Name Description Size
ArithmeticArgChecker.cpp 2891
ArithmeticArgChecker.h 600
AssertAssignmentChecker.cpp 771
AssertAssignmentChecker.h 612
BaseCheck.h 1096
CanRunScriptChecker.cpp This checker implements the "can run script" analysis. The idea is to detect functions that can run script that are being passed reference-counted arguments (including "this") whose refcount might go to zero as a result of the script running. We want to prevent that. The approach is to attempt to enforce the following invariants on the call graph: 1) Any caller of a MOZ_CAN_RUN_SCRIPT function is itself MOZ_CAN_RUN_SCRIPT. 2) If a virtual MOZ_CAN_RUN_SCRIPT method overrides a base class method, that base class method is also MOZ_CAN_RUN_SCRIPT. Invariant 2 ensures that we don't accidentally call a MOZ_CAN_RUN_SCRIPT function via a base-class virtual call. Invariant 1 ensures that the property of being able to run script propagates up the callstack. There is an opt-out for invariant 1: A function (declaration _or_ implementation) can be decorated with MOZ_CAN_RUN_SCRIPT_BOUNDARY to indicate that we do not require it or any of its callers to be MOZ_CAN_RUN_SCRIPT even if it calls MOZ_CAN_RUN_SCRIPT functions. There are two known holes in invariant 1, apart from the MOZ_CAN_RUN_SCRIPT_BOUNDARY opt-out: - Functions called via function pointers can be MOZ_CAN_RUN_SCRIPT even if their caller is not, because we have no way to determine from the function pointer what function is being called. - MOZ_CAN_RUN_SCRIPT destructors can happen in functions that are not MOZ_CAN_RUN_SCRIPT. tracks this. Given those invariants we then require that when calling a MOZ_CAN_RUN_SCRIPT function all refcounted arguments (including "this") satisfy one of these conditions: a) The argument is held via a strong pointer on the stack. b) The argument is a const strong pointer member of "this". We know "this" is being kept alive, and a const strong pointer member can't drop its ref until "this" dies. c) The argument is an argument of the caller (and hence held by a strong pointer somewhere higher up the callstack). d) The argument is explicitly annotated with MOZ_KnownLive, which indicates that something is guaranteed to keep it alive (e.g. it's rooted via a JS reflector). e) The argument is constexpr and therefore cannot disappear. 17171
CanRunScriptChecker.h 1040 2028 1509
CustomAttributes.cpp Having annotations in the AST unexpectedly impacts codegen. Ideally, we'd avoid having annotations at all, by using an API such as the one from, and storing the attributes data separately from the AST on our own. Unfortunately, there is no such API currently in clang, so we must do without. We can do something similar, though, where we go through the AST before running the checks, create a mapping of AST nodes to attributes, and remove the attributes/annotations from the AST nodes. Not all declarations can be reached from the decl() AST matcher, though, so we do our best effort (getting the other declarations we look at in checks). We emit a warning when checks look at a note that still has annotations attached (aka, hasn't been seen during our first pass), so that those don't go unnoticed. (-Werror should then take care of making that an error) 4106
CustomAttributes.h CustomAttributes_h__ 997 882
CustomMatchers.h 13164
CustomTypeAnnotation.cpp 6159
CustomTypeAnnotation.h 2324
DanglingOnTemporaryChecker.cpp 10075
DanglingOnTemporaryChecker.h 653
DiagnosticsMatcher.cpp 535
DiagnosticsMatcher.h 583
ExplicitImplicitChecker.cpp 1319
ExplicitImplicitChecker.h 612
ExplicitOperatorBoolChecker.cpp 1385
ExplicitOperatorBoolChecker.h 658
KungFuDeathGripChecker.cpp 4087
KungFuDeathGripChecker.h 608
LoadLibraryUsageChecker.cpp 1352
LoadLibraryUsageChecker.h 653 648
MemMoveAnnotation.h 2281
MozCheckAction.cpp 985
MozillaTidyModule.cpp 1078
MustOverrideChecker.cpp 2273
MustOverrideChecker.h 708
MustReturnFromCallerChecker.cpp 3639
MustReturnFromCallerChecker.h 872
MustUseChecker.cpp 2407
MustUseChecker.h 640
NaNExprChecker.cpp 2429
NaNExprChecker.h 576
NeedsNoVTableTypeChecker.cpp 1381
NeedsNoVTableTypeChecker.h 616
NoAddRefReleaseOnReturnChecker.cpp 1296
NoAddRefReleaseOnReturnChecker.h 673
NoAutoTypeChecker.cpp 809
NoAutoTypeChecker.h 588
NoDuplicateRefCntMemberChecker.cpp 2627
NoDuplicateRefCntMemberChecker.h 673
NoExplicitMoveConstructorChecker.cpp 859
NoExplicitMoveConstructorChecker.h 683
NoUsingNamespaceMozillaJavaChecker.cpp 909
NoUsingNamespaceMozillaJavaChecker.h 690
NonMemMovableMemberChecker.cpp 1299
NonMemMovableMemberChecker.h 653
NonMemMovableTemplateArgChecker.cpp 2129
NonMemMovableTemplateArgChecker.h 678
NonParamInsideFunctionDeclChecker.cpp 3695
NonParamInsideFunctionDeclChecker.h 688
OverrideBaseCallChecker.cpp 3677
OverrideBaseCallChecker.h 1065
OverrideBaseCallUsageChecker.cpp 798
OverrideBaseCallUsageChecker.h This is a companion checker for OverrideBaseCallChecker that rejects the usage of MOZ_REQUIRED_BASE_METHOD on non-virtual base methods. 843
ParamTraitsEnumChecker.cpp 1324
ParamTraitsEnumChecker.h 631
RecurseGuard.h 1658
RefCountedCopyConstructorChecker.cpp 1427
RefCountedCopyConstructorChecker.h 683
RefCountedInsideLambdaChecker.cpp 5832
RefCountedInsideLambdaChecker.h 1031
ScopeChecker.cpp 7183
ScopeChecker.h 568
SprintfLiteralChecker.cpp 3194
SprintfLiteralChecker.h 604
StmtToBlockMap.h 2993
TempRefPtrChecker.cpp 2266
TempRefPtrChecker.h 628
ThirdPartyPaths.h 497 This file generates a ThirdPartyPaths.cpp file from the ThirdPartyPaths.txt file in /tools/rewriting, which is used by the Clang Plugin to help identify sources which should be ignored. 888
TrivialCtorDtorChecker.cpp 1229
TrivialCtorDtorChecker.h 608
TrivialDtorChecker.cpp 840
TrivialDtorChecker.h 592
Utils.h 15471
VariableUsageHelpers.cpp 9821
VariableUsageHelpers.h 2638 // This anchor is used to force the linker to link the MozillaModule. extern volatile int MozillaModuleAnchorSource; static int LLVM_ATTRIBUTE_UNUSED MozillaModuleAnchorDestination = MozillaModuleAnchorSource; 4780 3186
mozsearch-plugin This clang plugin code generates a JSON file for each compiler input 8
plugin.h 1625
tests 45
.clang-format 19