|
653 |
| DiagnosticsMatcher.cpp |
|
644 |
| DiagnosticsMatcher.h |
|
802 |
| ExplicitImplicitChecker.cpp |
|
1319 |
| ExplicitImplicitChecker.h |
|
612 |
| ExplicitOperatorBoolChecker.cpp |
|
1187 |
| ExplicitOperatorBoolChecker.h |
|
658 |
| external |
|
|
| FopenUsageChecker.cpp |
|
3313 |
| FopenUsageChecker.h |
|
588 |
| GlobalVariableInitializationChecker.cpp |
|
2845 |
| GlobalVariableInitializationChecker.h |
|
660 |
| import_mozilla_checks.py |
set(LLVM_LINK_COMPONENTS support)
add_definitions( -DCLANG_TIDY )
add_clang_library(clangTidyMozillaModule
ThirdPartyPaths.cpp
%(names)s
LINK_LIBS
clangTidy
clangTidyReadabilityModule
clangTidyUtils
clangTidyMPIModule
)
clang_target_link_libraries(clangTidyMozillaModule
PRIVATE
clangAST
clangASTMatchers
clangBasic
clangLex
) |
5663 |
| JSHandleRootedTypedefChecker.cpp |
|
1404 |
| JSHandleRootedTypedefChecker.h |
|
699 |
| KnownLiveChecker.cpp |
|
1399 |
| KnownLiveChecker.h |
|
620 |
| KungFuDeathGripChecker.cpp |
|
4177 |
| KungFuDeathGripChecker.h |
|
608 |
| LoadLibraryUsageChecker.cpp |
|
1352 |
| LoadLibraryUsageChecker.h |
|
653 |
| Makefile.in |
|
992 |
| MemMoveAnnotation.h |
|
1966 |
| moz.build |
|
4440 |
| MozCheckAction.cpp |
|
985 |
| MozillaTidyModule.cpp |
|
1300 |
| mozsearch-plugin |
|
|
| MustOverrideChecker.cpp |
|
2273 |
| MustOverrideChecker.h |
|
708 |
| MustReturnFromCallerChecker.cpp |
|
4329 |
| MustReturnFromCallerChecker.h |
|
907 |
| NaNExprChecker.cpp |
|
2333 |
| NaNExprChecker.h |
|
576 |
| NeedsNoVTableTypeChecker.cpp |
|
1381 |
| NeedsNoVTableTypeChecker.h |
|
616 |
| NoAddRefReleaseOnReturnChecker.cpp |
|
1381 |
| NoAddRefReleaseOnReturnChecker.h |
|
673 |
| NoAutoTypeChecker.cpp |
|
809 |
| NoAutoTypeChecker.h |
|
588 |
| NoDuplicateRefCntMemberChecker.cpp |
|
2627 |
| NoDuplicateRefCntMemberChecker.h |
|
673 |
| NoExplicitMoveConstructorChecker.cpp |
|
892 |
| NoExplicitMoveConstructorChecker.h |
|
683 |
| NoNewThreadsChecker.cpp |
|
1459 |
| NoNewThreadsChecker.h |
|
633 |
| NonMemMovableMemberChecker.cpp |
|
1299 |
| NonMemMovableMemberChecker.h |
|
653 |
| NonMemMovableTemplateArgChecker.cpp |
|
2129 |
| NonMemMovableTemplateArgChecker.h |
|
678 |
| NonParamInsideFunctionDeclChecker.cpp |
|
7898 |
| NonParamInsideFunctionDeclChecker.h |
|
688 |
| NonTrivialTypeInFfiChecker.cpp |
|
1945 |
| NonTrivialTypeInFfiChecker.h |
|
653 |
| NoPrincipalGetURI.cpp |
|
1102 |
| NoPrincipalGetURI.h |
|
588 |
| NoUsingNamespaceMozillaJavaChecker.cpp |
|
906 |
| NoUsingNamespaceMozillaJavaChecker.h |
|
693 |
| OverrideBaseCallChecker.cpp |
|
3677 |
| OverrideBaseCallChecker.h |
|
1065 |
| OverrideBaseCallUsageChecker.cpp |
|
798 |
| OverrideBaseCallUsageChecker.h |
This is a companion checker for OverrideBaseCallChecker that rejects
the usage of MOZ_REQUIRED_BASE_METHOD on non-virtual base methods.
|
843 |
| ParamTraitsEnumChecker.cpp |
|
1334 |
| ParamTraitsEnumChecker.h |
|
608 |
| plugin.h |
|
1699 |
| RecurseGuard.h |
|
1658 |
| RefCountedCopyConstructorChecker.cpp |
|
1427 |
| RefCountedCopyConstructorChecker.h |
|
683 |
| RefCountedInsideLambdaChecker.cpp |
|
6194 |
| RefCountedInsideLambdaChecker.h |
|
1031 |
| RefCountedThisInsideConstructorChecker.cpp |
|
1144 |
| RefCountedThisInsideConstructorChecker.h |
|
744 |
| ScopeChecker.cpp |
|
7183 |
| ScopeChecker.h |
|
568 |
| SprintfLiteralChecker.cpp |
|
3194 |
| SprintfLiteralChecker.h |
|
604 |
| StmtToBlockMap.h |
|
2926 |
| tests |
|
|
| ThirdPartyPaths.h |
|
497 |
| ThirdPartyPaths.py |
This file generates a ThirdPartyPaths.cpp file from the ThirdPartyPaths.txt
file in /tools/rewriting, which is used by the Clang Plugin to help identify
sources which should be ignored.
|
918 |
| ThreadAllows.py |
\
static const char *allow_thread_{which}[] = {{
{allowed_list_s}
}}; |
2863 |
| ThreadAllows.txt |
|
2692 |
| ThreadFileAllows.txt |
|
2637 |
| TrivialCtorDtorChecker.cpp |
|
1229 |
| TrivialCtorDtorChecker.h |
|
608 |
| TrivialDtorChecker.cpp |
|
815 |
| TrivialDtorChecker.h |
|
592 |
| Utils.h |
|
15813 |
| VariableUsageHelpers.cpp |
|
9808 |
| VariableUsageHelpers.h |
|
2638 |