2013-07-24 11:41:39 +04:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2012-06-04 07:36:43 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
2012-05-21 15:12:37 +04:00
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2011-11-21 00:22:51 +04:00
|
|
|
|
2011-12-18 01:45:29 +04:00
|
|
|
/* Implementations of various class and method modifier attributes. */
|
2011-11-21 00:22:51 +04:00
|
|
|
|
2013-07-24 11:41:39 +04:00
|
|
|
#ifndef mozilla_Attributes_h
|
|
|
|
|
#define mozilla_Attributes_h
|
2011-11-21 00:22:51 +04:00
|
|
|
|
2013-01-22 07:42:15 +04:00
|
|
|
#include "mozilla/Compiler.h"
|
2011-11-21 00:22:51 +04:00
|
|
|
|
2011-12-19 23:45:52 +04:00
|
|
|
/*
|
|
|
|
|
* MOZ_ALWAYS_INLINE is a macro which expands to tell the compiler that the
|
|
|
|
|
* method decorated with it must be inlined, even if the compiler thinks
|
2013-10-22 01:34:24 +04:00
|
|
|
* otherwise. This is only a (much) stronger version of the inline hint:
|
2011-12-19 23:45:52 +04:00
|
|
|
* compilers are not guaranteed to respect it (although they're much more likely
|
|
|
|
|
* to do so).
|
2013-04-19 21:55:34 +04:00
|
|
|
*
|
|
|
|
|
* The MOZ_ALWAYS_INLINE_EVEN_DEBUG macro is yet stronger. It tells the
|
|
|
|
|
* compiler to inline even in DEBUG builds. It should be used very rarely.
|
2011-12-19 23:45:52 +04:00
|
|
|
*/
|
2013-02-12 17:30:16 +04:00
|
|
|
#if defined(_MSC_VER)
|
2013-04-19 21:55:34 +04:00
|
|
|
# define MOZ_ALWAYS_INLINE_EVEN_DEBUG __forceinline
|
2011-12-19 23:45:52 +04:00
|
|
|
#elif defined(__GNUC__)
|
2013-10-22 01:34:24 +04:00
|
|
|
# define MOZ_ALWAYS_INLINE_EVEN_DEBUG __attribute__((always_inline)) inline
|
2011-12-19 23:45:52 +04:00
|
|
|
#else
|
2013-10-22 01:34:24 +04:00
|
|
|
# define MOZ_ALWAYS_INLINE_EVEN_DEBUG inline
|
2013-04-19 21:55:34 +04:00
|
|
|
#endif
|
|
|
|
|
|
2013-10-22 01:34:24 +04:00
|
|
|
#if !defined(DEBUG)
|
2013-04-19 21:55:34 +04:00
|
|
|
# define MOZ_ALWAYS_INLINE MOZ_ALWAYS_INLINE_EVEN_DEBUG
|
2013-10-22 01:34:24 +04:00
|
|
|
#elif defined(_MSC_VER) && !defined(__cplusplus)
|
|
|
|
|
# define MOZ_ALWAYS_INLINE __inline
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_ALWAYS_INLINE inline
|
2011-12-19 23:45:52 +04:00
|
|
|
#endif
|
|
|
|
|
|
2014-06-11 00:33:39 +04:00
|
|
|
#if defined(_MSC_VER)
|
2011-11-21 00:22:51 +04:00
|
|
|
/*
|
|
|
|
|
* g++ requires -std=c++0x or -std=gnu++0x to support C++11 functionality
|
|
|
|
|
* without warnings (functionality used by the macros below). These modes are
|
|
|
|
|
* detectable by checking whether __GXX_EXPERIMENTAL_CXX0X__ is defined or, more
|
|
|
|
|
* standardly, by checking whether __cplusplus has a C++11 or greater value.
|
|
|
|
|
* Current versions of g++ do not correctly set __cplusplus, so we check both
|
|
|
|
|
* for forward compatibility.
|
|
|
|
|
*/
|
2014-06-11 00:33:39 +04:00
|
|
|
# define MOZ_HAVE_NEVER_INLINE __declspec(noinline)
|
|
|
|
|
# define MOZ_HAVE_NORETURN __declspec(noreturn)
|
|
|
|
|
#elif defined(__clang__)
|
2011-12-18 01:45:29 +04:00
|
|
|
/*
|
|
|
|
|
* Per Clang documentation, "Note that marketing version numbers should not
|
|
|
|
|
* be used to check for language features, as different vendors use different
|
|
|
|
|
* numbering schemes. Instead, use the feature checking macros."
|
|
|
|
|
*/
|
|
|
|
|
# ifndef __has_extension
|
|
|
|
|
# define __has_extension \
|
|
|
|
|
__has_feature /* compatibility, for older versions of clang */
|
|
|
|
|
# endif
|
2011-12-19 23:45:52 +04:00
|
|
|
# if __has_attribute(noinline)
|
|
|
|
|
# define MOZ_HAVE_NEVER_INLINE __attribute__((noinline))
|
|
|
|
|
# endif
|
2011-12-18 01:45:29 +04:00
|
|
|
# if __has_attribute(noreturn)
|
|
|
|
|
# define MOZ_HAVE_NORETURN __attribute__((noreturn))
|
|
|
|
|
# endif
|
2011-11-21 00:22:51 +04:00
|
|
|
#elif defined(__GNUC__)
|
2011-12-19 23:45:52 +04:00
|
|
|
# define MOZ_HAVE_NEVER_INLINE __attribute__((noinline))
|
2011-12-18 01:45:29 +04:00
|
|
|
# define MOZ_HAVE_NORETURN __attribute__((noreturn))
|
2017-08-25 06:49:09 +03:00
|
|
|
# define MOZ_HAVE_NORETURN_PTR __attribute__((noreturn))
|
2011-11-21 00:22:51 +04:00
|
|
|
#endif
|
|
|
|
|
|
2014-05-06 18:23:08 +04:00
|
|
|
/*
|
|
|
|
|
* When built with clang analyzer (a.k.a scan-build), define MOZ_HAVE_NORETURN
|
|
|
|
|
* to mark some false positives
|
|
|
|
|
*/
|
|
|
|
|
#ifdef __clang_analyzer__
|
|
|
|
|
# if __has_extension(attribute_analyzer_noreturn)
|
|
|
|
|
# define MOZ_HAVE_ANALYZER_NORETURN __attribute__((analyzer_noreturn))
|
|
|
|
|
# endif
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-12-19 23:45:52 +04:00
|
|
|
/*
|
|
|
|
|
* MOZ_NEVER_INLINE is a macro which expands to tell the compiler that the
|
|
|
|
|
* method decorated with it must never be inlined, even if the compiler would
|
|
|
|
|
* otherwise choose to inline the method. Compilers aren't absolutely
|
|
|
|
|
* guaranteed to support this, but most do.
|
|
|
|
|
*/
|
|
|
|
|
#if defined(MOZ_HAVE_NEVER_INLINE)
|
|
|
|
|
# define MOZ_NEVER_INLINE MOZ_HAVE_NEVER_INLINE
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_NEVER_INLINE /* no support */
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-07-03 02:58:18 +03:00
|
|
|
/*
|
|
|
|
|
* MOZ_NEVER_INLINE_DEBUG is a macro which expands to MOZ_NEVER_INLINE
|
|
|
|
|
* in debug builds, and nothing in opt builds.
|
|
|
|
|
*/
|
|
|
|
|
#if defined(DEBUG)
|
|
|
|
|
# define MOZ_NEVER_INLINE_DEBUG MOZ_NEVER_INLINE
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_NEVER_INLINE_DEBUG /* don't inline in opt builds */
|
|
|
|
|
#endif
|
2011-12-18 01:45:29 +04:00
|
|
|
/*
|
|
|
|
|
* MOZ_NORETURN, specified at the start of a function declaration, indicates
|
|
|
|
|
* that the given function does not return. (The function definition does not
|
|
|
|
|
* need to be annotated.)
|
|
|
|
|
*
|
|
|
|
|
* MOZ_NORETURN void abort(const char* msg);
|
|
|
|
|
*
|
|
|
|
|
* This modifier permits the compiler to optimize code assuming a call to such a
|
|
|
|
|
* function will never return. It also enables the compiler to avoid spurious
|
|
|
|
|
* warnings about not initializing variables, or about any other seemingly-dodgy
|
|
|
|
|
* operations performed after the function returns.
|
|
|
|
|
*
|
2017-08-25 06:49:09 +03:00
|
|
|
* There are two variants. The GCC version of NORETURN may be applied to a
|
|
|
|
|
* function pointer, while for MSVC it may not.
|
|
|
|
|
*
|
2011-12-18 01:45:29 +04:00
|
|
|
* This modifier does not affect the corresponding function's linking behavior.
|
|
|
|
|
*/
|
|
|
|
|
#if defined(MOZ_HAVE_NORETURN)
|
|
|
|
|
# define MOZ_NORETURN MOZ_HAVE_NORETURN
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_NORETURN /* no support */
|
|
|
|
|
#endif
|
2017-08-25 06:49:09 +03:00
|
|
|
#if defined(MOZ_HAVE_NORETURN_PTR)
|
|
|
|
|
# define MOZ_NORETURN_PTR MOZ_HAVE_NORETURN_PTR
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_NORETURN_PTR /* no support */
|
|
|
|
|
#endif
|
2011-12-18 01:45:29 +04:00
|
|
|
|
2015-01-27 04:30:19 +03:00
|
|
|
/**
|
|
|
|
|
* MOZ_COLD tells the compiler that a function is "cold", meaning infrequently
|
|
|
|
|
* executed. This may lead it to optimize for size more aggressively than speed,
|
|
|
|
|
* or to allocate the body of the function in a distant part of the text segment
|
|
|
|
|
* to help keep it from taking up unnecessary icache when it isn't in use.
|
|
|
|
|
*
|
|
|
|
|
* Place this attribute at the very beginning of a function definition. For
|
|
|
|
|
* example, write
|
|
|
|
|
*
|
|
|
|
|
* MOZ_COLD int foo();
|
|
|
|
|
*
|
|
|
|
|
* or
|
|
|
|
|
*
|
|
|
|
|
* MOZ_COLD int foo() { return 42; }
|
|
|
|
|
*/
|
|
|
|
|
#if defined(__GNUC__) || defined(__clang__)
|
|
|
|
|
# define MOZ_COLD __attribute__((cold))
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_COLD
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-02-12 19:37:01 +03:00
|
|
|
/**
|
|
|
|
|
* MOZ_NONNULL tells the compiler that some of the arguments to a function are
|
|
|
|
|
* known to be non-null. The arguments are a list of 1-based argument indexes
|
|
|
|
|
* identifying arguments which are known to be non-null.
|
|
|
|
|
*
|
|
|
|
|
* Place this attribute at the very beginning of a function definition. For
|
|
|
|
|
* example, write
|
|
|
|
|
*
|
|
|
|
|
* MOZ_NONNULL(1, 2) int foo(char *p, char *q);
|
|
|
|
|
*/
|
|
|
|
|
#if defined(__GNUC__) || defined(__clang__)
|
|
|
|
|
# define MOZ_NONNULL(...) __attribute__((nonnull(__VA_ARGS__)))
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_NONNULL(...)
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-05-22 21:00:19 +03:00
|
|
|
/**
|
|
|
|
|
* MOZ_NONNULL_RETURN tells the compiler that the function's return value is
|
|
|
|
|
* guaranteed to be a non-null pointer, which may enable the compiler to
|
|
|
|
|
* optimize better at call sites.
|
|
|
|
|
*
|
|
|
|
|
* Place this attribute at the end of a function declaration. For example,
|
|
|
|
|
*
|
|
|
|
|
* char* foo(char *p, char *q) MOZ_NONNULL_RETURN;
|
|
|
|
|
*/
|
|
|
|
|
#if defined(__GNUC__) || defined(__clang__)
|
|
|
|
|
# define MOZ_NONNULL_RETURN __attribute__((returns_nonnull))
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_NONNULL_RETURN
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-05-06 18:23:08 +04:00
|
|
|
/*
|
|
|
|
|
* MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS, specified at the end of a function
|
|
|
|
|
* declaration, indicates that for the purposes of static analysis, this
|
|
|
|
|
* function does not return. (The function definition does not need to be
|
|
|
|
|
* annotated.)
|
|
|
|
|
*
|
2014-07-11 06:10:17 +04:00
|
|
|
* MOZ_ReportCrash(const char* s, const char* file, int ln)
|
|
|
|
|
* MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS
|
2014-05-06 18:23:08 +04:00
|
|
|
*
|
|
|
|
|
* Some static analyzers, like scan-build from clang, can use this information
|
|
|
|
|
* to eliminate false positives. From the upstream documentation of scan-build:
|
|
|
|
|
* "This attribute is useful for annotating assertion handlers that actually
|
|
|
|
|
* can return, but for the purpose of using the analyzer we want to pretend
|
|
|
|
|
* that such functions do not return."
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
#if defined(MOZ_HAVE_ANALYZER_NORETURN)
|
|
|
|
|
# define MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS MOZ_HAVE_ANALYZER_NORETURN
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS /* no support */
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-05-05 10:08:32 +04:00
|
|
|
/*
|
|
|
|
|
* MOZ_ASAN_BLACKLIST is a macro to tell AddressSanitizer (a compile-time
|
2014-01-21 21:51:03 +04:00
|
|
|
* instrumentation shipped with Clang and GCC) to not instrument the annotated
|
|
|
|
|
* function. Furthermore, it will prevent the compiler from inlining the
|
|
|
|
|
* function because inlining currently breaks the blacklisting mechanism of
|
|
|
|
|
* AddressSanitizer.
|
2012-05-05 10:08:32 +04:00
|
|
|
*/
|
2013-10-17 18:29:11 +04:00
|
|
|
#if defined(__has_feature)
|
|
|
|
|
# if __has_feature(address_sanitizer)
|
2014-01-21 21:51:03 +04:00
|
|
|
# define MOZ_HAVE_ASAN_BLACKLIST
|
2013-10-17 18:29:11 +04:00
|
|
|
# endif
|
2014-01-21 21:51:03 +04:00
|
|
|
#elif defined(__GNUC__)
|
|
|
|
|
# if defined(__SANITIZE_ADDRESS__)
|
|
|
|
|
# define MOZ_HAVE_ASAN_BLACKLIST
|
|
|
|
|
# endif
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(MOZ_HAVE_ASAN_BLACKLIST)
|
|
|
|
|
# define MOZ_ASAN_BLACKLIST \
|
|
|
|
|
MOZ_NEVER_INLINE __attribute__((no_sanitize_address))
|
2013-10-17 18:29:11 +04:00
|
|
|
#else
|
|
|
|
|
# define MOZ_ASAN_BLACKLIST /* nothing */
|
2012-05-05 10:08:32 +04:00
|
|
|
#endif
|
|
|
|
|
|
2013-10-17 18:29:11 +04:00
|
|
|
/*
|
|
|
|
|
* MOZ_TSAN_BLACKLIST is a macro to tell ThreadSanitizer (a compile-time
|
|
|
|
|
* instrumentation shipped with Clang) to not instrument the annotated function.
|
|
|
|
|
* Furthermore, it will prevent the compiler from inlining the function because
|
|
|
|
|
* inlining currently breaks the blacklisting mechanism of ThreadSanitizer.
|
|
|
|
|
*/
|
|
|
|
|
#if defined(__has_feature)
|
|
|
|
|
# if __has_feature(thread_sanitizer)
|
|
|
|
|
# define MOZ_TSAN_BLACKLIST \
|
|
|
|
|
MOZ_NEVER_INLINE __attribute__((no_sanitize_thread))
|
|
|
|
|
# else
|
|
|
|
|
# define MOZ_TSAN_BLACKLIST /* nothing */
|
|
|
|
|
# endif
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_TSAN_BLACKLIST /* nothing */
|
|
|
|
|
#endif
|
2012-05-05 10:08:32 +04:00
|
|
|
|
2017-04-09 13:59:26 +03:00
|
|
|
#if defined(__has_attribute)
|
|
|
|
|
# if __has_attribute(no_sanitize)
|
|
|
|
|
# define MOZ_HAVE_NO_SANITIZE_ATTR
|
|
|
|
|
# endif
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-02-12 14:07:52 +03:00
|
|
|
#ifdef __clang__
|
|
|
|
|
# ifdef MOZ_HAVE_NO_SANITIZE_ATTR
|
|
|
|
|
# define MOZ_HAVE_UNSIGNED_OVERFLOW_SANITIZE_ATTR
|
|
|
|
|
# define MOZ_HAVE_SIGNED_OVERFLOW_SANITIZE_ATTR
|
|
|
|
|
# endif
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-02-03 08:25:31 +03:00
|
|
|
/*
|
|
|
|
|
* MOZ_NO_SANITIZE_UNSIGNED_OVERFLOW disables *un*signed integer overflow
|
|
|
|
|
* checking on the function it annotates, in builds configured to perform it.
|
|
|
|
|
* (Currently this is only Clang using -fsanitize=unsigned-integer-overflow, or
|
|
|
|
|
* via --enable-unsigned-overflow-sanitizer in Mozilla's build system.) It has
|
|
|
|
|
* no effect in other builds.
|
|
|
|
|
*
|
|
|
|
|
* Place this attribute at the very beginning of a function declaration.
|
|
|
|
|
*
|
|
|
|
|
* Unsigned integer overflow isn't *necessarily* a bug. It's well-defined in
|
|
|
|
|
* C/C++, and code may reasonably depend upon it. For example,
|
|
|
|
|
*
|
|
|
|
|
* MOZ_NO_SANITIZE_UNSIGNED_OVERFLOW inline bool
|
|
|
|
|
* IsDecimal(char aChar)
|
|
|
|
|
* {
|
|
|
|
|
* // For chars less than '0', unsigned integer underflow occurs, to a value
|
|
|
|
|
* // much greater than 10, so the overall test is false.
|
|
|
|
|
* // For chars greater than '0', no overflow occurs, and only '0' to '9'
|
|
|
|
|
* // pass the overall test.
|
|
|
|
|
* return static_cast<unsigned int>(aChar) - '0' < 10;
|
|
|
|
|
* }
|
|
|
|
|
*
|
|
|
|
|
* But even well-defined unsigned overflow often causes bugs when it occurs, so
|
|
|
|
|
* it should be restricted to functions annotated with this attribute.
|
|
|
|
|
*
|
|
|
|
|
* The compiler instrumentation to detect unsigned integer overflow has costs
|
|
|
|
|
* both at compile time and at runtime. Functions that are repeatedly inlined
|
|
|
|
|
* at compile time will also implicitly inline the necessary instrumentation,
|
|
|
|
|
* increasing compile time. Similarly, frequently-executed functions that
|
|
|
|
|
* require large amounts of instrumentation will also notice significant runtime
|
|
|
|
|
* slowdown to execute that instrumentation. Use this attribute to eliminate
|
|
|
|
|
* those costs -- but only after carefully verifying that no overflow can occur.
|
|
|
|
|
*/
|
2018-02-12 14:07:52 +03:00
|
|
|
#ifdef MOZ_HAVE_UNSIGNED_OVERFLOW_SANITIZE_ATTR
|
2018-02-03 08:25:31 +03:00
|
|
|
# define MOZ_NO_SANITIZE_UNSIGNED_OVERFLOW \
|
|
|
|
|
__attribute__((no_sanitize("unsigned-integer-overflow")))
|
2017-04-09 13:59:26 +03:00
|
|
|
#else
|
2018-02-03 08:25:31 +03:00
|
|
|
# define MOZ_NO_SANITIZE_UNSIGNED_OVERFLOW /* nothing */
|
2017-04-09 13:59:26 +03:00
|
|
|
#endif
|
|
|
|
|
|
2018-02-03 08:25:31 +03:00
|
|
|
/*
|
|
|
|
|
* MOZ_NO_SANITIZE_SIGNED_OVERFLOW disables *signed* integer overflow checking
|
|
|
|
|
* on the function it annotates, in builds configured to perform it. (Currently
|
|
|
|
|
* this is only Clang using -fsanitize=signed-integer-overflow, or via
|
|
|
|
|
* --enable-signed-overflow-sanitizer in Mozilla's build system. GCC support
|
|
|
|
|
* will probably be added in the future.) It has no effect in other builds.
|
|
|
|
|
*
|
|
|
|
|
* Place this attribute at the very beginning of a function declaration.
|
|
|
|
|
*
|
|
|
|
|
* Signed integer overflow is undefined behavior in C/C++: *anything* can happen
|
|
|
|
|
* when it occurs. *Maybe* wraparound behavior will occur, but maybe also the
|
|
|
|
|
* compiler will assume no overflow happens and will adversely optimize the rest
|
|
|
|
|
* of your code. Code that contains signed integer overflow needs to be fixed.
|
|
|
|
|
*
|
|
|
|
|
* The compiler instrumentation to detect signed integer overflow has costs both
|
|
|
|
|
* at compile time and at runtime. Functions that are repeatedly inlined at
|
|
|
|
|
* compile time will also implicitly inline the necessary instrumentation,
|
|
|
|
|
* increasing compile time. Similarly, frequently-executed functions that
|
|
|
|
|
* require large amounts of instrumentation will also notice significant runtime
|
|
|
|
|
* slowdown to execute that instrumentation. Use this attribute to eliminate
|
|
|
|
|
* those costs -- but only after carefully verifying that no overflow can occur.
|
|
|
|
|
*/
|
2018-02-12 14:07:52 +03:00
|
|
|
#ifdef MOZ_HAVE_SIGNED_OVERFLOW_SANITIZE_ATTR
|
2018-02-03 08:25:31 +03:00
|
|
|
# define MOZ_NO_SANITIZE_SIGNED_OVERFLOW \
|
|
|
|
|
__attribute__((no_sanitize("signed-integer-overflow")))
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_NO_SANITIZE_SIGNED_OVERFLOW /* nothing */
|
|
|
|
|
#endif
|
2017-04-09 13:59:26 +03:00
|
|
|
|
|
|
|
|
#undef MOZ_HAVE_NO_SANITIZE_ATTR
|
|
|
|
|
|
2015-03-19 09:56:08 +03:00
|
|
|
/**
|
|
|
|
|
* MOZ_ALLOCATOR tells the compiler that the function it marks returns either a
|
|
|
|
|
* "fresh", "pointer-free" block of memory, or nullptr. "Fresh" means that the
|
|
|
|
|
* block is not pointed to by any other reachable pointer in the program.
|
|
|
|
|
* "Pointer-free" means that the block contains no pointers to any valid object
|
|
|
|
|
* in the program. It may be initialized with other (non-pointer) values.
|
|
|
|
|
*
|
|
|
|
|
* Placing this attribute on appropriate functions helps GCC analyze pointer
|
|
|
|
|
* aliasing more accurately in their callers.
|
|
|
|
|
*
|
|
|
|
|
* GCC warns if a caller ignores the value returned by a function marked with
|
|
|
|
|
* MOZ_ALLOCATOR: it is hard to imagine cases where dropping the value returned
|
|
|
|
|
* by a function that meets the criteria above would be intentional.
|
|
|
|
|
*
|
|
|
|
|
* Place this attribute after the argument list and 'this' qualifiers of a
|
|
|
|
|
* function definition. For example, write
|
|
|
|
|
*
|
|
|
|
|
* void *my_allocator(size_t) MOZ_ALLOCATOR;
|
|
|
|
|
*
|
|
|
|
|
* or
|
|
|
|
|
*
|
|
|
|
|
* void *my_allocator(size_t bytes) MOZ_ALLOCATOR { ... }
|
|
|
|
|
*/
|
|
|
|
|
#if defined(__GNUC__) || defined(__clang__)
|
|
|
|
|
# define MOZ_ALLOCATOR __attribute__((malloc, warn_unused_result))
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_ALLOCATOR
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-03-03 02:18:21 +04:00
|
|
|
/**
|
2016-04-27 07:16:50 +03:00
|
|
|
* MOZ_MUST_USE tells the compiler to emit a warning if a function's
|
2012-03-03 02:18:21 +04:00
|
|
|
* return value is not used by the caller.
|
|
|
|
|
*
|
2016-04-27 07:16:50 +03:00
|
|
|
* Place this attribute at the very beginning of a function declaration. For
|
2012-03-03 02:18:21 +04:00
|
|
|
* example, write
|
|
|
|
|
*
|
2016-04-27 07:16:50 +03:00
|
|
|
* MOZ_MUST_USE int foo();
|
2012-03-03 02:18:21 +04:00
|
|
|
* or
|
2016-04-27 07:16:50 +03:00
|
|
|
* MOZ_MUST_USE int foo() { return 42; }
|
2016-12-23 08:11:33 +03:00
|
|
|
*
|
|
|
|
|
* MOZ_MUST_USE is most appropriate for functions where the return value is
|
|
|
|
|
* some kind of success/failure indicator -- often |nsresult|, |bool| or |int|
|
|
|
|
|
* -- because these functions are most commonly the ones that have missing
|
|
|
|
|
* checks. There are three cases of note.
|
|
|
|
|
*
|
|
|
|
|
* - Fallible functions whose return values should always be checked. For
|
|
|
|
|
* example, a function that opens a file should always be checked because any
|
|
|
|
|
* subsequent operations on the file will fail if opening it fails. Such
|
|
|
|
|
* functions should be given a MOZ_MUST_USE annotation.
|
|
|
|
|
*
|
|
|
|
|
* - Fallible functions whose return value need not always be checked. For
|
|
|
|
|
* example, a function that closes a file might not be checked because it's
|
|
|
|
|
* common that no further operations would be performed on the file. Such
|
|
|
|
|
* functions do not need a MOZ_MUST_USE annotation.
|
|
|
|
|
*
|
|
|
|
|
* - Infallible functions, i.e. ones that always return a value indicating
|
|
|
|
|
* success. These do not need a MOZ_MUST_USE annotation. Ideally, they would
|
|
|
|
|
* be converted to not return a success/failure indicator, though sometimes
|
|
|
|
|
* interface constraints prevent this.
|
2012-03-03 02:18:21 +04:00
|
|
|
*/
|
|
|
|
|
#if defined(__GNUC__) || defined(__clang__)
|
2016-04-27 07:16:50 +03:00
|
|
|
# define MOZ_MUST_USE __attribute__((warn_unused_result))
|
2012-03-03 02:18:21 +04:00
|
|
|
#else
|
2016-04-27 07:16:50 +03:00
|
|
|
# define MOZ_MUST_USE
|
2012-03-03 02:18:21 +04:00
|
|
|
#endif
|
|
|
|
|
|
2017-01-17 23:37:54 +03:00
|
|
|
/**
|
|
|
|
|
* MOZ_MAYBE_UNUSED suppresses compiler warnings about functions that are
|
|
|
|
|
* never called (in this build configuration, at least).
|
|
|
|
|
*
|
|
|
|
|
* Place this attribute at the very beginning of a function declaration. For
|
|
|
|
|
* example, write
|
|
|
|
|
*
|
|
|
|
|
* MOZ_MAYBE_UNUSED int foo();
|
|
|
|
|
*
|
|
|
|
|
* or
|
|
|
|
|
*
|
|
|
|
|
* MOZ_MAYBE_UNUSED int foo() { return 42; }
|
|
|
|
|
*/
|
|
|
|
|
#if defined(__GNUC__) || defined(__clang__)
|
|
|
|
|
# define MOZ_MAYBE_UNUSED __attribute__((__unused__))
|
|
|
|
|
#elif defined(_MSC_VER)
|
|
|
|
|
# define MOZ_MAYBE_UNUSED __pragma(warning(suppress : 4505))
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_MAYBE_UNUSED
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-07-27 19:11:28 +03:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
|
2015-10-05 07:03:26 +03:00
|
|
|
/**
|
|
|
|
|
* MOZ_FALLTHROUGH is an annotation to suppress compiler warnings about switch
|
|
|
|
|
* cases that fall through without a break or return statement. MOZ_FALLTHROUGH
|
2015-12-27 23:27:17 +03:00
|
|
|
* is only needed on cases that have code.
|
|
|
|
|
*
|
|
|
|
|
* MOZ_FALLTHROUGH_ASSERT is an annotation to suppress compiler warnings about
|
|
|
|
|
* switch cases that MOZ_ASSERT(false) (or its alias MOZ_ASSERT_UNREACHABLE) in
|
|
|
|
|
* debug builds, but intentionally fall through in release builds. See comment
|
|
|
|
|
* in Assertions.h for more details.
|
2015-10-05 07:03:26 +03:00
|
|
|
*
|
|
|
|
|
* switch (foo) {
|
|
|
|
|
* case 1: // These cases have no code. No fallthrough annotations are needed.
|
|
|
|
|
* case 2:
|
2015-12-27 23:27:17 +03:00
|
|
|
* case 3: // This case has code, so a fallthrough annotation is needed!
|
|
|
|
|
* foo++;
|
2015-10-05 07:03:26 +03:00
|
|
|
* MOZ_FALLTHROUGH;
|
2015-12-27 23:27:17 +03:00
|
|
|
* case 4:
|
2015-10-05 07:03:26 +03:00
|
|
|
* return foo;
|
2015-12-27 23:27:17 +03:00
|
|
|
*
|
|
|
|
|
* default:
|
|
|
|
|
* // This case asserts in debug builds, falls through in release.
|
|
|
|
|
* MOZ_FALLTHROUGH_ASSERT("Unexpected foo value?!");
|
|
|
|
|
* case 5:
|
|
|
|
|
* return 5;
|
2015-10-05 07:03:26 +03:00
|
|
|
* }
|
|
|
|
|
*/
|
2017-07-27 19:11:28 +03:00
|
|
|
# ifndef __has_cpp_attribute
|
|
|
|
|
# define __has_cpp_attribute(x) 0
|
|
|
|
|
# endif
|
2019-01-18 12:16:18 +03:00
|
|
|
|
2017-07-27 19:11:28 +03:00
|
|
|
# if __has_cpp_attribute(clang::fallthrough)
|
2015-10-05 07:03:26 +03:00
|
|
|
# define MOZ_FALLTHROUGH [[clang::fallthrough]]
|
2017-07-27 19:11:28 +03:00
|
|
|
# elif __has_cpp_attribute(gnu::fallthrough)
|
|
|
|
|
# define MOZ_FALLTHROUGH [[gnu::fallthrough]]
|
2015-10-05 07:03:26 +03:00
|
|
|
# elif defined(_MSC_VER)
|
|
|
|
|
/*
|
|
|
|
|
* MSVC's __fallthrough annotations are checked by /analyze (Code Analysis):
|
|
|
|
|
* https://msdn.microsoft.com/en-us/library/ms235402%28VS.80%29.aspx
|
|
|
|
|
*/
|
|
|
|
|
# include <sal.h>
|
|
|
|
|
# define MOZ_FALLTHROUGH __fallthrough
|
|
|
|
|
# else
|
|
|
|
|
# define MOZ_FALLTHROUGH /* FALLTHROUGH */
|
|
|
|
|
# endif
|
|
|
|
|
|
2018-04-26 05:40:09 +03:00
|
|
|
/**
|
|
|
|
|
* C++11 lets unions contain members that have non-trivial special member
|
|
|
|
|
* functions (default/copy/move constructor, copy/move assignment operator,
|
|
|
|
|
* destructor) if the user defines the corresponding functions on the union.
|
|
|
|
|
* (Such user-defined functions must rely on external knowledge about which arm
|
|
|
|
|
* is active to be safe. Be extra-careful defining these functions!)
|
|
|
|
|
*
|
|
|
|
|
* MSVC unfortunately warns/errors for this bog-standard C++11 pattern. Use
|
|
|
|
|
* these macro-guards around such member functions to disable the warnings:
|
|
|
|
|
*
|
|
|
|
|
* union U
|
|
|
|
|
* {
|
|
|
|
|
* std::string s;
|
|
|
|
|
* int x;
|
|
|
|
|
*
|
|
|
|
|
* MOZ_PUSH_DISABLE_NONTRIVIAL_UNION_WARNINGS
|
|
|
|
|
*
|
|
|
|
|
* // |U| must have a user-defined default constructor because |std::string|
|
|
|
|
|
* // has a non-trivial default constructor.
|
|
|
|
|
* U() ... { ... }
|
|
|
|
|
*
|
|
|
|
|
* // |U| must have a user-defined destructor because |std::string| has a
|
|
|
|
|
* // non-trivial destructor.
|
|
|
|
|
* ~U() { ... }
|
|
|
|
|
*
|
|
|
|
|
* MOZ_POP_DISABLE_NONTRIVIAL_UNION_WARNINGS
|
|
|
|
|
* };
|
|
|
|
|
*/
|
|
|
|
|
# if defined(_MSC_VER)
|
|
|
|
|
# define MOZ_PUSH_DISABLE_NONTRIVIAL_UNION_WARNINGS \
|
|
|
|
|
__pragma(warning(push)) __pragma(warning(disable : 4582)) \
|
|
|
|
|
__pragma(warning(disable : 4583))
|
|
|
|
|
# define MOZ_POP_DISABLE_NONTRIVIAL_UNION_WARNINGS __pragma(warning(pop))
|
|
|
|
|
# else
|
|
|
|
|
# define MOZ_PUSH_DISABLE_NONTRIVIAL_UNION_WARNINGS /* nothing */
|
|
|
|
|
# define MOZ_POP_DISABLE_NONTRIVIAL_UNION_WARNINGS /* nothing */
|
|
|
|
|
# endif
|
|
|
|
|
|
2013-03-24 06:14:43 +04:00
|
|
|
/*
|
|
|
|
|
* The following macros are attributes that support the static analysis plugin
|
|
|
|
|
* included with Mozilla, and will be implemented (when such support is enabled)
|
|
|
|
|
* as C++11 attributes. Since such attributes are legal pretty much everywhere
|
|
|
|
|
* and have subtly different semantics depending on their placement, the
|
|
|
|
|
* following is a guide on where to place the attributes.
|
|
|
|
|
*
|
|
|
|
|
* Attributes that apply to a struct or class precede the name of the class:
|
2015-03-21 19:28:53 +03:00
|
|
|
* (Note that this is different from the placement of final for classes!)
|
2013-03-24 06:14:43 +04:00
|
|
|
*
|
|
|
|
|
* class MOZ_CLASS_ATTRIBUTE SomeClass {};
|
|
|
|
|
*
|
|
|
|
|
* Attributes that apply to functions follow the parentheses and const
|
2015-03-21 19:28:53 +03:00
|
|
|
* qualifiers but precede final, override and the function body:
|
2013-03-24 06:14:43 +04:00
|
|
|
*
|
|
|
|
|
* void DeclaredFunction() MOZ_FUNCTION_ATTRIBUTE;
|
|
|
|
|
* void SomeFunction() MOZ_FUNCTION_ATTRIBUTE {}
|
|
|
|
|
* void PureFunction() const MOZ_FUNCTION_ATTRIBUTE = 0;
|
2015-03-21 19:28:53 +03:00
|
|
|
* void OverriddenFunction() MOZ_FUNCTION_ATTIRBUTE override;
|
2013-03-24 06:14:43 +04:00
|
|
|
*
|
|
|
|
|
* Attributes that apply to variables or parameters follow the variable's name:
|
|
|
|
|
*
|
|
|
|
|
* int variable MOZ_VARIABLE_ATTRIBUTE;
|
|
|
|
|
*
|
|
|
|
|
* Attributes that apply to types follow the type name:
|
|
|
|
|
*
|
|
|
|
|
* typedef int MOZ_TYPE_ATTRIBUTE MagicInt;
|
|
|
|
|
* int MOZ_TYPE_ATTRIBUTE someVariable;
|
2014-07-11 06:10:17 +04:00
|
|
|
* int* MOZ_TYPE_ATTRIBUTE magicPtrInt;
|
|
|
|
|
* int MOZ_TYPE_ATTRIBUTE* ptrToMagicInt;
|
2013-03-24 06:14:43 +04:00
|
|
|
*
|
|
|
|
|
* Attributes that apply to statements precede the statement:
|
|
|
|
|
*
|
|
|
|
|
* MOZ_IF_ATTRIBUTE if (x == 0)
|
2014-07-11 06:10:17 +04:00
|
|
|
* MOZ_DO_ATTRIBUTE do { } while (0);
|
2013-03-24 06:14:43 +04:00
|
|
|
*
|
|
|
|
|
* Attributes that apply to labels precede the label:
|
|
|
|
|
*
|
|
|
|
|
* MOZ_LABEL_ATTRIBUTE target:
|
|
|
|
|
* goto target;
|
|
|
|
|
* MOZ_CASE_ATTRIBUTE case 5:
|
|
|
|
|
* MOZ_DEFAULT_ATTRIBUTE default:
|
|
|
|
|
*
|
|
|
|
|
* The static analyses that are performed by the plugin are as follows:
|
|
|
|
|
*
|
2017-08-08 19:48:53 +03:00
|
|
|
* MOZ_CAN_RUN_SCRIPT: Applies to functions which can run script. Callers of
|
|
|
|
|
* this function must also be marked as MOZ_CAN_RUN_SCRIPT, and all refcounted
|
2018-07-21 04:36:20 +03:00
|
|
|
* arguments must be strongly held in the caller. Note that MOZ_CAN_RUN_SCRIPT
|
|
|
|
|
* should only be applied to function declarations, not definitions. If you
|
|
|
|
|
* need to apply it to a definition (eg because both are generated by a macro)
|
|
|
|
|
* use MOZ_CAN_RUN_SCRIPT_FOR_DEFINITION.
|
2019-03-16 15:52:33 +03:00
|
|
|
*
|
|
|
|
|
* MOZ_CAN_RUN_SCRIPT can be applied to XPIDL-generated declarations by
|
|
|
|
|
* annotating the method or attribute as [can_run_script] in the .idl file.
|
|
|
|
|
*
|
2018-07-21 04:36:20 +03:00
|
|
|
* MOZ_CAN_RUN_SCRIPT_FOR_DEFINITION: Same as MOZ_CAN_RUN_SCRIPT, but usable on
|
|
|
|
|
* a definition. If the declaration is in a header file, users of that header
|
|
|
|
|
* file may not see the annotation.
|
2017-11-17 23:12:36 +03:00
|
|
|
* MOZ_CAN_RUN_SCRIPT_BOUNDARY: Applies to functions which need to call
|
|
|
|
|
* MOZ_CAN_RUN_SCRIPT functions, but should not themselves be considered
|
|
|
|
|
* MOZ_CAN_RUN_SCRIPT. This is important for some bindings and low level code
|
|
|
|
|
* which need to opt out of the safety checks performed by MOZ_CAN_RUN_SCRIPT.
|
2013-03-24 06:14:43 +04:00
|
|
|
* MOZ_MUST_OVERRIDE: Applies to all C++ member functions. All immediate
|
|
|
|
|
* subclasses must provide an exact override of this method; if a subclass
|
|
|
|
|
* does not override this method, the compiler will emit an error. This
|
|
|
|
|
* attribute is not limited to virtual methods, so if it is applied to a
|
|
|
|
|
* nonvirtual method and the subclass does not provide an equivalent
|
|
|
|
|
* definition, the compiler will emit an error.
|
2018-04-10 10:31:31 +03:00
|
|
|
* MOZ_STATIC_CLASS: Applies to all classes. Any class with this annotation is
|
|
|
|
|
* expected to live in static memory, so it is a compile-time error to use
|
|
|
|
|
* it, or an array of such objects, as the type of a variable declaration, or
|
|
|
|
|
* as a temporary object, or as the type of a new expression (unless
|
|
|
|
|
* placement new is being used). If a member of another class uses this
|
|
|
|
|
* class, or if another class inherits from this class, then it is considered
|
|
|
|
|
* to be a static class as well, although this attribute need not be provided
|
|
|
|
|
* in such cases.
|
2019-07-30 21:51:11 +03:00
|
|
|
* MOZ_STATIC_LOCAL_CLASS: Applies to all classes. Any class with this
|
|
|
|
|
* annotation is expected to be a static local variable, so it is
|
|
|
|
|
* a compile-time error to use it, or an array of such objects, or as a
|
|
|
|
|
* temporary object, or as the type of a new expression. If another class
|
|
|
|
|
* inherits from this class then it is considered to be a static local
|
|
|
|
|
* class as well, although this attribute need not be provided in such cases.
|
|
|
|
|
* It is also a compile-time error for any class with this annotation to have
|
|
|
|
|
* a non-trivial destructor.
|
2013-04-12 07:20:02 +04:00
|
|
|
* MOZ_STACK_CLASS: Applies to all classes. Any class with this annotation is
|
|
|
|
|
* expected to live on the stack, so it is a compile-time error to use it, or
|
|
|
|
|
* an array of such objects, as a global or static variable, or as the type of
|
2013-05-28 01:04:18 +04:00
|
|
|
* a new expression (unless placement new is being used). If a member of
|
|
|
|
|
* another class uses this class, or if another class inherits from this
|
|
|
|
|
* class, then it is considered to be a stack class as well, although this
|
|
|
|
|
* attribute need not be provided in such cases.
|
2013-05-28 01:05:02 +04:00
|
|
|
* MOZ_NONHEAP_CLASS: Applies to all classes. Any class with this annotation is
|
|
|
|
|
* expected to live on the stack or in static storage, so it is a compile-time
|
|
|
|
|
* error to use it, or an array of such objects, as the type of a new
|
2015-08-06 03:38:54 +03:00
|
|
|
* expression. If a member of another class uses this class, or if another
|
2018-11-28 12:16:55 +03:00
|
|
|
* class inherits from this class, then it is considered to be a non-heap
|
|
|
|
|
* class as well, although this attribute need not be provided in such cases.
|
2015-08-06 03:38:54 +03:00
|
|
|
* MOZ_HEAP_CLASS: Applies to all classes. Any class with this annotation is
|
|
|
|
|
* expected to live on the heap, so it is a compile-time error to use it, or
|
|
|
|
|
* an array of such objects, as the type of a variable declaration, or as a
|
|
|
|
|
* temporary object. If a member of another class uses this class, or if
|
|
|
|
|
* another class inherits from this class, then it is considered to be a heap
|
|
|
|
|
* class as well, although this attribute need not be provided in such cases.
|
2015-09-03 18:31:55 +03:00
|
|
|
* MOZ_NON_TEMPORARY_CLASS: Applies to all classes. Any class with this
|
|
|
|
|
* annotation is expected not to live in a temporary. If a member of another
|
|
|
|
|
* class uses this class or if another class inherits from this class, then it
|
|
|
|
|
* is considered to be a non-temporary class as well, although this attribute
|
|
|
|
|
* need not be provided in such cases.
|
2018-02-01 02:22:42 +03:00
|
|
|
* MOZ_TEMPORARY_CLASS: Applies to all classes. Any class with this annotation
|
|
|
|
|
* is expected to only live in a temporary. If another class inherits from
|
|
|
|
|
* this class, then it is considered to be a non-temporary class as well,
|
|
|
|
|
* although this attribute need not be provided in such cases.
|
2015-09-03 18:31:55 +03:00
|
|
|
* MOZ_RAII: Applies to all classes. Any class with this annotation is assumed
|
|
|
|
|
* to be a RAII guard, which is expected to live on the stack in an automatic
|
|
|
|
|
* allocation. It is prohibited from being allocated in a temporary, static
|
|
|
|
|
* storage, or on the heap. This is a combination of MOZ_STACK_CLASS and
|
|
|
|
|
* MOZ_NON_TEMPORARY_CLASS.
|
2014-12-23 02:10:44 +03:00
|
|
|
* MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS: Applies to all classes that are
|
|
|
|
|
* intended to prevent introducing static initializers. This attribute
|
|
|
|
|
* currently makes it a compile-time error to instantiate these classes
|
|
|
|
|
* anywhere other than at the global scope, or as a static member of a class.
|
2015-12-10 19:26:27 +03:00
|
|
|
* In non-debug mode, it also prohibits non-trivial constructors and
|
|
|
|
|
* destructors.
|
2014-12-23 02:16:16 +03:00
|
|
|
* MOZ_TRIVIAL_CTOR_DTOR: Applies to all classes that must have both a trivial
|
2015-12-10 19:26:27 +03:00
|
|
|
* or constexpr constructor and a trivial destructor. Setting this attribute
|
|
|
|
|
* on a class makes it a compile-time error for that class to get a
|
|
|
|
|
* non-trivial constructor or destructor for any reason.
|
2018-09-25 01:47:12 +03:00
|
|
|
* MOZ_ALLOW_TEMPORARY: Applies to constructors. This indicates that using the
|
|
|
|
|
* constructor is allowed in temporary expressions, if it would have otherwise
|
|
|
|
|
* been forbidden by the type being a MOZ_NON_TEMPORARY_CLASS. Useful for
|
|
|
|
|
* constructors like Maybe(Nothing).
|
2013-12-07 07:23:06 +04:00
|
|
|
* MOZ_HEAP_ALLOCATOR: Applies to any function. This indicates that the return
|
|
|
|
|
* value is allocated on the heap, and will as a result check such allocations
|
|
|
|
|
* during MOZ_STACK_CLASS and MOZ_NONHEAP_CLASS annotation checking.
|
2014-05-22 05:31:29 +04:00
|
|
|
* MOZ_IMPLICIT: Applies to constructors. Implicit conversion constructors
|
|
|
|
|
* are disallowed by default unless they are marked as MOZ_IMPLICIT. This
|
2014-05-22 17:28:06 +04:00
|
|
|
* attribute must be used for constructors which intend to provide implicit
|
2014-05-22 05:31:29 +04:00
|
|
|
* conversions.
|
2017-08-08 19:48:53 +03:00
|
|
|
* MOZ_IS_REFPTR: Applies to class declarations of ref pointer to mark them as
|
|
|
|
|
* such for use with static-analysis.
|
|
|
|
|
* A ref pointer is an object wrapping a pointer and automatically taking care
|
|
|
|
|
* of its refcounting upon construction/destruction/transfer of ownership.
|
|
|
|
|
* This annotation implies MOZ_IS_SMARTPTR_TO_REFCOUNTED.
|
|
|
|
|
* MOZ_IS_SMARTPTR_TO_REFCOUNTED: Applies to class declarations of smart
|
|
|
|
|
* pointers to ref counted classes to mark them as such for use with
|
|
|
|
|
* static-analysis.
|
2014-12-18 23:27:05 +03:00
|
|
|
* MOZ_NO_ARITHMETIC_EXPR_IN_ARGUMENT: Applies to functions. Makes it a compile
|
2014-12-19 21:40:30 +03:00
|
|
|
* time error to pass arithmetic expressions on variables to the function.
|
2015-06-01 21:44:00 +03:00
|
|
|
* MOZ_OWNING_REF: Applies to declarations of pointers to reference counted
|
|
|
|
|
* types. This attribute tells the compiler that the raw pointer is a strong
|
|
|
|
|
* reference, where ownership through methods such as AddRef and Release is
|
|
|
|
|
* managed manually. This can make the compiler ignore these pointers when
|
|
|
|
|
* validating the usage of pointers otherwise.
|
|
|
|
|
*
|
|
|
|
|
* Example uses include owned pointers inside of unions, and pointers stored
|
|
|
|
|
* in POD types where a using a smart pointer class would make the object
|
|
|
|
|
* non-POD.
|
|
|
|
|
* MOZ_NON_OWNING_REF: Applies to declarations of pointers to reference counted
|
|
|
|
|
* types. This attribute tells the compiler that the raw pointer is a weak
|
|
|
|
|
* reference, which is ensured to be valid by a guarantee that the reference
|
2018-11-28 12:16:55 +03:00
|
|
|
* will be nulled before the pointer becomes invalid. This can make the
|
|
|
|
|
* compiler ignore these pointers when validating the usage of pointers
|
|
|
|
|
* otherwise.
|
2015-06-01 21:44:00 +03:00
|
|
|
*
|
|
|
|
|
* Examples include an mOwner pointer, which is nulled by the owning class's
|
|
|
|
|
* destructor, and is null-checked before dereferencing.
|
2018-11-28 12:16:55 +03:00
|
|
|
* MOZ_UNSAFE_REF: Applies to declarations of pointers to reference counted
|
|
|
|
|
* types. Occasionally there are non-owning references which are valid, but
|
|
|
|
|
* do not take the form of a MOZ_NON_OWNING_REF. Their safety may be
|
|
|
|
|
* dependent on the behaviour of API consumers. The string argument passed
|
|
|
|
|
* to this macro documents the safety conditions. This can make the compiler
|
|
|
|
|
* ignore these pointers when validating the usage of pointers elsewhere.
|
|
|
|
|
*
|
|
|
|
|
* Examples include an nsAtom* member which is known at compile time to point
|
|
|
|
|
* to a static atom which is valid throughout the lifetime of the program, or
|
|
|
|
|
* an API which stores a pointer, but doesn't take ownership over it, instead
|
|
|
|
|
* requiring the API consumer to correctly null the value before it becomes
|
|
|
|
|
* invalid.
|
|
|
|
|
*
|
|
|
|
|
* Use of this annotation is discouraged when a strong reference or one of
|
|
|
|
|
* the above two annotations can be used instead.
|
2014-12-25 23:18:38 +03:00
|
|
|
* MOZ_NO_ADDREF_RELEASE_ON_RETURN: Applies to function declarations. Makes it
|
|
|
|
|
* a compile time error to call AddRef or Release on the return value of a
|
|
|
|
|
* function. This is intended to be used with operator->() of our smart
|
|
|
|
|
* pointer classes to ensure that the refcount of an object wrapped in a
|
|
|
|
|
* smart pointer is not manipulated directly.
|
2016-04-27 01:22:10 +03:00
|
|
|
* MOZ_MUST_USE_TYPE: Applies to type declarations. Makes it a compile time
|
|
|
|
|
* error to not use the return value of a function which has this type. This
|
|
|
|
|
* is intended to be used with types which it is an error to not use.
|
2015-06-20 02:37:43 +03:00
|
|
|
* MOZ_NEEDS_NO_VTABLE_TYPE: Applies to template class declarations. Makes it
|
2018-11-28 12:16:55 +03:00
|
|
|
* a compile time error to instantiate this template with a type parameter
|
|
|
|
|
* which has a VTable.
|
2015-06-19 00:37:22 +03:00
|
|
|
* MOZ_NON_MEMMOVABLE: Applies to class declarations for types that are not safe
|
|
|
|
|
* to be moved in memory using memmove().
|
|
|
|
|
* MOZ_NEEDS_MEMMOVABLE_TYPE: Applies to template class declarations where the
|
|
|
|
|
* template arguments are required to be safe to move in memory using
|
|
|
|
|
* memmove(). Passing MOZ_NON_MEMMOVABLE types to these templates is a
|
|
|
|
|
* compile time error.
|
2016-04-15 06:06:08 +03:00
|
|
|
* MOZ_NEEDS_MEMMOVABLE_MEMBERS: Applies to class declarations where each member
|
|
|
|
|
* must be safe to move in memory using memmove(). MOZ_NON_MEMMOVABLE types
|
|
|
|
|
* used in members of these classes are compile time errors.
|
2017-07-05 17:14:21 +03:00
|
|
|
* MOZ_NO_DANGLING_ON_TEMPORARIES: Applies to method declarations which return
|
|
|
|
|
* a pointer that is freed when the destructor of the class is called. This
|
|
|
|
|
* prevents these methods from being called on temporaries of the class,
|
|
|
|
|
* reducing risks of use-after-free.
|
|
|
|
|
* This attribute cannot be applied to && methods.
|
|
|
|
|
* In some cases, adding a deleted &&-qualified overload is too restrictive as
|
|
|
|
|
* this method should still be callable as a non-escaping argument to another
|
|
|
|
|
* function. This annotation can be used in those cases.
|
2015-07-31 20:59:00 +03:00
|
|
|
* MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS: Applies to template class
|
|
|
|
|
* declarations where an instance of the template should be considered, for
|
|
|
|
|
* static analysis purposes, to inherit any type annotations (such as
|
2016-04-27 01:22:10 +03:00
|
|
|
* MOZ_MUST_USE_TYPE and MOZ_STACK_CLASS) from its template arguments.
|
2016-06-28 16:30:49 +03:00
|
|
|
* MOZ_INIT_OUTSIDE_CTOR: Applies to class member declarations. Occasionally
|
|
|
|
|
* there are class members that are not initialized in the constructor,
|
|
|
|
|
* but logic elsewhere in the class ensures they are initialized prior to use.
|
2018-11-28 12:16:55 +03:00
|
|
|
* Using this attribute on a member disables the check that this member must
|
|
|
|
|
* be initialized in constructors via list-initialization, in the constructor
|
|
|
|
|
* body, or via functions called from the constructor body.
|
2016-08-30 10:07:03 +03:00
|
|
|
* MOZ_IS_CLASS_INIT: Applies to class method declarations. Occasionally the
|
2018-11-28 12:16:55 +03:00
|
|
|
* constructor doesn't initialize all of the member variables and another
|
|
|
|
|
* function is used to initialize the rest. This marker is used to make the
|
|
|
|
|
* static analysis tool aware that the marked function is part of the
|
|
|
|
|
* initialization process and to include the marked function in the scan
|
|
|
|
|
* mechanism that determines which member variables still remain
|
|
|
|
|
* uninitialized.
|
2016-09-11 12:23:11 +03:00
|
|
|
* MOZ_NON_PARAM: Applies to types. Makes it compile time error to use the type
|
|
|
|
|
* in parameter without pointer or reference.
|
2018-11-28 12:16:55 +03:00
|
|
|
* MOZ_NON_AUTOABLE: Applies to class declarations. Makes it a compile time
|
|
|
|
|
* error to use `auto` in place of this type in variable declarations. This
|
|
|
|
|
* is intended to be used with types which are intended to be implicitly
|
|
|
|
|
* constructed into other other types before being assigned to variables.
|
2016-10-04 17:00:17 +03:00
|
|
|
* MOZ_REQUIRED_BASE_METHOD: Applies to virtual class method declarations.
|
2017-01-17 03:11:41 +03:00
|
|
|
* Sometimes derived classes override methods that need to be called by their
|
|
|
|
|
* overridden counterparts. This marker indicates that the marked method must
|
|
|
|
|
* be called by the method that it overrides.
|
|
|
|
|
* MOZ_MUST_RETURN_FROM_CALLER: Applies to function or method declarations.
|
|
|
|
|
* Callers of the annotated function/method must return from that function
|
|
|
|
|
* within the calling block using an explicit `return` statement.
|
|
|
|
|
* Only calls to Constructors, references to local and member variables,
|
|
|
|
|
* and calls to functions or methods marked as MOZ_MAY_CALL_AFTER_MUST_RETURN
|
|
|
|
|
* may be made after the MUST_RETURN_FROM_CALLER call.
|
|
|
|
|
* MOZ_MAY_CALL_AFTER_MUST_RETURN: Applies to function or method declarations.
|
|
|
|
|
* Calls to these methods may be made in functions after calls a
|
|
|
|
|
* MOZ_MUST_RETURN_FROM_CALLER function or method.
|
2013-03-24 06:14:43 +04:00
|
|
|
*/
|
2018-07-21 04:36:20 +03:00
|
|
|
|
|
|
|
|
// gcc emits a nuisance warning -Wignored-attributes because attributes do not
|
|
|
|
|
// affect mangled names, and therefore template arguments do not propagate
|
|
|
|
|
// their attributes. It is rare that this would affect anything in practice,
|
|
|
|
|
// and most compilers are silent about it. Similarly, -Wattributes complains
|
|
|
|
|
// about attributes being ignored during template instantiation.
|
|
|
|
|
//
|
|
|
|
|
// Be conservative and only suppress the warning when running in a
|
|
|
|
|
// configuration where it would be emitted, namely when compiling with the
|
|
|
|
|
// XGILL_PLUGIN for the rooting hazard analysis (which runs under gcc.) If we
|
|
|
|
|
// end up wanting these attributes in general GCC builds, change this to
|
|
|
|
|
// something like
|
|
|
|
|
//
|
|
|
|
|
// #if defined(__GNUC__) && ! defined(__clang__)
|
|
|
|
|
//
|
|
|
|
|
# ifdef XGILL_PLUGIN
|
|
|
|
|
# pragma GCC diagnostic ignored "-Wignored-attributes"
|
|
|
|
|
# pragma GCC diagnostic ignored "-Wattributes"
|
|
|
|
|
# endif
|
2019-01-18 12:16:18 +03:00
|
|
|
|
2018-07-21 04:36:20 +03:00
|
|
|
# if defined(MOZ_CLANG_PLUGIN) || defined(XGILL_PLUGIN)
|
2017-08-08 19:48:53 +03:00
|
|
|
# define MOZ_CAN_RUN_SCRIPT __attribute__((annotate("moz_can_run_script")))
|
2018-07-21 04:36:20 +03:00
|
|
|
# define MOZ_CAN_RUN_SCRIPT_FOR_DEFINITION \
|
|
|
|
|
__attribute__((annotate("moz_can_run_script")))
|
2017-11-17 23:12:36 +03:00
|
|
|
# define MOZ_CAN_RUN_SCRIPT_BOUNDARY \
|
|
|
|
|
__attribute__((annotate("moz_can_run_script_boundary")))
|
2013-12-07 07:23:06 +04:00
|
|
|
# define MOZ_MUST_OVERRIDE __attribute__((annotate("moz_must_override")))
|
2018-04-10 10:31:31 +03:00
|
|
|
# define MOZ_STATIC_CLASS __attribute__((annotate("moz_global_class")))
|
2019-07-30 21:51:11 +03:00
|
|
|
# define MOZ_STATIC_LOCAL_CLASS \
|
|
|
|
|
__attribute__((annotate("moz_static_local_class"))) \
|
|
|
|
|
__attribute__((annotate("moz_trivial_dtor")))
|
2013-12-07 07:23:06 +04:00
|
|
|
# define MOZ_STACK_CLASS __attribute__((annotate("moz_stack_class")))
|
|
|
|
|
# define MOZ_NONHEAP_CLASS __attribute__((annotate("moz_nonheap_class")))
|
2015-08-06 03:38:54 +03:00
|
|
|
# define MOZ_HEAP_CLASS __attribute__((annotate("moz_heap_class")))
|
2015-09-03 18:31:55 +03:00
|
|
|
# define MOZ_NON_TEMPORARY_CLASS \
|
|
|
|
|
__attribute__((annotate("moz_non_temporary_class")))
|
2018-02-01 02:22:42 +03:00
|
|
|
# define MOZ_TEMPORARY_CLASS __attribute__((annotate("moz_temporary_class")))
|
2014-12-23 02:16:16 +03:00
|
|
|
# define MOZ_TRIVIAL_CTOR_DTOR \
|
|
|
|
|
__attribute__((annotate("moz_trivial_ctor_dtor")))
|
2018-09-25 01:47:12 +03:00
|
|
|
# define MOZ_ALLOW_TEMPORARY __attribute__((annotate("moz_allow_temporary")))
|
2014-12-23 02:16:16 +03:00
|
|
|
# ifdef DEBUG
|
|
|
|
|
/* in debug builds, these classes do have non-trivial constructors. */
|
|
|
|
|
# define MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS \
|
|
|
|
|
__attribute__((annotate("moz_global_class")))
|
|
|
|
|
# else
|
|
|
|
|
# define MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS \
|
|
|
|
|
__attribute__((annotate("moz_global_class"))) MOZ_TRIVIAL_CTOR_DTOR
|
|
|
|
|
# endif
|
2014-05-22 05:31:29 +04:00
|
|
|
# define MOZ_IMPLICIT __attribute__((annotate("moz_implicit")))
|
2017-08-08 19:48:53 +03:00
|
|
|
# define MOZ_IS_SMARTPTR_TO_REFCOUNTED \
|
|
|
|
|
__attribute__((annotate("moz_is_smartptr_to_refcounted")))
|
2018-09-05 04:37:36 +03:00
|
|
|
# define MOZ_IS_REFPTR MOZ_IS_SMARTPTR_TO_REFCOUNTED
|
2014-12-18 23:27:05 +03:00
|
|
|
# define MOZ_NO_ARITHMETIC_EXPR_IN_ARGUMENT \
|
|
|
|
|
__attribute__((annotate("moz_no_arith_expr_in_arg")))
|
2018-09-05 04:37:36 +03:00
|
|
|
# define MOZ_OWNING_REF
|
|
|
|
|
# define MOZ_NON_OWNING_REF
|
|
|
|
|
# define MOZ_UNSAFE_REF(reason)
|
2014-12-25 23:18:38 +03:00
|
|
|
# define MOZ_NO_ADDREF_RELEASE_ON_RETURN \
|
|
|
|
|
__attribute__((annotate("moz_no_addref_release_on_return")))
|
2016-04-27 01:22:10 +03:00
|
|
|
# define MOZ_MUST_USE_TYPE __attribute__((annotate("moz_must_use_type")))
|
2015-06-20 02:37:43 +03:00
|
|
|
# define MOZ_NEEDS_NO_VTABLE_TYPE \
|
|
|
|
|
__attribute__((annotate("moz_needs_no_vtable_type")))
|
2015-06-19 00:37:22 +03:00
|
|
|
# define MOZ_NON_MEMMOVABLE __attribute__((annotate("moz_non_memmovable")))
|
|
|
|
|
# define MOZ_NEEDS_MEMMOVABLE_TYPE \
|
|
|
|
|
__attribute__((annotate("moz_needs_memmovable_type")))
|
2016-04-15 06:06:08 +03:00
|
|
|
# define MOZ_NEEDS_MEMMOVABLE_MEMBERS \
|
|
|
|
|
__attribute__((annotate("moz_needs_memmovable_members")))
|
2017-07-05 17:14:21 +03:00
|
|
|
# define MOZ_NO_DANGLING_ON_TEMPORARIES \
|
|
|
|
|
__attribute__((annotate("moz_no_dangling_on_temporaries")))
|
2015-08-12 17:46:42 +03:00
|
|
|
# define MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS \
|
2015-07-31 20:59:00 +03:00
|
|
|
__attribute__( \
|
|
|
|
|
(annotate("moz_inherit_type_annotations_from_template_args")))
|
2015-08-12 17:46:42 +03:00
|
|
|
# define MOZ_NON_AUTOABLE __attribute__((annotate("moz_non_autoable")))
|
2018-09-05 04:37:36 +03:00
|
|
|
# define MOZ_INIT_OUTSIDE_CTOR
|
|
|
|
|
# define MOZ_IS_CLASS_INIT
|
2016-09-11 12:23:11 +03:00
|
|
|
# define MOZ_NON_PARAM __attribute__((annotate("moz_non_param")))
|
2016-10-04 17:00:17 +03:00
|
|
|
# define MOZ_REQUIRED_BASE_METHOD \
|
|
|
|
|
__attribute__((annotate("moz_required_base_method")))
|
2017-01-17 03:11:41 +03:00
|
|
|
# define MOZ_MUST_RETURN_FROM_CALLER \
|
|
|
|
|
__attribute__((annotate("moz_must_return_from_caller")))
|
|
|
|
|
# define MOZ_MAY_CALL_AFTER_MUST_RETURN \
|
|
|
|
|
__attribute__((annotate("moz_may_call_after_must_return")))
|
2013-12-07 07:23:06 +04:00
|
|
|
/*
|
|
|
|
|
* It turns out that clang doesn't like void func() __attribute__ {} without a
|
2018-07-21 04:36:20 +03:00
|
|
|
* warning, so use pragmas to disable the warning.
|
2013-12-07 07:23:06 +04:00
|
|
|
*/
|
2018-07-21 04:36:20 +03:00
|
|
|
# ifdef __clang__
|
|
|
|
|
# define MOZ_HEAP_ALLOCATOR \
|
|
|
|
|
_Pragma("clang diagnostic push") \
|
|
|
|
|
_Pragma("clang diagnostic ignored \"-Wgcc-compat\"") \
|
|
|
|
|
__attribute__((annotate("moz_heap_allocator"))) \
|
|
|
|
|
_Pragma("clang diagnostic pop")
|
|
|
|
|
# else
|
|
|
|
|
# define MOZ_HEAP_ALLOCATOR __attribute__((annotate("moz_heap_allocator")))
|
|
|
|
|
# endif
|
2013-03-24 06:14:43 +04:00
|
|
|
# else
|
2017-08-08 19:48:53 +03:00
|
|
|
# define MOZ_CAN_RUN_SCRIPT /* nothing */
|
2018-07-21 04:36:20 +03:00
|
|
|
# define MOZ_CAN_RUN_SCRIPT_FOR_DEFINITION /* nothing */
|
2017-11-17 23:12:36 +03:00
|
|
|
# define MOZ_CAN_RUN_SCRIPT_BOUNDARY /* nothing */
|
2013-12-07 07:23:06 +04:00
|
|
|
# define MOZ_MUST_OVERRIDE /* nothing */
|
2018-04-10 10:31:31 +03:00
|
|
|
# define MOZ_STATIC_CLASS /* nothing */
|
2019-07-30 21:51:11 +03:00
|
|
|
# define MOZ_STATIC_LOCAL_CLASS /* nothing */
|
2013-12-07 07:23:06 +04:00
|
|
|
# define MOZ_STACK_CLASS /* nothing */
|
|
|
|
|
# define MOZ_NONHEAP_CLASS /* nothing */
|
2015-08-06 03:38:54 +03:00
|
|
|
# define MOZ_HEAP_CLASS /* nothing */
|
2015-09-03 18:31:55 +03:00
|
|
|
# define MOZ_NON_TEMPORARY_CLASS /* nothing */
|
2018-02-01 02:22:42 +03:00
|
|
|
# define MOZ_TEMPORARY_CLASS /* nothing */
|
2014-12-23 02:16:16 +03:00
|
|
|
# define MOZ_TRIVIAL_CTOR_DTOR /* nothing */
|
2018-09-25 01:47:12 +03:00
|
|
|
# define MOZ_ALLOW_TEMPORARY /* nothing */
|
2014-12-23 02:10:44 +03:00
|
|
|
# define MOZ_ONLY_USED_TO_AVOID_STATIC_CONSTRUCTORS /* nothing */
|
2014-05-22 05:31:29 +04:00
|
|
|
# define MOZ_IMPLICIT /* nothing */
|
2017-08-08 19:48:53 +03:00
|
|
|
# define MOZ_IS_SMARTPTR_TO_REFCOUNTED /* nothing */
|
|
|
|
|
# define MOZ_IS_REFPTR /* nothing */
|
2014-12-18 23:27:05 +03:00
|
|
|
# define MOZ_NO_ARITHMETIC_EXPR_IN_ARGUMENT /* nothing */
|
2013-12-07 07:23:06 +04:00
|
|
|
# define MOZ_HEAP_ALLOCATOR /* nothing */
|
2014-12-24 05:17:50 +03:00
|
|
|
# define MOZ_OWNING_REF /* nothing */
|
|
|
|
|
# define MOZ_NON_OWNING_REF /* nothing */
|
2015-01-05 23:46:37 +03:00
|
|
|
# define MOZ_UNSAFE_REF(reason) /* nothing */
|
2014-12-25 23:18:38 +03:00
|
|
|
# define MOZ_NO_ADDREF_RELEASE_ON_RETURN /* nothing */
|
2016-04-27 01:22:10 +03:00
|
|
|
# define MOZ_MUST_USE_TYPE /* nothing */
|
2015-06-20 02:37:43 +03:00
|
|
|
# define MOZ_NEEDS_NO_VTABLE_TYPE /* nothing */
|
2015-06-19 00:37:22 +03:00
|
|
|
# define MOZ_NON_MEMMOVABLE /* nothing */
|
|
|
|
|
# define MOZ_NEEDS_MEMMOVABLE_TYPE /* nothing */
|
2016-04-15 06:06:08 +03:00
|
|
|
# define MOZ_NEEDS_MEMMOVABLE_MEMBERS /* nothing */
|
2017-07-05 17:14:21 +03:00
|
|
|
# define MOZ_NO_DANGLING_ON_TEMPORARIES /* nothing */
|
2015-07-31 20:59:00 +03:00
|
|
|
# define MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS /* nothing */
|
2016-06-28 16:30:49 +03:00
|
|
|
# define MOZ_INIT_OUTSIDE_CTOR /* nothing */
|
2016-08-30 10:07:03 +03:00
|
|
|
# define MOZ_IS_CLASS_INIT /* nothing */
|
2016-09-11 12:23:11 +03:00
|
|
|
# define MOZ_NON_PARAM /* nothing */
|
2015-08-12 17:46:42 +03:00
|
|
|
# define MOZ_NON_AUTOABLE /* nothing */
|
2016-10-04 17:00:17 +03:00
|
|
|
# define MOZ_REQUIRED_BASE_METHOD /* nothing */
|
2017-01-17 03:11:41 +03:00
|
|
|
# define MOZ_MUST_RETURN_FROM_CALLER /* nothing */
|
|
|
|
|
# define MOZ_MAY_CALL_AFTER_MUST_RETURN /* nothing */
|
2018-07-21 04:36:20 +03:00
|
|
|
# endif /* defined(MOZ_CLANG_PLUGIN) || defined(XGILL_PLUGIN) */
|
2019-01-18 12:16:18 +03:00
|
|
|
|
2015-09-03 18:31:55 +03:00
|
|
|
# define MOZ_RAII MOZ_NON_TEMPORARY_CLASS MOZ_STACK_CLASS
|
|
|
|
|
|
2018-07-21 04:36:20 +03:00
|
|
|
// gcc has different rules governing attribute placement. Since none of these
|
|
|
|
|
// attributes are actually used by the gcc-based static analysis, just
|
|
|
|
|
// eliminate them rather than updating all of the code.
|
|
|
|
|
|
|
|
|
|
# ifdef XGILL_PLUGIN
|
|
|
|
|
# undef MOZ_MUST_OVERRIDE
|
|
|
|
|
# define MOZ_MUST_OVERRIDE /* nothing */
|
|
|
|
|
# undef MOZ_CAN_RUN_SCRIPT_FOR_DEFINITION
|
|
|
|
|
# define MOZ_CAN_RUN_SCRIPT_FOR_DEFINITION /* nothing */
|
|
|
|
|
# endif
|
|
|
|
|
|
2011-12-18 01:45:29 +04:00
|
|
|
#endif /* __cplusplus */
|
|
|
|
|
|
2016-10-11 21:42:58 +03:00
|
|
|
/**
|
2016-10-13 22:08:39 +03:00
|
|
|
* Printf style formats. MOZ_FORMAT_PRINTF can be used to annotate a
|
|
|
|
|
* function or method that is "printf-like"; this will let (some)
|
|
|
|
|
* compilers check that the arguments match the template string.
|
|
|
|
|
*
|
|
|
|
|
* This macro takes two arguments. The first argument is the argument
|
|
|
|
|
* number of the template string. The second argument is the argument
|
|
|
|
|
* number of the '...' argument holding the arguments.
|
|
|
|
|
*
|
|
|
|
|
* Argument numbers start at 1. Note that the implicit "this"
|
|
|
|
|
* argument of a non-static member function counts as an argument.
|
|
|
|
|
*
|
|
|
|
|
* So, for a simple case like:
|
|
|
|
|
* void print_something (int whatever, const char *fmt, ...);
|
|
|
|
|
* The corresponding annotation would be
|
|
|
|
|
* MOZ_FORMAT_PRINTF(2, 3)
|
|
|
|
|
* However, if "print_something" were a non-static member function,
|
|
|
|
|
* then the annotation would be:
|
|
|
|
|
* MOZ_FORMAT_PRINTF(3, 4)
|
|
|
|
|
*
|
2017-05-04 21:10:19 +03:00
|
|
|
* The second argument should be 0 for vprintf-like functions; that
|
|
|
|
|
* is, those taking a va_list argument.
|
|
|
|
|
*
|
2016-10-13 22:08:39 +03:00
|
|
|
* Note that the checking is limited to standards-conforming
|
|
|
|
|
* printf-likes, and in particular this should not be used for
|
|
|
|
|
* PR_snprintf and friends, which are "printf-like" but which assign
|
|
|
|
|
* different meanings to the various formats.
|
2017-03-31 08:14:43 +03:00
|
|
|
*
|
|
|
|
|
* MinGW requires special handling due to different format specifiers
|
|
|
|
|
* on different platforms. The macro __MINGW_PRINTF_FORMAT maps to
|
|
|
|
|
* either gnu_printf or ms_printf depending on where we are compiling
|
|
|
|
|
* to avoid warnings on format specifiers that are legal.
|
2016-10-11 21:42:58 +03:00
|
|
|
*/
|
2017-03-31 08:14:43 +03:00
|
|
|
#ifdef __MINGW32__
|
|
|
|
|
# define MOZ_FORMAT_PRINTF(stringIndex, firstToCheck) \
|
|
|
|
|
__attribute__((format(__MINGW_PRINTF_FORMAT, stringIndex, firstToCheck)))
|
|
|
|
|
#elif __GNUC__
|
2016-10-11 21:42:58 +03:00
|
|
|
# define MOZ_FORMAT_PRINTF(stringIndex, firstToCheck) \
|
|
|
|
|
__attribute__((format(printf, stringIndex, firstToCheck)))
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_FORMAT_PRINTF(stringIndex, firstToCheck)
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-08-23 18:16:56 +03:00
|
|
|
/**
|
|
|
|
|
* To manually declare an XPCOM ABI-compatible virtual function, the following
|
|
|
|
|
* macros can be used to handle the non-standard ABI used on Windows for COM
|
|
|
|
|
* compatibility. E.g.:
|
|
|
|
|
*
|
|
|
|
|
* virtual ReturnType MOZ_XPCOM_ABI foo();
|
|
|
|
|
*/
|
|
|
|
|
#if defined(XP_WIN)
|
|
|
|
|
# define MOZ_XPCOM_ABI __stdcall
|
|
|
|
|
#else
|
|
|
|
|
# define MOZ_XPCOM_ABI
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-07-24 11:41:39 +04:00
|
|
|
#endif /* mozilla_Attributes_h */
|
