1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /* Implementations of various class and method modifier attributes. */
9 #ifndef mozilla_Attributes_h
10 #define mozilla_Attributes_h
15 * MOZ_ALWAYS_INLINE is a macro which expands to tell the compiler that the
16 * method decorated with it must be inlined, even if the compiler thinks
17 * otherwise. This is only a (much) stronger version of the inline hint:
18 * compilers are not guaranteed to respect it (although they're much more likely
21 * The MOZ_ALWAYS_INLINE_EVEN_DEBUG macro is yet stronger. It tells the
22 * compiler to inline even in DEBUG builds. It should be used very rarely.
25 # define MOZ_ALWAYS_INLINE_EVEN_DEBUG __forceinline
26 #elif defined(__GNUC__)
27 # define MOZ_ALWAYS_INLINE_EVEN_DEBUG __attribute__((always_inline)) inline
29 # define MOZ_ALWAYS_INLINE_EVEN_DEBUG inline
33 # define MOZ_ALWAYS_INLINE MOZ_ALWAYS_INLINE_EVEN_DEBUG
34 #elif defined(_MSC_VER) && !defined(__cplusplus)
35 # define MOZ_ALWAYS_INLINE __inline
37 # define MOZ_ALWAYS_INLINE inline
42 * g++ requires -std=c++0x or -std=gnu++0x to support C++11 functionality
43 * without warnings (functionality used by the macros below). These modes are
44 * detectable by checking whether __GXX_EXPERIMENTAL_CXX0X__ is defined or, more
45 * standardly, by checking whether __cplusplus has a C++11 or greater value.
46 * Current versions of g++ do not correctly set __cplusplus, so we check both
47 * for forward compatibility.
49 * Even though some versions of MSVC support explicit conversion operators, we
50 * don't indicate support for them here, due to
51 * http://stackoverflow.com/questions/20498142/visual-studio-2013-explicit-keyword-bug
53 # define MOZ_HAVE_NEVER_INLINE __declspec(noinline)
54 # define MOZ_HAVE_NORETURN __declspec(noreturn)
56 /* clang-cl probably supports constexpr and explicit conversions. */
57 # if __has_extension(cxx_constexpr)
58 # define MOZ_HAVE_CXX11_CONSTEXPR
60 # if __has_extension(cxx_explicit_conversions)
61 # define MOZ_HAVE_EXPLICIT_CONVERSION
64 #elif defined(__clang__)
66 * Per Clang documentation, "Note that marketing version numbers should not
67 * be used to check for language features, as different vendors use different
68 * numbering schemes. Instead, use the feature checking macros."
70 # ifndef __has_extension
71 # define __has_extension __has_feature /* compatibility, for older versions of clang */
73 # if __has_extension(cxx_constexpr)
74 # define MOZ_HAVE_CXX11_CONSTEXPR
76 # if __has_extension(cxx_explicit_conversions)
77 # define MOZ_HAVE_EXPLICIT_CONVERSION
79 # if __has_attribute(noinline)
80 # define MOZ_HAVE_NEVER_INLINE __attribute__((noinline))
82 # if __has_attribute(noreturn)
83 # define MOZ_HAVE_NORETURN __attribute__((noreturn))
85 #elif defined(__GNUC__)
86 # if defined(__GXX_EXPERIMENTAL_CXX0X__) || (defined(__cplusplus) && __cplusplus >= 201103L)
87 # define MOZ_HAVE_CXX11_CONSTEXPR
88 # if MOZ_GCC_VERSION_AT_LEAST(4, 8, 0)
89 # define MOZ_HAVE_CXX11_CONSTEXPR_IN_TEMPLATES
91 # define MOZ_HAVE_EXPLICIT_CONVERSION
93 # define MOZ_HAVE_NEVER_INLINE __attribute__((noinline))
94 # define MOZ_HAVE_NORETURN __attribute__((noreturn))
98 * When built with clang analyzer (a.k.a scan-build), define MOZ_HAVE_NORETURN
99 * to mark some false positives
101 #ifdef __clang_analyzer__
102 # if __has_extension(attribute_analyzer_noreturn)
103 # define MOZ_HAVE_ANALYZER_NORETURN __attribute__((analyzer_noreturn))
108 * The MOZ_CONSTEXPR specifier declares that a C++11 compiler can evaluate a
109 * function at compile time. A constexpr function cannot examine any values
110 * except its arguments and can have no side effects except its return value.
111 * The MOZ_CONSTEXPR_VAR specifier tells a C++11 compiler that a variable's
112 * value may be computed at compile time. It should be preferred to just
113 * marking variables as MOZ_CONSTEXPR because if the compiler does not support
114 * constexpr it will fall back to making the variable const, and some compilers
115 * do not accept variables being marked both const and constexpr.
117 #ifdef MOZ_HAVE_CXX11_CONSTEXPR
118 # define MOZ_CONSTEXPR constexpr
119 # define MOZ_CONSTEXPR_VAR constexpr
120 # ifdef MOZ_HAVE_CXX11_CONSTEXPR_IN_TEMPLATES
121 # define MOZ_CONSTEXPR_TMPL constexpr
123 # define MOZ_CONSTEXPR_TMPL
126 # define MOZ_CONSTEXPR /* no support */
127 # define MOZ_CONSTEXPR_VAR const
128 # define MOZ_CONSTEXPR_TMPL
132 * MOZ_EXPLICIT_CONVERSION is a specifier on a type conversion
133 * overloaded operator that declares that a C++11 compiler should restrict
134 * this operator to allow only explicit type conversions, disallowing
135 * implicit conversions.
139 * template<typename T>
143 * MOZ_EXPLICIT_CONVERSION operator bool() const
145 * return mPtr != nullptr;
150 #ifdef MOZ_HAVE_EXPLICIT_CONVERSION
151 # define MOZ_EXPLICIT_CONVERSION explicit
153 # define MOZ_EXPLICIT_CONVERSION /* no support */
157 * MOZ_NEVER_INLINE is a macro which expands to tell the compiler that the
158 * method decorated with it must never be inlined, even if the compiler would
159 * otherwise choose to inline the method. Compilers aren't absolutely
160 * guaranteed to support this, but most do.
162 #if defined(MOZ_HAVE_NEVER_INLINE)
163 # define MOZ_NEVER_INLINE MOZ_HAVE_NEVER_INLINE
165 # define MOZ_NEVER_INLINE /* no support */
169 * MOZ_NORETURN, specified at the start of a function declaration, indicates
170 * that the given function does not return. (The function definition does not
171 * need to be annotated.)
173 * MOZ_NORETURN void abort(const char* msg);
175 * This modifier permits the compiler to optimize code assuming a call to such a
176 * function will never return. It also enables the compiler to avoid spurious
177 * warnings about not initializing variables, or about any other seemingly-dodgy
178 * operations performed after the function returns.
180 * This modifier does not affect the corresponding function's linking behavior.
182 #if defined(MOZ_HAVE_NORETURN)
183 # define MOZ_NORETURN MOZ_HAVE_NORETURN
185 # define MOZ_NORETURN /* no support */
189 * MOZ_COLD tells the compiler that a function is "cold", meaning infrequently
190 * executed. This may lead it to optimize for size more aggressively than speed,
191 * or to allocate the body of the function in a distant part of the text segment
192 * to help keep it from taking up unnecessary icache when it isn't in use.
194 * Place this attribute at the very beginning of a function definition. For
197 * MOZ_COLD int foo();
201 * MOZ_COLD int foo() { return 42; }
203 #if defined(__GNUC__) || defined(__clang__)
204 # define MOZ_COLD __attribute__ ((cold))
210 * MOZ_NONNULL tells the compiler that some of the arguments to a function are
211 * known to be non-null. The arguments are a list of 1-based argument indexes
212 * identifying arguments which are known to be non-null.
214 * Place this attribute at the very beginning of a function definition. For
217 * MOZ_NONNULL(1, 2) int foo(char *p, char *q);
219 #if defined(__GNUC__) || defined(__clang__)
220 # define MOZ_NONNULL(...) __attribute__ ((nonnull(__VA_ARGS__)))
222 # define MOZ_NONNULL(...)
226 * MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS, specified at the end of a function
227 * declaration, indicates that for the purposes of static analysis, this
228 * function does not return. (The function definition does not need to be
231 * MOZ_ReportCrash(const char* s, const char* file, int ln)
232 * MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS
234 * Some static analyzers, like scan-build from clang, can use this information
235 * to eliminate false positives. From the upstream documentation of scan-build:
236 * "This attribute is useful for annotating assertion handlers that actually
237 * can return, but for the purpose of using the analyzer we want to pretend
238 * that such functions do not return."
241 #if defined(MOZ_HAVE_ANALYZER_NORETURN)
242 # define MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS MOZ_HAVE_ANALYZER_NORETURN
244 # define MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS /* no support */
248 * MOZ_ASAN_DENYLIST is a macro to tell AddressSanitizer (a compile-time
249 * instrumentation shipped with Clang and GCC) to not instrument the annotated
250 * function. Furthermore, it will prevent the compiler from inlining the
251 * function because inlining currently breaks the denylisting mechanism of
254 #if defined(__has_feature)
255 # if __has_feature(address_sanitizer)
256 # define MOZ_HAVE_ASAN_DENYLIST
258 #elif defined(__GNUC__)
259 # if defined(__SANITIZE_ADDRESS__)
260 # define MOZ_HAVE_ASAN_DENYLIST
264 #if defined(MOZ_HAVE_ASAN_DENYLIST)
265 # define MOZ_ASAN_DENYLIST MOZ_NEVER_INLINE __attribute__((no_sanitize_address))
267 # define MOZ_ASAN_DENYLIST /* nothing */
271 * MOZ_TSAN_DENYLIST is a macro to tell ThreadSanitizer (a compile-time
272 * instrumentation shipped with Clang) to not instrument the annotated function.
273 * Furthermore, it will prevent the compiler from inlining the function because
274 * inlining currently breaks the denylisting mechanism of ThreadSanitizer.
276 #if defined(__has_feature)
277 # if __has_feature(thread_sanitizer)
278 # define MOZ_TSAN_DENYLIST MOZ_NEVER_INLINE __attribute__((no_sanitize_thread))
280 # define MOZ_TSAN_DENYLIST /* nothing */
283 # define MOZ_TSAN_DENYLIST /* nothing */
287 * MOZ_ALLOCATOR tells the compiler that the function it marks returns either a
288 * "fresh", "pointer-free" block of memory, or nullptr. "Fresh" means that the
289 * block is not pointed to by any other reachable pointer in the program.
290 * "Pointer-free" means that the block contains no pointers to any valid object
291 * in the program. It may be initialized with other (non-pointer) values.
293 * Placing this attribute on appropriate functions helps GCC analyze pointer
294 * aliasing more accurately in their callers.
296 * GCC warns if a caller ignores the value returned by a function marked with
297 * MOZ_ALLOCATOR: it is hard to imagine cases where dropping the value returned
298 * by a function that meets the criteria above would be intentional.
300 * Place this attribute after the argument list and 'this' qualifiers of a
301 * function definition. For example, write
303 * void *my_allocator(size_t) MOZ_ALLOCATOR;
307 * void *my_allocator(size_t bytes) MOZ_ALLOCATOR { ... }
309 #if defined(__GNUC__) || defined(__clang__)
310 # define MOZ_ALLOCATOR __attribute__ ((malloc, warn_unused_result))
312 # define MOZ_ALLOCATOR
316 * MOZ_WARN_UNUSED_RESULT tells the compiler to emit a warning if a function's
317 * return value is not used by the caller.
319 * Place this attribute at the very beginning of a function definition. For
322 * MOZ_WARN_UNUSED_RESULT int foo();
326 * MOZ_WARN_UNUSED_RESULT int foo() { return 42; }
328 #if defined(__GNUC__) || defined(__clang__)
329 # define MOZ_WARN_UNUSED_RESULT __attribute__ ((warn_unused_result))
331 # define MOZ_WARN_UNUSED_RESULT
337 * The following macros are attributes that support the static analysis plugin
338 * included with Mozilla, and will be implemented (when such support is enabled)
339 * as C++11 attributes. Since such attributes are legal pretty much everywhere
340 * and have subtly different semantics depending on their placement, the
341 * following is a guide on where to place the attributes.
343 * Attributes that apply to a struct or class precede the name of the class:
344 * (Note that this is different from the placement of final for classes!)
346 * class MOZ_CLASS_ATTRIBUTE SomeClass {};
348 * Attributes that apply to functions follow the parentheses and const
349 * qualifiers but precede final, override and the function body:
351 * void DeclaredFunction() MOZ_FUNCTION_ATTRIBUTE;
352 * void SomeFunction() MOZ_FUNCTION_ATTRIBUTE {}
353 * void PureFunction() const MOZ_FUNCTION_ATTRIBUTE = 0;
354 * void OverriddenFunction() MOZ_FUNCTION_ATTRIBUTE override;
356 * Attributes that apply to variables or parameters follow the variable's name:
358 * int variable MOZ_VARIABLE_ATTRIBUTE;
360 * Attributes that apply to types follow the type name:
362 * typedef int MOZ_TYPE_ATTRIBUTE MagicInt;
363 * int MOZ_TYPE_ATTRIBUTE someVariable;
364 * int* MOZ_TYPE_ATTRIBUTE magicPtrInt;
365 * int MOZ_TYPE_ATTRIBUTE* ptrToMagicInt;
367 * Attributes that apply to statements precede the statement:
369 * MOZ_IF_ATTRIBUTE if (x == 0)
370 * MOZ_DO_ATTRIBUTE do { } while (0);
372 * Attributes that apply to labels precede the label:
374 * MOZ_LABEL_ATTRIBUTE target:
376 * MOZ_CASE_ATTRIBUTE case 5:
377 * MOZ_DEFAULT_ATTRIBUTE default:
379 * The static analyses that are performed by the plugin are as follows:
381 * MOZ_MUST_OVERRIDE: Applies to all C++ member functions. All immediate
382 * subclasses must provide an exact override of this method; if a subclass
383 * does not override this method, the compiler will emit an error. This
384 * attribute is not limited to virtual methods, so if it is applied to a
385 * nonvirtual method and the subclass does not provide an equivalent
386 * definition, the compiler will emit an error.
387 * MOZ_STACK_CLASS: Applies to all classes. Any class with this annotation is
388 * expected to live on the stack, so it is a compile-time error to use it, or
389 * an array of such objects, as a global or static variable, or as the type of
390 * a new expression (unless placement new is being used). If a member of
391 * another class uses this class, or if another class inherits from this
392 * class, then it is considered to be a stack class as well, although this
393 * attribute need not be provided in such cases.
394 * MOZ_NONHEAP_CLASS: Applies to all classes. Any class with this annotation is
395 * expected to live on the stack or in static storage, so it is a compile-time
396 * error to use it, or an array of such objects, as the type of a new
397 * expression (unless placement new is being used). If a member of another
398 * class uses this class, or if another class inherits from this class, then
399 * it is considered to be a non-heap class as well, although this attribute
400 * need not be provided in such cases.
401 * MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS: Applies to all classes that are
402 * intended to prevent introducing static initializers. This attribute
403 * currently makes it a compile-time error to instantiate these classes
404 * anywhere other than at the global scope, or as a static member of a class.
405 * MOZ_TRIVIAL_CTOR_DTOR: Applies to all classes that must have both a trivial
406 * constructor and a trivial destructor. Setting this attribute on a class
407 * makes it a compile-time error for that class to get a non-trivial
408 * constructor or destructor for any reason.
409 * MOZ_HEAP_ALLOCATOR: Applies to any function. This indicates that the return
410 * value is allocated on the heap, and will as a result check such allocations
411 * during MOZ_STACK_CLASS and MOZ_NONHEAP_CLASS annotation checking.
412 * MOZ_IMPLICIT: Applies to constructors. Implicit conversion constructors
413 * are disallowed by default unless they are marked as MOZ_IMPLICIT. This
414 * attribute must be used for constructors which intend to provide implicit
416 * MOZ_NO_ARITHMETIC_EXPR_IN_ARGUMENT: Applies to functions. Makes it a compile
417 * time error to pass arithmetic expressions on variables to the function.
418 * MOZ_OWNING_REF: Applies to declarations of pointer types. This attribute
419 * tells the compiler that the raw pointer is a strong reference, and that
420 * property is somehow enforced by the code. This can make the compiler
421 * ignore these pointers when validating the usage of pointers otherwise.
422 * MOZ_NON_OWNING_REF: Applies to declarations of pointer types. This attribute
423 * tells the compiler that the raw pointer is a weak reference, and that
424 * property is somehow enforced by the code. This can make the compiler
425 * ignore these pointers when validating the usage of pointers otherwise.
426 * MOZ_UNSAFE_REF: Applies to declarations of pointer types. This attribute
427 * should be used for non-owning references that can be unsafe, and their
428 * safety needs to be validated through code inspection. The string argument
429 * passed to this macro documents the safety conditions.
430 * MOZ_NO_ADDREF_RELEASE_ON_RETURN: Applies to function declarations. Makes it
431 * a compile time error to call AddRef or Release on the return value of a
432 * function. This is intended to be used with operator->() of our smart
433 * pointer classes to ensure that the refcount of an object wrapped in a
434 * smart pointer is not manipulated directly.
436 #ifdef MOZ_CLANG_PLUGIN
437 # define MOZ_MUST_OVERRIDE __attribute__((annotate("moz_must_override")))
438 # define MOZ_STACK_CLASS __attribute__((annotate("moz_stack_class")))
439 # define MOZ_NONHEAP_CLASS __attribute__((annotate("moz_nonheap_class")))
440 # define MOZ_TRIVIAL_CTOR_DTOR __attribute__((annotate("moz_trivial_ctor_dtor")))
442 /* in debug builds, these classes do have non-trivial constructors. */
443 # define MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS __attribute__((annotate("moz_global_class")))
445 # define MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS __attribute__((annotate("moz_global_class"))) \
446 MOZ_TRIVIAL_CTOR_DTOR
448 # define MOZ_IMPLICIT __attribute__((annotate("moz_implicit")))
449 # define MOZ_NO_ARITHMETIC_EXPR_IN_ARGUMENT __attribute__((annotate("moz_no_arith_expr_in_arg")))
450 # define MOZ_OWNING_REF __attribute__((annotate("moz_strong_ref")))
451 # define MOZ_NON_OWNING_REF __attribute__((annotate("moz_weak_ref")))
452 # define MOZ_UNSAFE_REF(reason) __attribute__((annotate("moz_strong_ref")))
453 # define MOZ_NO_ADDREF_RELEASE_ON_RETURN __attribute__((annotate("moz_no_addref_release_on_return")))
455 * It turns out that clang doesn't like void func() __attribute__ {} without a
456 * warning, so use pragmas to disable the warning. This code won't work on GCC
457 * anyways, so the warning is safe to ignore.
459 # define MOZ_HEAP_ALLOCATOR \
460 _Pragma("clang diagnostic push") \
461 _Pragma("clang diagnostic ignored \"-Wgcc-compat\"") \
462 __attribute__((annotate("moz_heap_allocator"))) \
463 _Pragma("clang diagnostic pop")
465 # define MOZ_MUST_OVERRIDE /* nothing */
466 # define MOZ_STACK_CLASS /* nothing */
467 # define MOZ_NONHEAP_CLASS /* nothing */
468 # define MOZ_TRIVIAL_CTOR_DTOR /* nothing */
469 # define MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS /* nothing */
470 # define MOZ_IMPLICIT /* nothing */
471 # define MOZ_NO_ARITHMETIC_EXPR_IN_ARGUMENT /* nothing */
472 # define MOZ_HEAP_ALLOCATOR /* nothing */
473 # define MOZ_OWNING_REF /* nothing */
474 # define MOZ_NON_OWNING_REF /* nothing */
475 # define MOZ_UNSAFE_REF(reason) /* nothing */
476 # define MOZ_NO_ADDREF_RELEASE_ON_RETURN /* nothing */
477 #endif /* MOZ_CLANG_PLUGIN */
479 #endif /* __cplusplus */
481 #endif /* mozilla_Attributes_h */