Name Description Size
alpha 8
ArithmeticArgChecker.cpp 2891
ArithmeticArgChecker.h 600
AssertAssignmentChecker.cpp 771
AssertAssignmentChecker.h 612
BaseCheck.h 1096
CanRunScriptChecker.cpp This checker implements the "can run script" analysis. The idea is to detect functions that can run script that are being passed reference-counted arguments (including "this") whose refcount might go to zero as a result of the script running. We want to prevent that. The approach is to attempt to enforce the following invariants on the call graph: 1) Any caller of a MOZ_CAN_RUN_SCRIPT function is itself MOZ_CAN_RUN_SCRIPT. 2) If a virtual MOZ_CAN_RUN_SCRIPT method overrides a base class method, that base class method is also MOZ_CAN_RUN_SCRIPT. Invariant 2 ensures that we don't accidentally call a MOZ_CAN_RUN_SCRIPT function via a base-class virtual call. Invariant 1 ensures that the property of being able to run script propagates up the callstack. There is an opt-out for invariant 1: A function (declaration _or_ implementation) can be decorated with MOZ_CAN_RUN_SCRIPT_BOUNDARY to indicate that we do not require it or any of its callers to be MOZ_CAN_RUN_SCRIPT even if it calls MOZ_CAN_RUN_SCRIPT functions. There are two known holes in invariant 1, apart from the MOZ_CAN_RUN_SCRIPT_BOUNDARY opt-out: - Functions called via function pointers can be MOZ_CAN_RUN_SCRIPT even if their caller is not, because we have no way to determine from the function pointer what function is being called. - MOZ_CAN_RUN_SCRIPT destructors can happen in functions that are not MOZ_CAN_RUN_SCRIPT. tracks this. Given those invariants we then require that when calling a MOZ_CAN_RUN_SCRIPT function all refcounted arguments (including "this") satisfy one of these conditions: a) The argument is held via a strong pointer on the stack. b) The argument is a const strong pointer member of "this". We know "this" is being kept alive, and a const strong pointer member can't drop its ref until "this" dies. c) The argument is an argument of the caller (and hence held by a strong pointer somewhere higher up the callstack). d) The argument is explicitly annotated with MOZ_KnownLive, which indicates that something is guaranteed to keep it alive (e.g. it's rooted via a JS reflector). e) The argument is constexpr and therefore cannot disappear. 18186
CanRunScriptChecker.h 1040 2323 1711
CustomAttributes.cpp Having annotations in the AST unexpectedly impacts codegen. Ideally, we'd avoid having annotations at all, by using an API such as the one from, and storing the attributes data separately from the AST on our own. Unfortunately, there is no such API currently in clang, so we must do without. We can do something similar, though, where we go through the AST before running the checks, create a mapping of AST nodes to attributes, and remove the attributes/annotations from the AST nodes. Not all declarations can be reached from the decl() AST matcher, though, so we do our best effort (getting the other declarations we look at in checks). We emit a warning when checks look at a note that still has annotations attached (aka, hasn't been seen during our first pass), so that those don't go unnoticed. (-Werror should then take care of making that an error) 4485
CustomAttributes.h CustomAttributes_h__ 1218 944
CustomMatchers.h 17804
CustomTypeAnnotation.cpp 6352
CustomTypeAnnotation.h 2852
DanglingOnTemporaryChecker.cpp 10210
DanglingOnTemporaryChecker.h 653
DiagnosticsMatcher.cpp 644
DiagnosticsMatcher.h 802
ExplicitImplicitChecker.cpp 1319
ExplicitImplicitChecker.h 612
ExplicitOperatorBoolChecker.cpp 1187
ExplicitOperatorBoolChecker.h 658
external 5
FopenUsageChecker.cpp 3313
FopenUsageChecker.h 588 set(LLVM_LINK_COMPONENTS support) add_definitions( -DCLANG_TIDY ) add_clang_library(clangTidyMozillaModule ThirdPartyPaths.cpp %(names)s LINK_LIBS clangTidy clangTidyReadabilityModule clangTidyUtils clangTidyMPIModule ) clang_target_link_libraries(clangTidyMozillaModule PRIVATE clangAST clangASTMatchers clangBasic clangLex ) 5984
JSHandleRootedTypedefChecker.cpp 1410
JSHandleRootedTypedefChecker.h 699
KnownLiveChecker.cpp 1399
KnownLiveChecker.h 620
KungFuDeathGripChecker.cpp 4177
KungFuDeathGripChecker.h 608
LoadLibraryUsageChecker.cpp 1352
LoadLibraryUsageChecker.h 653 441
MemMoveAnnotation.h 1966 4210
MozCheckAction.cpp 985
MozillaTidyModule.cpp 1300
mozsearch-plugin This clang plugin code generates a JSON file for each compiler input 6
MustOverrideChecker.cpp 2273
MustOverrideChecker.h 708
MustReturnFromCallerChecker.cpp 4342
MustReturnFromCallerChecker.h 907
NaNExprChecker.cpp 2429
NaNExprChecker.h 576
NeedsNoVTableTypeChecker.cpp 1381
NeedsNoVTableTypeChecker.h 616
NoAddRefReleaseOnReturnChecker.cpp 1381
NoAddRefReleaseOnReturnChecker.h 673
NoAutoTypeChecker.cpp 809
NoAutoTypeChecker.h 588
NoDuplicateRefCntMemberChecker.cpp 2627
NoDuplicateRefCntMemberChecker.h 673
NoExplicitMoveConstructorChecker.cpp 892
NoExplicitMoveConstructorChecker.h 683
NoNewThreadsChecker.cpp 1459
NoNewThreadsChecker.h 633
NonMemMovableMemberChecker.cpp 1299
NonMemMovableMemberChecker.h 653
NonMemMovableTemplateArgChecker.cpp 2129
NonMemMovableTemplateArgChecker.h 678
NonParamInsideFunctionDeclChecker.cpp 7768
NonParamInsideFunctionDeclChecker.h 688
NonTrivialTypeInFfiChecker.cpp 1945
NonTrivialTypeInFfiChecker.h 653
NoPrincipalGetURI.cpp 1066
NoPrincipalGetURI.h 588
NoUsingNamespaceMozillaJavaChecker.cpp 906
NoUsingNamespaceMozillaJavaChecker.h 693
OverrideBaseCallChecker.cpp 3677
OverrideBaseCallChecker.h 1065
OverrideBaseCallUsageChecker.cpp 798
OverrideBaseCallUsageChecker.h This is a companion checker for OverrideBaseCallChecker that rejects the usage of MOZ_REQUIRED_BASE_METHOD on non-virtual base methods. 843
ParamTraitsEnumChecker.cpp 1334
ParamTraitsEnumChecker.h 608
plugin.h 1699
RecurseGuard.h 1658
RefCountedCopyConstructorChecker.cpp 1427
RefCountedCopyConstructorChecker.h 683
RefCountedInsideLambdaChecker.cpp 6156
RefCountedInsideLambdaChecker.h 1031
ScopeChecker.cpp 7183
ScopeChecker.h 568
SprintfLiteralChecker.cpp 3194
SprintfLiteralChecker.h 604
StmtToBlockMap.h 2939
TemporaryLifetimeBoundChecker.cpp 3447
TemporaryLifetimeBoundChecker.h 679
tests 50
ThirdPartyPaths.h 497 This file generates a ThirdPartyPaths.cpp file from the ThirdPartyPaths.txt file in /tools/rewriting, which is used by the Clang Plugin to help identify sources which should be ignored. 1803 This script reads in the ThreadAllows.txt and ThreadFileAllows.txt lists and generates a header file containing a two arrays of allowed threads. These can be the following formats: -Files which the checker should ignore These files either contain definitions of NS_NewNamedThread or use args which the plugin can't cast (such as func args). -Thread names which the checker should ignore Specifies which individual thread names to ignore. 1850
ThreadAllows.txt 1314
ThreadFileAllows.txt 204
TrivialCtorDtorChecker.cpp 1229
TrivialCtorDtorChecker.h 608
TrivialDtorChecker.cpp 815
TrivialDtorChecker.h 592
Utils.h 15723
VariableUsageHelpers.cpp 9821
VariableUsageHelpers.h 2638
.clang-format 19