Source code

Revision control

Copy as Markdown

Other Tools

---
target: obj-x86_64-pc-linux-gnu
# It is used by 'mach static-analysis' and 'phabricator static-analysis bot'
# in order to have consistency across the used checkers.
# All the clang checks used by the static-analysis tools.
#
# To add a new checker:
# 1. Add it in this file
# 2. Create a C/C++ test case in tools/clang-tidy/test/ reproducing the
# warning/error that the checker will detect
# 3. Run './mach static-analysis autotest -d' to create the reference
# 4. Check the json file in tools/clang-tidy/test/
# 5. Commit this file + the .cpp test case + the json result
platforms:
- linux64
- macosx64
- win32
- win64
# Minimum clang-tidy version that is required for all the following checkers
# to work properly.
# This is also used by 'mach clang-format'
package_version: "17.0.6"
clang_checkers:
- name: -*
publish: !!bool no
- name: bugprone-argument-comment
reliability: high
- name: bugprone-assert-side-effect
reliability: high
- name: bugprone-bool-pointer-implicit-conversion
reliability: low
- name: bugprone-forward-declaration-namespace
reliability: high
- name: bugprone-incorrect-roundings
reliability: high
- name: bugprone-integer-division
reliability: high
- name: bugprone-macro-parentheses
reliability: medium
- name: bugprone-macro-repeated-side-effects
reliability: high
- name: bugprone-misplaced-widening-cast
reliability: high
- name: bugprone-move-forwarding-reference
reliability: high
- name: bugprone-multiple-statement-macro
# Incompatible with our code base, see bug 1496379.
publish: !!bool no
reliability: high
- name: bugprone-sizeof-expression
reliability: high
- name: bugprone-string-constructor
reliability: high
- name: bugprone-string-integer-assignment
reliability: high
- name: bugprone-suspicious-memset-usage
reliability: high
- name: bugprone-suspicious-missing-comma
reliability: high
- name: bugprone-suspicious-semicolon
reliability: high
- name: bugprone-suspicious-string-compare
reliability: high
- name: bugprone-swapped-arguments
reliability: high
- name: bugprone-switch-missing-default-case
reliability: high
- name: bugprone-too-small-loop-variable
reliability: high
- name: bugprone-unused-raii
reliability: high
- name: bugprone-use-after-move
reliability: high
- name: clang-analyzer-core.CallAndMessage
reliability: medium
- name: clang-analyzer-core.DivideZero
reliability: high
- name: clang-analyzer-core.NonNullParamChecker
reliability: high
- name: clang-analyzer-core.NullDereference
reliability: medium
- name: clang-analyzer-core.UndefinedBinaryOperatorResult
reliability: medium
- name: clang-analyzer-core.uninitialized.Assign
reliability: medium
- name: clang-analyzer-core.uninitialized.Branch
reliability: medium
- name: clang-analyzer-cplusplus.Move
reliability: high
- name: clang-analyzer-cplusplus.NewDelete
reliability: medium
- name: clang-analyzer-cplusplus.NewDeleteLeaks
reliability: medium
- name: clang-analyzer-deadcode.DeadStores
reliability: high
- name: clang-analyzer-optin.performance.Padding
reliability: high
config:
- key: AllowedPad
value: 2
- name: clang-analyzer-security.FloatLoopCounter
reliability: high
- name: clang-analyzer-security.insecureAPI.bcmp
reliability: high
- name: clang-analyzer-security.insecureAPI.bcopy
reliability: high
- name: clang-analyzer-security.insecureAPI.bzero
reliability: high
- name: clang-analyzer-security.insecureAPI.getpw
reliability: high
# We don't add clang-analyzer-security.insecureAPI.gets here; it's deprecated.
- name: clang-analyzer-security.insecureAPI.mkstemp
reliability: high
- name: clang-analyzer-security.insecureAPI.mktemp
reliability: high
- name: clang-analyzer-security.insecureAPI.rand
reliability: low
# C checker, that is outdated and doesn't check for the new std::rand calls.
publish: !!bool no
- name: clang-analyzer-security.insecureAPI.strcpy
reliability: low
# The functions that should be used differ on POSIX and Windows, and there
# isn't a consensus on how we should approach this.
publish: !!bool no
- name: clang-analyzer-security.insecureAPI.UncheckedReturn
reliability: low
- name: clang-analyzer-security.insecureAPI.vfork
reliability: medium
- name: clang-analyzer-unix.Malloc
reliability: high
- name: clang-analyzer-unix.cstring.BadSizeArg
reliability: high
- name: clang-analyzer-unix.cstring.NullArg
reliability: high
- name: cppcoreguidelines-narrowing-conversions
reliability: high
- name: cppcoreguidelines-pro-type-member-init
reliability: medium
- name: misc-include-cleaner
# Disable this checker until we move to before/after
reliability: high
publish: !!bool no
- name: misc-non-copyable-objects
reliability: high
- name: misc-redundant-expression
reliability: medium
- name: misc-unused-alias-decls
reliability: high
- name: misc-unused-using-decls
reliability: high
- name: modernize-avoid-bind
restricted-platforms:
- win32
- win64
reliability: medium
- name: modernize-concat-nested-namespaces
reliability: high
- name: modernize-deprecated-ios-base-aliases
reliability: high
- name: modernize-loop-convert
reliability: high
- name: modernize-raw-string-literal
reliability: high
- name: modernize-redundant-void-arg
reliability: high
# We still have some old C code that is built with a C compiler, so this
# might break the build.
publish: !!bool no
- name: modernize-shrink-to-fit
reliability: high
- name: modernize-use-auto
reliability: high
# Controversial, see bug 1371052.
publish: !!bool no
- name: modernize-use-bool-literals
reliability: high
- name: modernize-use-equals-default
reliability: high
- name: modernize-use-equals-delete
reliability: high
- name: modernize-use-nullptr
reliability: high
- name: modernize-use-override
reliability: low
# Too noisy because of the way how we implement NS_IMETHOD. See Bug 1420366.
publish: !!bool no
- name: modernize-use-using
reliability: high
- name: mozilla-*
reliability: high
- name: performance-avoid-endl
reliability: high
# enable from clang 18
# - name: performance-enum-size
# reliability: high
- name: performance-faster-string-find
reliability: high
- name: performance-for-range-copy
reliability: high
- name: performance-implicit-conversion-in-loop
reliability: high
- name: performance-inefficient-algorithm
restricted-platforms:
- linux64
- macosx64
reliability: high
# Disable as the test does not support C++17 yet
publish: !!bool no
- name: performance-inefficient-string-concatenation
reliability: high
- name: performance-inefficient-vector-operation
reliability: high
- name: performance-move-const-arg
reliability: high
config:
- key: CheckTriviallyCopyableMove
# As per Bug 1558359 - disable detection of trivially copyable types
# that do not have a move constructor.
value: 0
- name: performance-move-constructor-init
reliability: high
- name: performance-noexcept-move-constructor
reliability: high
- name: performance-type-promotion-in-math-fn
reliability: high
- name: performance-unnecessary-copy-initialization
reliability: high
- name: performance-unnecessary-value-param
reliability: high
config:
- key: AllowedTypes
# Allow EnumSet because it only has a non-trivial copy constructor
# in debug builds.
value: ::mozilla::EnumSet
- name: readability-braces-around-statements
reliability: high
config:
- key: ShortStatementLines
# Allow `if (foo) return;` without braces
# Still warns on `if (foo)\n return;`
value: 1
- name: readability-const-return-type
reliability: high
# Note: this can be loosened up by using the ShortStatementLines option
- name: readability-container-size-empty
reliability: high
- name: readability-delete-null-pointer
reliability: high
- name: readability-else-after-return
reliability: high
config:
- key: WarnOnConditionVariables
# Disable as we don't mind this kind of behavior
value: 0
- name: readability-implicit-bool-conversion
reliability: low
# On automation the config flags act strange. Please see Bug 1500241.
publish: !!bool no
config:
- key: AllowIntegerConditions
# The check will allow conditional integer conversions.
value: 1
- key: AllowPointerConditions
# The check will allow conditional pointer conversions.
value: 1
- name: readability-inconsistent-declaration-parameter-name
reliability: high
- name: readability-isolate-declaration
# As per bug 1558987 - we don't want to have this enabled
publish: !!bool no
reliability: high
- name: readability-magic-numbers
# Bug 1553495 - we must see first its impact on our code.
publish: !!bool no
reliability: high
- name: readability-misleading-indentation
reliability: high
- name: readability-non-const-parameter
reliability: high
- name: readability-qualified-auto
reliability: high
- name: readability-redundant-control-flow
reliability: high
- name: readability-redundant-member-init
reliability: high
- name: readability-redundant-preprocessor
reliability: high
- name: readability-redundant-smartptr-get
reliability: high
- name: readability-redundant-string-cstr
reliability: high
- name: readability-redundant-string-init
reliability: high
- name: readability-static-accessed-through-instance
reliability: high
- name: readability-simplify-boolean-expr
reliability: high
config:
- key: SimplifyDeMorgan
# Don't want to enable DeMorgan expressions because of MOZ_ASSERT()
# See Bug 1804160
value: 0
- name: readability-uniqueptr-delete-release
reliability: high
# We don't publish the google checkers since we are interested in only having
# a general idea how our code complies with the rules added by these checkers.
- name: google-build-explicit-make-pair
reliability: low
publish: !!bool no
- name: google-build-namespaces
reliability: low
publish: !!bool no
- name: google-build-using-namespace
reliability: low
publish: !!bool no
- name: google-default-arguments
reliability: low
publish: !!bool no
- name: google-explicit-constructor
reliability: low
publish: !!bool no
- name: google-global-names-in-headers
reliability: low
publish: !!bool no
- name: google-readability-casting
reliability: low
publish: !!bool no
- name: google-readability-function-size
reliability: low
publish: !!bool no
- name: google-readability-namespace-comments
reliability: low
publish: !!bool no
- name: google-readability-todo
reliability: low
publish: !!bool no
- name: google-runtime-int
reliability: low
publish: !!bool no
- name: google-runtime-operator
reliability: low
publish: !!bool no
- name: google-runtime-references
reliability: low
publish: !!bool no