search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1885565 - Part 1: Add mozac_ic_avatar_circle_24 to ui-icons r=android-reviewers...
[gecko.git] / mfbt / RangedPtr.h
blob65db3b034ac2f7d589a8cbb37632ec228c4e8b22
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 /*
8 * Implements a smart pointer asserted to remain within a range specified at
9 * construction.
10 */
11
12 #ifndef mozilla_RangedPtr_h
13 #define mozilla_RangedPtr_h
14
15 #include "mozilla/ArrayUtils.h"
16 #include "mozilla/Assertions.h"
17 #include "mozilla/Attributes.h"
18
19 #include <stdint.h>
20 #include <cstddef>
21
22 namespace mozilla {
23
24 /*
25 * RangedPtr is a smart pointer restricted to an address range specified at
26 * creation. The pointer (and any smart pointers derived from it) must remain
27 * within the range [start, end] (inclusive of end to facilitate use as
28 * sentinels). Dereferencing or indexing into the pointer (or pointers derived
29 * from it) must remain within the range [start, end). All the standard pointer
30 * operators are defined on it; in debug builds these operations assert that the
31 * range specified at construction is respected.
32 *
33 * In theory passing a smart pointer instance as an argument can be slightly
34 * slower than passing a T* (due to ABI requirements for passing structs versus
35 * passing pointers), if the method being called isn't inlined. If you are in
36 * extremely performance-critical code, you may want to be careful using this
37 * smart pointer as an argument type.
38 *
39 * RangedPtr<T> intentionally does not implicitly convert to T*. Use get() to
40 * explicitly convert to T*. Keep in mind that the raw pointer of course won't
41 * implement bounds checking in debug builds.
42 */
43 template <typename T>
44 class RangedPtr {
45 template <typename U>
46 friend class RangedPtr;
47
48 T* mPtr;
49
50 #if defined(DEBUG) || defined(FUZZING)
51 T* const mRangeStart;
52 T* const mRangeEnd;
53 #endif
54
55 void checkSanity() {
56 MOZ_ASSERT_DEBUG_OR_FUZZING(mRangeStart <= mPtr);
57 MOZ_ASSERT_DEBUG_OR_FUZZING(mPtr <= mRangeEnd);
58 }
59
60 /* Creates a new pointer for |aPtr|, restricted to this pointer's range. */
61 RangedPtr<T> create(T* aPtr) const {
62 #if defined(DEBUG) || defined(FUZZING)
63 return RangedPtr<T>(aPtr, mRangeStart, mRangeEnd);
64 #else
65 return RangedPtr<T>(aPtr, nullptr, size_t(0));
66 #endif
67 }
68
69 uintptr_t asUintptr() const { return reinterpret_cast<uintptr_t>(mPtr); }
70
71 public:
72 RangedPtr(T* aPtr, T* aStart, T* aEnd)
73 : mPtr(aPtr)
74 #if defined(DEBUG) || defined(FUZZING)
75 ,
76 mRangeStart(aStart),
77 mRangeEnd(aEnd)
78 #endif
79 {
80 MOZ_ASSERT_DEBUG_OR_FUZZING(mRangeStart <= mRangeEnd);
81 checkSanity();
82 }
83 RangedPtr(T* aPtr, T* aStart, size_t aLength)
84 : mPtr(aPtr)
85 #if defined(DEBUG) || defined(FUZZING)
86 ,
87 mRangeStart(aStart),
88 mRangeEnd(aStart + aLength)
89 #endif
90 {
91 MOZ_ASSERT_DEBUG_OR_FUZZING(aLength <= size_t(-1) / sizeof(T));
92 MOZ_ASSERT_DEBUG_OR_FUZZING(reinterpret_cast<uintptr_t>(mRangeStart) +
93 aLength * sizeof(T) >=
94 reinterpret_cast<uintptr_t>(mRangeStart));
95 checkSanity();
96 }
97
98 /* Equivalent to RangedPtr(aPtr, aPtr, aLength). */
99 RangedPtr(T* aPtr, size_t aLength)
100 : mPtr(aPtr)
101 #if defined(DEBUG) || defined(FUZZING)
102 ,
103 mRangeStart(aPtr),
104 mRangeEnd(aPtr + aLength)
105 #endif
106 {
107 MOZ_ASSERT_DEBUG_OR_FUZZING(aLength <= size_t(-1) / sizeof(T));
108 MOZ_ASSERT_DEBUG_OR_FUZZING(reinterpret_cast<uintptr_t>(mRangeStart) +
109 aLength * sizeof(T) >=
110 reinterpret_cast<uintptr_t>(mRangeStart));
111 checkSanity();
112 }
113
114 /* Equivalent to RangedPtr(aArr, aArr, N). */
115 template <size_t N>
116 explicit RangedPtr(T (&aArr)[N])
117 : mPtr(aArr)
118 #if defined(DEBUG) || defined(FUZZING)
119 ,
120 mRangeStart(aArr),
121 mRangeEnd(aArr + N)
122 #endif
123 {
124 checkSanity();
125 }
126
127 RangedPtr(const RangedPtr& aOther)
128 : mPtr(aOther.mPtr)
129 #if defined(DEBUG) || defined(FUZZING)
130 ,
131 mRangeStart(aOther.mRangeStart),
132 mRangeEnd(aOther.mRangeEnd)
133 #endif
134 {
135 checkSanity();
136 }
137
138 template <typename U>
139 MOZ_IMPLICIT RangedPtr(const RangedPtr<U>& aOther)
140 : mPtr(aOther.mPtr)
141 #if defined(DEBUG) || defined(FUZZING)
142 ,
143 mRangeStart(aOther.mRangeStart),
144 mRangeEnd(aOther.mRangeEnd)
145 #endif
146 {
147 checkSanity();
148 }
149
150 T* get() const { return mPtr; }
151
152 explicit operator bool() const { return mPtr != nullptr; }
153
154 void checkIdenticalRange(const RangedPtr<T>& aOther) const {
155 MOZ_ASSERT_DEBUG_OR_FUZZING(mRangeStart == aOther.mRangeStart);
156 MOZ_ASSERT_DEBUG_OR_FUZZING(mRangeEnd == aOther.mRangeEnd);
157 }
158
159 template <typename U>
160 RangedPtr<U> ReinterpretCast() const {
161 #if defined(DEBUG) || defined(FUZZING)
162 return {reinterpret_cast<U*>(mPtr), reinterpret_cast<U*>(mRangeStart),
163 reinterpret_cast<U*>(mRangeEnd)};
164 #else
165 return {reinterpret_cast<U*>(mPtr), nullptr, nullptr};
166 #endif
167 }
168
169 /*
170 * You can only assign one RangedPtr into another if the two pointers have
171 * the same valid range:
172 *
173 * char arr1[] = "hi";
174 * char arr2[] = "bye";
175 * RangedPtr<char> p1(arr1, 2);
176 * p1 = RangedPtr<char>(arr1 + 1, arr1, arr1 + 2); // works
177 * p1 = RangedPtr<char>(arr2, 3); // asserts
178 */
179 RangedPtr<T>& operator=(const RangedPtr<T>& aOther) {
180 checkIdenticalRange(aOther);
181 mPtr = aOther.mPtr;
182 checkSanity();
183 return *this;
184 }
185
186 RangedPtr<T> operator+(size_t aInc) const {
187 MOZ_ASSERT_DEBUG_OR_FUZZING(aInc <= size_t(-1) / sizeof(T));
188 MOZ_ASSERT_DEBUG_OR_FUZZING(asUintptr() + aInc * sizeof(T) >= asUintptr());
189 return create(mPtr + aInc);
190 }
191
192 RangedPtr<T> operator-(size_t aDec) const {
193 MOZ_ASSERT_DEBUG_OR_FUZZING(aDec <= size_t(-1) / sizeof(T));
194 MOZ_ASSERT_DEBUG_OR_FUZZING(asUintptr() - aDec * sizeof(T) <= asUintptr());
195 return create(mPtr - aDec);
196 }
197
198 /*
199 * You can assign a raw pointer into a RangedPtr if the raw pointer is
200 * within the range specified at creation.
201 */
202 template <typename U>
203 RangedPtr<T>& operator=(U* aPtr) {
204 *this = create(aPtr);
205 return *this;
206 }
207
208 template <typename U>
209 RangedPtr<T>& operator=(const RangedPtr<U>& aPtr) {
210 MOZ_ASSERT_DEBUG_OR_FUZZING(mRangeStart <= aPtr.mPtr);
211 MOZ_ASSERT_DEBUG_OR_FUZZING(aPtr.mPtr <= mRangeEnd);
212 mPtr = aPtr.mPtr;
213 checkSanity();
214 return *this;
215 }
216
217 RangedPtr<T>& operator++() { return (*this += 1); }
218
219 RangedPtr<T> operator++(int) {
220 RangedPtr<T> rcp = *this;
221 ++*this;
222 return rcp;
223 }
224
225 RangedPtr<T>& operator--() { return (*this -= 1); }
226
227 RangedPtr<T> operator--(int) {
228 RangedPtr<T> rcp = *this;
229 --*this;
230 return rcp;
231 }
232
233 RangedPtr<T>& operator+=(size_t aInc) {
234 *this = *this + aInc;
235 return *this;
236 }
237
238 RangedPtr<T>& operator-=(size_t aDec) {
239 *this = *this - aDec;
240 return *this;
241 }
242
243 T& operator[](ptrdiff_t aIndex) const {
244 MOZ_ASSERT_DEBUG_OR_FUZZING(size_t(aIndex > 0 ? aIndex : -aIndex) <=
245 size_t(-1) / sizeof(T));
246 return *create(mPtr + aIndex);
247 }
248
249 T& operator*() const {
250 MOZ_ASSERT_DEBUG_OR_FUZZING(mPtr >= mRangeStart);
251 MOZ_ASSERT_DEBUG_OR_FUZZING(mPtr < mRangeEnd);
252 return *mPtr;
253 }
254
255 T* operator->() const {
256 MOZ_ASSERT_DEBUG_OR_FUZZING(mPtr >= mRangeStart);
257 MOZ_ASSERT_DEBUG_OR_FUZZING(mPtr < mRangeEnd);
258 return mPtr;
259 }
260
261 template <typename U>
262 bool operator==(const RangedPtr<U>& aOther) const {
263 return mPtr == aOther.mPtr;
264 }
265 template <typename U>
266 bool operator!=(const RangedPtr<U>& aOther) const {
267 return !(*this == aOther);
268 }
269
270 template <typename U>
271 bool operator==(const U* u) const {
272 return mPtr == u;
273 }
274 template <typename U>
275 bool operator!=(const U* u) const {
276 return !(*this == u);
277 }
278
279 bool operator==(std::nullptr_t) const { return mPtr == nullptr; }
280 bool operator!=(std::nullptr_t) const { return mPtr != nullptr; }
281
282 template <typename U>
283 bool operator<(const RangedPtr<U>& aOther) const {
284 return mPtr < aOther.mPtr;
285 }
286 template <typename U>
287 bool operator<=(const RangedPtr<U>& aOther) const {
288 return mPtr <= aOther.mPtr;
289 }
290
291 template <typename U>
292 bool operator>(const RangedPtr<U>& aOther) const {
293 return mPtr > aOther.mPtr;
294 }
295 template <typename U>
296 bool operator>=(const RangedPtr<U>& aOther) const {
297 return mPtr >= aOther.mPtr;
298 }
299
300 size_t operator-(const RangedPtr<T>& aOther) const {
301 MOZ_ASSERT_DEBUG_OR_FUZZING(mPtr >= aOther.mPtr);
302 return PointerRangeSize(aOther.mPtr, mPtr);
303 }
304
305 private:
306 RangedPtr() = delete;
307 };
308
309 } /* namespace mozilla */
310
311 #endif /* mozilla_RangedPtr_h */