Good web citizenship
- Make sure new web-exposed APIs actually make sense and are either standards track or preffed off by default.
- In C++, wrapper-cache as needed. If your object can be gotten from somewhere without creating it in the process, it needs to be wrapper-cached.
- The patch fixes the issue
- The patch is not unnecessarily complicated
- The patch does not add duplicates of existing code ('almost duplicates' could mean a refactor is needed). Commonly this results in "part 0" of a bug, which is "tidy things up to make the fix easier to write and review".
- If QA needs to verify the fix, you should provide steps to reproduce (STR)
- If you can unit-test it, you should unit-test it.
- If it's JS, try to design and build so that xpcshell can exercise most functionality. It's quicker.
- Make sure the patch doesn't create any unused code (e.g., remove strings when removing a feature)
- All caught exceptions should be logged at the appropriate level, bearing in mind personally identifiable information, but also considering the expense of computing and recording log output. [Fennec: Checking for log levels is expensive unless you're using Logger.]
- Follow the style guide for the language and module in question
- New files have license declarations and modelines
- New JS files should use strict mode
- Trailing whitespace (git diff and splinter view both highlight this, as does hg with the color extension enabled). Whitespace can be fixed easily in Mercurial using the CheckFiles extension. In git, you can use git rebase --whitespace=fix.
- No writing to arbitrary files outside the profile folder
- Be careful when reading user input, network input, or files on disk. Assume that inputs will be too big, too short, empty, malformed, or malicious.
- Tag for sec review if unsure.
- If you're writing code that uses JSAPI, chances are you got it wrong. Try hard to avoid doing that.
- No logging of URLs or content from which URLs may be inferred
- [Fennec: Android Services has Logger.pii() for this purpose (e.g., logging profile dir)].
- Tag for privacy review if needed
- In Java, memory leaks are largely due to singletons holding on to caches and collections, or observers sticking around, or runnables sitting in a queue.
- [Fennec: If your custom view does animations, it's better to clean up runnables in onDetachFromWindow().]
- Ensure all file handles and other closeable resources are closed appropriately.
- [Fennec: when writing tests that use PaintedSurface, ensure the PaintedSurface is closed when you're done with it.]
- Check for main-thread IO [Fennec: Android may warn about this with strictmode]
- Remove debug logging that is not needed in production
- Enormous. Correct use of locking and volatility; livelock and deadlock; ownership
- [Fennec: All view methods should be touched only on UI thread.]
- [Fennec: Activity lifecycle awareness (works with "never keep activities"). Also test with oom-fennec (https://hg.mozilla.org/users/blassey_mozilla.com/oom-fennec/)]
- Version files, databases, messages
- Tag messages with ids to disambiguate callers
- IDL UUIDs are updated when the interface is updated
- Android permissions should be 'grouped' into a common release to avoid breaking auto-updates
- Android APIs added since Froyo should be guarded by a version check
- If the feature being worked on is covered by prefs, make sure they are hooked up
- If working on a new feature, consider adding prefs to control the behaviour
- Consider adding prefs to disable the feature entirely in case bugs are found later in the release cycle
- [Fennec: "Prefs" can be Gecko prefs, SharedPreferences values, or build-time flags. Which one you choose depends on how the feature is implemented: a pure Java service can't easily check Gecko prefs, for example.]
- No string changes in patches that will be uplifted (including string removals)
- Rev entity names for string changes
- When making UI changes, be aware of the fact that strings will be different lengths in different locales
- Any potentially confusing pieces of code are adequately documented
- Flag bug with dev-doc-needed if any addon or web APIs are affected
- Use Javadocs extensively, especially on any new non-private methods
- When moving files, ensure blame/annotate is preserved