// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef BASE_MEMORY_SCOPED_REFPTR_H_ #define BASE_MEMORY_SCOPED_REFPTR_H_ #include #include #include #include #include #include #include "base/check.h" #include "base/compiler_specific.h" #include "base/memory/raw_ptr_exclusion.h" template class scoped_refptr; namespace base { template class RefCounted; template class RefCountedThreadSafe; template class RefCountedDeleteOnSequence; class SequencedTaskRunner; template scoped_refptr AdoptRef(T* t); namespace subtle { enum AdoptRefTag { kAdoptRefTag }; enum StartRefCountFromZeroTag { kStartRefCountFromZeroTag }; enum StartRefCountFromOneTag { kStartRefCountFromOneTag }; template struct RefCountPreferenceTagTraits; template <> struct RefCountPreferenceTagTraits { static constexpr StartRefCountFromZeroTag kTag = kStartRefCountFromZeroTag; }; template <> struct RefCountPreferenceTagTraits { static constexpr StartRefCountFromOneTag kTag = kStartRefCountFromOneTag; }; template constexpr Tag GetRefCountPreference() { return RefCountPreferenceTagTraits::kTag; } // scoped_refptr is typically used with one of several RefCounted base // classes or with custom AddRef and Release methods. These overloads dispatch // on which was used. template constexpr bool IsRefCountPreferenceOverridden(const T*, const RefCounted*) { return !std::same_as())>, std::decay_t())>>; } template constexpr bool IsRefCountPreferenceOverridden( const T*, const RefCountedThreadSafe*) { return !std::same_as())>, std::decay_t())>>; } template constexpr bool IsRefCountPreferenceOverridden( const T*, const RefCountedDeleteOnSequence*) { return !std::same_as())>, std::decay_t())>>; } constexpr bool IsRefCountPreferenceOverridden(...) { return false; } template constexpr void AssertRefCountBaseMatches(const T*, const RefCounted*) { static_assert(std::derived_from, "T implements RefCounted, but U is not a base of T."); } template constexpr void AssertRefCountBaseMatches(const T*, const RefCountedThreadSafe*) { static_assert( std::derived_from, "T implements RefCountedThreadSafe, but U is not a base of T."); } template constexpr void AssertRefCountBaseMatches(const T*, const RefCountedDeleteOnSequence*) { static_assert( std::derived_from, "T implements RefCountedDeleteOnSequence, but U is not a base of T."); } constexpr void AssertRefCountBaseMatches(...) {} } // namespace subtle // Creates a scoped_refptr from a raw pointer without incrementing the reference // count. Use this only for a newly created object whose reference count starts // from 1 instead of 0. template scoped_refptr AdoptRef(T* obj) { using Tag = std::decay_t())>; static_assert(std::same_as, "Use AdoptRef only if the reference count starts from one."); DCHECK(obj); DCHECK(obj->HasOneRef()); obj->Adopted(); return scoped_refptr(obj, subtle::kAdoptRefTag); } namespace subtle { template scoped_refptr AdoptRefIfNeeded(T* obj, StartRefCountFromZeroTag) { return scoped_refptr(obj); } template scoped_refptr AdoptRefIfNeeded(T* obj, StartRefCountFromOneTag) { return AdoptRef(obj); } } // namespace subtle // Constructs an instance of T, which is a ref counted type, and wraps the // object into a scoped_refptr. template scoped_refptr MakeRefCounted(Args&&... args) { T* obj = new T(std::forward(args)...); return subtle::AdoptRefIfNeeded(obj, subtle::GetRefCountPreference()); } // Takes an instance of T, which is a ref counted type, and wraps the object // into a scoped_refptr. template scoped_refptr WrapRefCounted(T* t) { return scoped_refptr(t); } } // namespace base // // A smart pointer class for reference counted objects. Use this class instead // of calling AddRef and Release manually on a reference counted object to // avoid common memory leaks caused by forgetting to Release an object // reference. Sample usage: // // class MyFoo : public RefCounted { // ... // private: // friend class RefCounted; // Allow destruction by RefCounted<>. // ~MyFoo(); // Destructor must be private/protected. // }; // // void some_function() { // scoped_refptr foo = MakeRefCounted(); // foo->Method(param); // // |foo| is released when this function returns // } // // void some_other_function() { // scoped_refptr foo = MakeRefCounted(); // ... // foo.reset(); // explicitly releases |foo| // ... // if (foo) // foo->Method(param); // } // // The above examples show how scoped_refptr acts like a pointer to T. // Given two scoped_refptr classes, it is also possible to exchange // references between the two objects, like so: // // { // scoped_refptr a = MakeRefCounted(); // scoped_refptr b; // // b.swap(a); // // now, |b| references the MyFoo object, and |a| references nullptr. // } // // To make both |a| and |b| in the above example reference the same MyFoo // object, simply use the assignment operator: // // { // scoped_refptr a = MakeRefCounted(); // scoped_refptr b; // // b = a; // // now, |a| and |b| each own a reference to the same MyFoo object. // } // // Also see Chromium's ownership and calling conventions: // https://chromium.googlesource.com/chromium/src/+/lkgr/styleguide/c++/c++.md#object-ownership-and-calling-conventions // Specifically: // If the function (at least sometimes) takes a ref on a refcounted object, // declare the param as scoped_refptr. The caller can decide whether it // wishes to transfer ownership (by calling std::move(t) when passing t) or // retain its ref (by simply passing t directly). // In other words, use scoped_refptr like you would a std::unique_ptr except // in the odd case where it's required to hold on to a ref while handing one // to another component (if a component merely needs to use t on the stack // without keeping a ref: pass t as a raw T*). template class TRIVIAL_ABI scoped_refptr { public: typedef T element_type; constexpr scoped_refptr() = default; // Allow implicit construction from nullptr. constexpr scoped_refptr(std::nullptr_t) {} // Constructs from a raw pointer. Note that this constructor allows implicit // conversion from T* to scoped_refptr which is strongly discouraged. If // you are creating a new ref-counted object please use // base::MakeRefCounted() or base::WrapRefCounted(). Otherwise you // should move or copy construct from an existing scoped_refptr to the // ref-counted object. scoped_refptr(T* p) : ptr_(p) { if (ptr_) AddRef(ptr_); } // Copy constructor. This is required in addition to the copy conversion // constructor below. scoped_refptr(const scoped_refptr& r) : scoped_refptr(r.ptr_) {} // Copy conversion constructor. template requires(std::convertible_to) scoped_refptr(const scoped_refptr& r) : scoped_refptr(r.ptr_) {} // Move constructor. This is required in addition to the move conversion // constructor below. scoped_refptr(scoped_refptr&& r) noexcept : ptr_(r.ptr_) { r.ptr_ = nullptr; } // Move conversion constructor. template requires(std::convertible_to) scoped_refptr(scoped_refptr&& r) noexcept : ptr_(r.ptr_) { r.ptr_ = nullptr; } ~scoped_refptr() { static_assert(!base::subtle::IsRefCountPreferenceOverridden( static_cast(nullptr), static_cast(nullptr)), "It's unsafe to override the ref count preference." " Please remove REQUIRE_ADOPTION_FOR_REFCOUNTED_TYPE" " from subclasses."); if (ptr_) Release(ptr_); } T* get() const { return ptr_; } T& operator*() const { DCHECK(ptr_); return *ptr_; } T* operator->() const { DCHECK(ptr_); return ptr_; } scoped_refptr& operator=(std::nullptr_t) { reset(); return *this; } scoped_refptr& operator=(T* p) { return *this = scoped_refptr(p); } // Unified assignment operator. scoped_refptr& operator=(scoped_refptr r) noexcept { swap(r); return *this; } // Sets managed object to null and releases reference to the previous managed // object, if it existed. void reset() { scoped_refptr().swap(*this); } // Returns the owned pointer (if any), releasing ownership to the caller. The // caller is responsible for managing the lifetime of the reference. [[nodiscard]] T* release(); void swap(scoped_refptr& r) noexcept { std::swap(ptr_, r.ptr_); } explicit operator bool() const { return ptr_ != nullptr; } template friend bool operator==(const scoped_refptr& lhs, const scoped_refptr& rhs) { return lhs.ptr_ == rhs.ptr_; } // This operator is an optimization to avoid implicitly constructing a // scoped_refptr when comparing scoped_refptr against raw pointer. If the // implicit conversion is ever removed this operator can also be removed. template friend bool operator==(const scoped_refptr& lhs, const U* rhs) { return lhs.ptr_ == rhs; } friend bool operator==(const scoped_refptr& lhs, std::nullptr_t null) { return !static_cast(lhs); } template friend auto operator<=>(const scoped_refptr& lhs, const scoped_refptr& rhs) { return lhs.ptr_ <=> rhs.ptr_; } friend auto operator<=>(const scoped_refptr& lhs, std::nullptr_t null) { return lhs.ptr_ <=> static_cast(nullptr); } protected: // RAW_PTR_EXCLUSION: scoped_refptr<> has its own UaF prevention mechanism. // Given how widespread it is, we it'll likely a perf regression for no // additional security benefit. RAW_PTR_EXCLUSION T* ptr_ = nullptr; private: template friend scoped_refptr base::AdoptRef(U*); friend class ::base::SequencedTaskRunner; scoped_refptr(T* p, base::subtle::AdoptRefTag) : ptr_(p) {} // Friend required for move constructors that set r.ptr_ to null. template friend class scoped_refptr; // Non-inline helpers to allow: // class Opaque; // extern template class scoped_refptr; // Otherwise the compiler will complain that Opaque is an incomplete type. static void AddRef(T* ptr); static void Release(T* ptr); }; template T* scoped_refptr::release() { T* ptr = ptr_; ptr_ = nullptr; return ptr; } // static template void scoped_refptr::AddRef(T* ptr) { base::subtle::AssertRefCountBaseMatches(ptr, ptr); ptr->AddRef(); } // static template void scoped_refptr::Release(T* ptr) { base::subtle::AssertRefCountBaseMatches(ptr, ptr); ptr->Release(); } template std::ostream& operator<<(std::ostream& out, const scoped_refptr& p) { return out << p.get(); } template void swap(scoped_refptr& lhs, scoped_refptr& rhs) noexcept { lhs.swap(rhs); } #endif // BASE_MEMORY_SCOPED_REFPTR_H_