| blob | 20919a41afd7afb98a90211160b36d23cccacac7 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
19 "[chromium-style] Overriding method must be marked with 'override' or "
23 // http://llvm.org/bugs/show_bug.cgi?id=21051 has been filed to make this a
24 // Clang warning.
26 "[chromium-style] The virtual method does not override anything and is "
29 "[chromium-style] Classes that are ref-counted should have explicit "
32 "[chromium-style] Classes that are ref-counted should have "
35 "[chromium-style] Classes that are ref-counted and have non-private "
38 "[chromium-style] WeakPtrFactory members which refer to their outer class "
41 "[chromium-style] _LAST/Last constants of enum types must have the maximal "
56 }
58 // Returns the underlying Type for |type| by expanding typedefs and removing
59 // any namespace qualifiers. This is similar to desugaring, except that for
60 // ElaboratedTypes, desugar will unwrap too much.
67 }
71 }
73 // Generates a fixit hint to remove the 'virtual' keyword.
74 // Unfortunately, there doesn't seem to be a good way to determine the source
75 // location of the 'virtual' keyword. It's available in Declarator, but that
76 // isn't accessible from the AST. So instead, make an educated guess that the
77 // first token is probably the virtual keyword. Strictly speaking, this doesn't
78 // have to be true, but it probably will be.
79 // TODO(dcheng): Add a warning to force virtual to always appear first ;-)
83 // Get the spelling loc just in case it was expanded from a macro.
85 // Sanity check that the text looks like virtual.
91 }
98 }
105 // Messages for virtual method specifiers.
106 diag_method_requires_override_ =
108 diag_redundant_virtual_specifier_ =
110 diag_base_method_virtual_and_final_ =
113 // Messages for destructors.
114 diag_no_explicit_dtor_ =
116 diag_public_dtor_ =
118 diag_protected_non_virtual_dtor_ =
121 // Miscellaneous messages.
122 diag_weak_ptr_factory_order_ =
124 diag_bad_enum_last_value_ =
127 // Registers notes to make it easier to interpret warnings.
128 diag_note_inheritance_ =
130 diag_note_implicit_dtor_ =
132 diag_note_public_dtor_ =
136 }
143 }
147 // By default, the clang checker doesn't check some types (templates, etc).
148 // That was only a mistake; once Chromium code passes these checks, we should
149 // remove the "check-templates" option and remove this code.
150 // See crbug.com/441916
157 // Only check for "heavy" constructors/destructors in header files;
158 // within implementation files, there is no performance cost.
160 // If this is a POD or a class template or a type dependent on a
161 // templated class, assume there's no ctor/dtor/virtual method
162 // optimization that we should do.
165 }
168 // Check that all virtual methods are annotated with override or final.
169 // Note this could also apply to templates, but for some reason Clang
170 // does not always see the "override", so we get false positives.
171 // See http://llvm.org/bugs/show_bug.cgi?id=18440 and
172 // http://llvm.org/bugs/show_bug.cgi?id=21942
179 }
200 // This only happens in some cases when compiling C (not C++) files,
201 // so it is OK to bail out here.
203 }
206 }
207 }
216 }
217 }
218 }
221 SourceLocation record_location,
223 // We don't handle anonymous structs. If this record doesn't have a
224 // name, it's of the form:
225 //
226 // struct {
227 // ...
228 // } name_;
232 // Count the number of templated base classes as a feature of whether the
233 // destructor can be inlined.
241 }
242 }
244 // Count the number of trivial and non-trivial member variables.
255 }
257 // Check to see if we need to ban inlined/synthesized constructors. Note
258 // that the cutoffs here are kind of arbitrary. Scores over 10 break.
260 // Deriving from a templated base class shouldn't be enough to trigger
261 // the ctor warning, but if you do *anything* else, it should.
262 //
263 // TODO(erg): This is motivated by templated base classes that don't have
264 // any data members. Somehow detect when templated base classes have data
265 // members and treat them differently.
267 // Instantiating a template is an insta-hit.
269 // The fourth normal class member should trigger the warning.
273 // You should be able to have 9 ints before we warn you.
279 "Complex class/struct needs an explicit out-of-line "
282 // Iterate across all the constructors in this file and yell if we
283 // find one that tries to be inline.
287 // The current check is buggy. An implicit copy constructor does not
288 // have an inline body, so this check never fires for classes with a
289 // user-declared out-of-line constructor.
294 "Complex class/struct needs an explicit out-of-line "
299 }
303 // isInlined() is a more reliable check than hasInlineBody(), but
304 // unfortunately, it results in warnings for implicit copy/move
305 // constructors in the previously mentioned situation. To preserve
306 // compatibility with existing Chromium code, only warn if it's an
307 // explicitly defaulted copy or move constructor.
310 }
311 }
312 }
313 }
315 // The destructor side is equivalent except that we don't check for
316 // trivial members; 20 ints don't need a destructor.
320 "Complex class/struct needs an explicit out-of-line "
327 }
328 }
329 }
330 }
334 }
345 // Provide an exception for ::testing::Test. gtest itself uses some
346 // magic to try to make sure SetUp()/TearDown() aren't capitalized
347 // incorrectly, but having the plugin enforce override is also nice.
351 }
352 }
355 }
357 // Checks that virtual methods are correctly annotated, and have no body in a
358 // header file.
360 SourceLocation record_location,
363 // Gmock objects trigger these for each MOCK_BLAH() macro used. So we have a
364 // trick to get around that. If a class has member variables whose types are
365 // in the "testing" namespace (which is how gmock works behind the scenes),
366 // there's a really high chance we won't care about these errors
377 }
378 }
379 }
385 // Ignore constructors and assignment operators.
388 // Ignore non-user-declared destructors.
395 }
396 }
397 }
399 // Makes sure that virtual methods use the most appropriate specifier. If a
400 // virtual method overrides a method from a base class, only the override
401 // specifier should be used. If the method should not be overridden by derived
402 // classes, only the final specifier should be used.
415 // Complain if a method is annotated virtual && (override || final).
417 // ... but only if virtual does not originate in a macro from a banned file.
418 // Note this is just an educated guess: the assumption here is that any
419 // macro for declaring methods will probably be at the start of the method's
420 // source range.
423 diag_redundant_virtual_specifier_)
427 }
428 }
430 // Complain if a method is an override and is not annotated with override or
431 // final.
434 SourceLocation loc;
438 // TODO(dcheng): We should probably use ASTContext's LangOptions here.
439 LangOptions lang_options;
443 // The original code used the ending source loc of TypeSourceInfo's
444 // TypeLoc. Unfortunately, this breaks down in the presence of attributes.
445 // Attributes often appear at the end of a TypeLoc, e.g.
446 // virtual ULONG __stdcall AddRef()
447 // has a TypeSourceInfo that looks something like:
448 // ULONG AddRef() __attribute(stdcall)
449 // so a fix-it insertion would be generated to insert 'override' after
450 // __stdcall in the code as written.
451 // While using the spelling loc of the CXXMethodDecl fixes attribute
452 // handling, it breaks handling of "= 0" and similar constructs.. To work
453 // around this, scan backwards in the source text for a '=' or ')' token
454 // and adjust the location as needed...
459 Token token;
460 // getRawToken() returns *true* on failure. In that case, just give up
461 // and don't bother generating a possibly incorrect fix-it.
465 }
471 }
472 }
473 }
479 }
480 }
484 diag_redundant_virtual_specifier_)
487 }
491 diag_base_method_virtual_and_final_)
494 }
495 }
499 // Virtual methods should not have inline definitions beyond "{}". This
500 // only matters for header files.
505 "virtual methods with non-empty bodies shouldn't be "
507 }
508 }
509 }
510 }
518 // Simplifying; the whole class isn't trivial if the dtor is, but
519 // we use this as a signal about complexity.
522 else
525 }
527 TemplateName name =
531 // HACK: I'm at a loss about how to get the syntax checker to get
532 // whether a template is exterened or not. For the first pass here,
533 // just do retarded string comparisons.
538 }
542 else
545 }
548 trivial_member,
549 non_trivial_member,
550 templated_non_trivial_member);
552 }
556 }
558 trivial_member,
559 non_trivial_member,
560 templated_non_trivial_member);
562 }
564 // Stupid assumption: anything we see that isn't the above is one of
565 // the 20 integer types.
568 }
569 }
570 }
572 // Check |record| for issues that are problematic for ref-counted types.
573 // Note that |record| may not be a ref-counted type, but a base class for
574 // a type that is.
575 // If there are issues, update |loc| with the SourceLocation of the issue
576 // and returns appropriately, or returns None if there are no issues.
584 }
590 }
591 }
594 }
596 // Adds either a warning or error, based on the current handling of
597 // -Werror.
599 #if defined(LLVM_ON_WIN32)
600 // TODO(dcheng): Re-enable -Werror for these diagnostics on Windows once all
601 // the pre-existing warnings are cleaned up. https://crbug.com/467287
603 #else
606 #endif
607 }
609 // Returns true if |base| specifies one of the Chromium reference counted
610 // classes (base::RefCounted / base::RefCountedThreadSafe).
622 // Base-most definition is not a template, so this cannot derive from
623 // base::RefCounted. However, it may still be possible to use with a
624 // scoped_refptr<> and support ref-counting, so this is not a perfect
625 // guarantee of safety.
627 }
633 // Check for both base::RefCounted and base::RefCountedThreadSafe.
637 }
638 }
641 }
643 // Returns true if |base| specifies a class that has a public destructor,
644 // either explicitly or implicitly.
649 // Only examine paths that have public inheritance, as they are the
650 // only ones which will result in the destructor potentially being
651 // exposed. This check is largely redundant, as Chromium code should be
652 // exclusively using public inheritance.
658 SourceLocation unused;
660 }
662 // Outputs a C++ inheritance chain as a diagnostic aid.
667 }
668 }
679 }
682 }
684 // Check |record| to determine if it has any problematic refcounting
685 // issues and, if so, print them as warnings/errors based on the current
686 // value of getErrorLevel().
687 //
688 // If |record| is a C++ class, and if it inherits from one of the Chromium
689 // ref-counting classes (base::RefCounted / base::RefCountedThreadSafe),
690 // ensure that there are no public destructors in the class hierarchy. This
691 // is to guard against accidentally stack-allocating a RefCounted class or
692 // sticking it in a non-ref-counted container (like scoped_ptr<>).
694 SourceLocation record_location,
696 // Skip anonymous structs.
700 // Determine if the current type is even ref-counted.
701 CXXBasePaths refcounted_path;
704 refcounted_path)) {
706 }
708 // Easy check: Check to see if the current type is problematic.
709 SourceLocation loc;
715 }
722 }
723 }
725 // Long check: Check all possible base classes for problematic
726 // destructors. This checks for situations involving multiple
727 // inheritance, where the ref-counted class may be implementing an
728 // interface that has a public or implicit destructor.
729 //
730 // struct SomeInterface {
731 // virtual void DoFoo();
732 // };
733 //
734 // struct RefCountedInterface
735 // : public base::RefCounted<RefCountedInterface>,
736 // public SomeInterface {
737 // private:
738 // friend class base::Refcounted<RefCountedInterface>;
739 // virtual ~RefCountedInterface() {}
740 // };
741 //
742 // While RefCountedInterface is "safe", in that its destructor is
743 // private, it's possible to do the following "unsafe" code:
744 // scoped_refptr<RefCountedInterface> some_class(
745 // new RefCountedInterface);
746 // // Calls SomeInterface::~SomeInterface(), which is unsafe.
747 // delete static_cast<SomeInterface*>(some_class.get());
751 // Find all public destructors. This will record the class hierarchy
752 // that leads to the public destructor in |dtor_paths|.
753 CXXBasePaths dtor_paths;
756 dtor_paths)) {
758 }
763 // The record with the problem will always be the last record
764 // in the path, since it is the record that stopped the search.
780 }
781 }
782 }
784 // Check for any problems with WeakPtrFactory class members. This currently
785 // only checks that any WeakPtrFactory<T> member of T appears as the last
786 // data member in T. We could consider checking for bad uses of
787 // WeakPtrFactory to refer to other data members, but that would require
788 // looking at the initializer list in constructors to see what the factory
789 // points to.
790 // Note, if we later add other unrelated checks of data members, we should
791 // consider collapsing them in to one loop to avoid iterating over the data
792 // members more than once.
794 SourceLocation record_location,
796 // Skip anonymous structs.
800 // Iterate through members of the class.
814 // Only consider WeakPtrFactory members which are specialized for the
815 // owning class.
820 // Save the first matching WeakPtrFactory member for the
821 // diagnostic.
823 }
825 }
826 }
827 }
828 }
829 // If we've already seen a WeakPtrFactory<OwningType> and this param is not
830 // one of those, it means there is at least one member after a factory.
834 diag_weak_ptr_factory_order_);
835 }
836 }
837 }