| blob | c99c389879270d6e0283e0c2c5c503218c77b52f |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
19 "[chromium-style] Overriding method must be marked with 'override' or "
23 // http://llvm.org/bugs/show_bug.cgi?id=21051 has been filed to make this a
24 // Clang warning.
26 "[chromium-style] The virtual method does not override anything and is "
29 "[chromium-style] Classes that are ref-counted should have explicit "
32 "[chromium-style] Classes that are ref-counted should have "
35 "[chromium-style] Classes that are ref-counted and have non-private "
38 "[chromium-style] WeakPtrFactory members which refer to their outer class "
41 "[chromium-style] _LAST/Last constants of enum types must have the maximal "
56 }
58 // Returns the underlying Type for |type| by expanding typedefs and removing
59 // any namespace qualifiers. This is similar to desugaring, except that for
60 // ElaboratedTypes, desugar will unwrap too much.
67 }
71 }
73 // Generates a fixit hint to remove the 'virtual' keyword.
74 // Unfortunately, there doesn't seem to be a good way to determine the source
75 // location of the 'virtual' keyword. It's available in Declarator, but that
76 // isn't accessible from the AST. So instead, make an educated guess that the
77 // first token is probably the virtual keyword. Strictly speaking, this doesn't
78 // have to be true, but it probably will be.
79 // TODO(dcheng): Add a warning to force virtual to always appear first ;-)
84 // Get the spelling loc just in case it was expanded from a macro.
86 // Sanity check that the text looks like virtual.
92 }
99 }
106 // Messages for virtual method specifiers.
107 diag_method_requires_override_ =
109 diag_redundant_virtual_specifier_ =
111 diag_base_method_virtual_and_final_ =
114 // Messages for destructors.
115 diag_no_explicit_dtor_ =
117 diag_public_dtor_ =
119 diag_protected_non_virtual_dtor_ =
122 // Miscellaneous messages.
123 diag_weak_ptr_factory_order_ =
125 diag_bad_enum_last_value_ =
128 // Registers notes to make it easier to interpret warnings.
129 diag_note_inheritance_ =
131 diag_note_implicit_dtor_ =
133 diag_note_public_dtor_ =
137 }
144 }
148 // By default, the clang checker doesn't check some types (templates, etc).
149 // That was only a mistake; once Chromium code passes these checks, we should
150 // remove the "check-templates" option and remove this code.
151 // See crbug.com/441916
158 // Only check for "heavy" constructors/destructors in header files;
159 // within implementation files, there is no performance cost.
161 // If this is a POD or a class template or a type dependent on a
162 // templated class, assume there's no ctor/dtor/virtual method
163 // optimization that we should do.
166 }
169 // Check that all virtual methods are annotated with override or final.
170 // Note this could also apply to templates, but for some reason Clang
171 // does not always see the "override", so we get false positives.
172 // See http://llvm.org/bugs/show_bug.cgi?id=18440 and
173 // http://llvm.org/bugs/show_bug.cgi?id=21942
180 }
201 // This only happens in some cases when compiling C (not C++) files,
202 // so it is OK to bail out here.
204 }
207 }
208 }
217 }
218 }
219 }
222 SourceLocation record_location,
224 // We don't handle anonymous structs. If this record doesn't have a
225 // name, it's of the form:
226 //
227 // struct {
228 // ...
229 // } name_;
233 // Count the number of templated base classes as a feature of whether the
234 // destructor can be inlined.
242 }
243 }
245 // Count the number of trivial and non-trivial member variables.
256 }
258 // Check to see if we need to ban inlined/synthesized constructors. Note
259 // that the cutoffs here are kind of arbitrary. Scores over 10 break.
261 // Deriving from a templated base class shouldn't be enough to trigger
262 // the ctor warning, but if you do *anything* else, it should.
263 //
264 // TODO(erg): This is motivated by templated base classes that don't have
265 // any data members. Somehow detect when templated base classes have data
266 // members and treat them differently.
268 // Instantiating a template is an insta-hit.
270 // The fourth normal class member should trigger the warning.
274 // You should be able to have 9 ints before we warn you.
280 "Complex class/struct needs an explicit out-of-line "
283 // Iterate across all the constructors in this file and yell if we
284 // find one that tries to be inline.
288 // The current check is buggy. An implicit copy constructor does not
289 // have an inline body, so this check never fires for classes with a
290 // user-declared out-of-line constructor.
294 // In general, implicit constructors are generated on demand. But
295 // in the Windows component build, dllexport causes instantiation of
296 // the copy constructor which means that this fires on many more
297 // classes. For now, suppress this on dllexported classes.
298 // (This does mean that windows component builds will not emit this
299 // warning in some cases where it is emitted in other configs, but
300 // that's the better tradeoff at this point).
301 // TODO(dcheng): With the RecursiveASTVisitor, these warnings might
302 // be emitted on other platforms too, reevaluate if we want to keep
303 // surpressing this then http://crbug.com/467288
306 "Complex class/struct needs an explicit out-of-line "
309 // See the comment in the previous branch about copy constructors.
310 // This does the same for implicit move constructors.
318 }
322 // isInlined() is a more reliable check than hasInlineBody(), but
323 // unfortunately, it results in warnings for implicit copy/move
324 // constructors in the previously mentioned situation. To preserve
325 // compatibility with existing Chromium code, only warn if it's an
326 // explicitly defaulted copy or move constructor.
329 }
330 }
331 }
332 }
334 // The destructor side is equivalent except that we don't check for
335 // trivial members; 20 ints don't need a destructor.
339 "Complex class/struct needs an explicit out-of-line "
346 }
347 }
348 }
349 }
353 }
364 // Provide an exception for ::testing::Test. gtest itself uses some
365 // magic to try to make sure SetUp()/TearDown() aren't capitalized
366 // incorrectly, but having the plugin enforce override is also nice.
370 }
371 }
374 }
376 SuppressibleDiagnosticBuilder
378 SourceLocation loc,
383 }
385 // Checks that virtual methods are correctly annotated, and have no body in a
386 // header file.
388 SourceLocation record_location,
391 // Gmock objects trigger these for each MOCK_BLAH() macro used. So we have a
392 // trick to get around that. If a class has member variables whose types are
393 // in the "testing" namespace (which is how gmock works behind the scenes),
394 // there's a really high chance we won't care about these errors
405 }
406 }
407 }
413 // Ignore constructors and assignment operators.
416 // Ignore non-user-declared destructors.
423 }
424 }
425 }
427 // Makes sure that virtual methods use the most appropriate specifier. If a
428 // virtual method overrides a method from a base class, only the override
429 // specifier should be used. If the method should not be overridden by derived
430 // classes, only the final specifier should be used.
444 // Complain if a method is annotated virtual && (override || final).
446 // ... but only if virtual does not originate in a macro from a banned file.
447 // Note this is just an educated guess: the assumption here is that any
448 // macro for declaring methods will probably be at the start of the method's
449 // source range.
451 diag_redundant_virtual_specifier_)
455 }
457 // Complain if a method is an override and is not annotated with override or
458 // final.
461 SourceLocation loc;
467 // The original code used the ending source loc of TypeSourceInfo's
468 // TypeLoc. Unfortunately, this breaks down in the presence of attributes.
469 // Attributes often appear at the end of a TypeLoc, e.g.
470 // virtual ULONG __stdcall AddRef()
471 // has a TypeSourceInfo that looks something like:
472 // ULONG AddRef() __attribute(stdcall)
473 // so a fix-it insertion would be generated to insert 'override' after
474 // __stdcall in the code as written.
475 // While using the spelling loc of the CXXMethodDecl fixes attribute
476 // handling, it breaks handling of "= 0" and similar constructs.. To work
477 // around this, scan backwards in the source text for a '=' or ')' token
478 // and adjust the location as needed...
483 Token token;
484 // getRawToken() returns *true* on failure. In that case, just give up
485 // and don't bother generating a possibly incorrect fix-it.
489 }
495 }
496 }
497 }
498 // Again, only emit the warning if it doesn't originate from a macro in
499 // a system header.
505 diag_method_requires_override_);
506 }
507 }
511 diag_redundant_virtual_specifier_)
514 }
518 diag_base_method_virtual_and_final_)
521 }
522 }
526 // Virtual methods should not have inline definitions beyond "{}". This
527 // only matters for header files.
532 // CR_BEGIN_MSG_MAP_EX and BEGIN_SAFE_MSG_MAP_EX try to be compatible
533 // to BEGIN_MSG_MAP(_EX). So even though they are in chrome code,
534 // we can't easily fix them, so explicitly whitelist them here.
546 }
547 }
550 "virtual methods with non-empty bodies shouldn't be "
552 }
553 }
554 }
555 }
563 // Simplifying; the whole class isn't trivial if the dtor is, but
564 // we use this as a signal about complexity.
567 else
570 }
572 TemplateName name =
576 // HACK: I'm at a loss about how to get the syntax checker to get
577 // whether a template is externed or not. For the first pass here,
578 // just do retarded string comparisons.
583 }
587 else
590 }
593 trivial_member,
594 non_trivial_member,
595 templated_non_trivial_member);
597 }
601 }
603 trivial_member,
604 non_trivial_member,
605 templated_non_trivial_member);
607 }
609 // Stupid assumption: anything we see that isn't the above is one of
610 // the 20 integer types.
613 }
614 }
615 }
617 // Check |record| for issues that are problematic for ref-counted types.
618 // Note that |record| may not be a ref-counted type, but a base class for
619 // a type that is.
620 // If there are issues, update |loc| with the SourceLocation of the issue
621 // and returns appropriately, or returns None if there are no issues.
622 // static
630 }
636 }
637 }
640 }
642 // Returns true if |base| specifies one of the Chromium reference counted
643 // classes (base::RefCounted / base::RefCountedThreadSafe).
652 // Base-most definition is not a template, so this cannot derive from
653 // base::RefCounted. However, it may still be possible to use with a
654 // scoped_refptr<> and support ref-counting, so this is not a perfect
655 // guarantee of safety.
657 }
663 // Check for both base::RefCounted and base::RefCountedThreadSafe.
667 }
668 }
671 }
673 // Returns true if |base| specifies a class that has a public destructor,
674 // either explicitly or implicitly.
675 // static
680 // Only examine paths that have public inheritance, as they are the
681 // only ones which will result in the destructor potentially being
682 // exposed. This check is largely redundant, as Chromium code should be
683 // exclusively using public inheritance.
689 SourceLocation unused;
691 }
693 // Outputs a C++ inheritance chain as a diagnostic aid.
698 }
699 }
710 }
713 }
715 // Check |record| to determine if it has any problematic refcounting
716 // issues and, if so, print them as warnings/errors based on the current
717 // value of getErrorLevel().
718 //
719 // If |record| is a C++ class, and if it inherits from one of the Chromium
720 // ref-counting classes (base::RefCounted / base::RefCountedThreadSafe),
721 // ensure that there are no public destructors in the class hierarchy. This
722 // is to guard against accidentally stack-allocating a RefCounted class or
723 // sticking it in a non-ref-counted container (like scoped_ptr<>).
725 SourceLocation record_location,
727 // Skip anonymous structs.
731 // Determine if the current type is even ref-counted.
732 CXXBasePaths refcounted_path;
736 },
737 refcounted_path)) {
739 }
741 // Easy check: Check to see if the current type is problematic.
742 SourceLocation loc;
748 }
755 }
756 }
758 // Long check: Check all possible base classes for problematic
759 // destructors. This checks for situations involving multiple
760 // inheritance, where the ref-counted class may be implementing an
761 // interface that has a public or implicit destructor.
762 //
763 // struct SomeInterface {
764 // virtual void DoFoo();
765 // };
766 //
767 // struct RefCountedInterface
768 // : public base::RefCounted<RefCountedInterface>,
769 // public SomeInterface {
770 // private:
771 // friend class base::Refcounted<RefCountedInterface>;
772 // virtual ~RefCountedInterface() {}
773 // };
774 //
775 // While RefCountedInterface is "safe", in that its destructor is
776 // private, it's possible to do the following "unsafe" code:
777 // scoped_refptr<RefCountedInterface> some_class(
778 // new RefCountedInterface);
779 // // Calls SomeInterface::~SomeInterface(), which is unsafe.
780 // delete static_cast<SomeInterface*>(some_class.get());
784 // Find all public destructors. This will record the class hierarchy
785 // that leads to the public destructor in |dtor_paths|.
786 CXXBasePaths dtor_paths;
789 // TODO(thakis): Inline HasPublicDtorCallback() after clang roll.
791 },
792 dtor_paths)) {
794 }
799 // The record with the problem will always be the last record
800 // in the path, since it is the record that stopped the search.
816 }
817 }
818 }
820 // Check for any problems with WeakPtrFactory class members. This currently
821 // only checks that any WeakPtrFactory<T> member of T appears as the last
822 // data member in T. We could consider checking for bad uses of
823 // WeakPtrFactory to refer to other data members, but that would require
824 // looking at the initializer list in constructors to see what the factory
825 // points to.
826 // Note, if we later add other unrelated checks of data members, we should
827 // consider collapsing them in to one loop to avoid iterating over the data
828 // members more than once.
830 SourceLocation record_location,
832 // Skip anonymous structs.
836 // Iterate through members of the class.
850 // Only consider WeakPtrFactory members which are specialized for the
851 // owning class.
856 // Save the first matching WeakPtrFactory member for the
857 // diagnostic.
859 }
861 }
862 }
863 }
864 }
865 // If we've already seen a WeakPtrFactory<OwningType> and this param is not
866 // one of those, it means there is at least one member after a factory.
870 diag_weak_ptr_factory_order_);
871 }
872 }
873 }