| blob | bc53d635f1b7cd287bed23788512ecd60c612f39 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /* Smart pointer managing sole ownership of a resource. */
9 #ifndef mozilla_UniquePtr_h
10 #define mozilla_UniquePtr_h
37 };
40 class HasPointerType
47 };
52 };
56 typedef
58 };
62 /**
63 * UniquePtr is a smart pointer that wholly owns a resource. Ownership may be
64 * transferred out of a UniquePtr through explicit action, but otherwise the
65 * resource is destroyed when the UniquePtr is destroyed.
66 *
67 * UniquePtr is similar to C++98's std::auto_ptr, but it improves upon auto_ptr
68 * in one crucial way: it's impossible to copy a UniquePtr. Copying an auto_ptr
69 * obviously *can't* copy ownership of its singly-owned resource. So what
70 * happens if you try to copy one? Bizarrely, ownership is implicitly
71 * *transferred*, preserving single ownership but breaking code that assumes a
72 * copy of an object is identical to the original. (This is why auto_ptr is
73 * prohibited in STL containers.)
74 *
75 * UniquePtr solves this problem by being *movable* rather than copyable.
76 * Instead of passing a |UniquePtr u| directly to the constructor or assignment
77 * operator, you pass |Move(u)|. In doing so you indicate that you're *moving*
78 * ownership out of |u|, into the target of the construction/assignment. After
79 * the transfer completes, |u| contains |nullptr| and may be safely destroyed.
80 * This preserves single ownership but also allows UniquePtr to be moved by
81 * algorithms that have been made move-safe. (Note: if |u| is instead a
82 * temporary expression, don't use |Move()|: just pass the expression, because
83 * it's already move-ready. For more information see Move.h.)
84 *
85 * UniquePtr is also better than std::auto_ptr in that the deletion operation is
86 * customizable. An optional second template parameter specifies a class that
87 * (through its operator()(T*)) implements the desired deletion policy. If no
88 * policy is specified, mozilla::DefaultDelete<T> is used -- which will either
89 * |delete| or |delete[]| the resource, depending whether the resource is an
90 * array. Custom deletion policies ideally should be empty classes (no member
91 * fields, no member fields in base classes, no virtual methods/inheritance),
92 * because then UniquePtr can be just as efficient as a raw pointer.
93 *
94 * Use of UniquePtr proceeds like so:
95 *
96 * UniquePtr<int> g1; // initializes to nullptr
97 * g1.reset(new int); // switch resources using reset()
98 * g1 = nullptr; // clears g1, deletes the int
99 *
100 * UniquePtr<int> g2(new int); // owns that int
101 * int* p = g2.release(); // g2 leaks its int -- still requires deletion
102 * delete p; // now freed
103 *
104 * struct S { int x; S(int x) : x(x) {} };
105 * UniquePtr<S> g3, g4(new S(5));
106 * g3 = std::move(g4); // g3 owns the S, g4 cleared
107 * S* p = g3.get(); // g3 still owns |p|
108 * assert(g3->x == 5); // operator-> works (if .get() != nullptr)
109 * assert((*g3).x == 5); // also operator* (again, if not cleared)
110 * Swap(g3, g4); // g4 now owns the S, g3 cleared
111 * g3.swap(g4); // g3 now owns the S, g4 cleared
112 * UniquePtr<S> g5(std::move(g3)); // g5 owns the S, g3 cleared
113 * g5.reset(); // deletes the S, g5 cleared
114 *
115 * struct FreePolicy { void operator()(void* p) { free(p); } };
116 * UniquePtr<int, FreePolicy> g6(static_cast<int*>(malloc(sizeof(int))));
117 * int* ptr = g6.get();
118 * g6 = nullptr; // calls free(ptr)
119 *
120 * Now, carefully note a few things you *can't* do:
121 *
122 * UniquePtr<int> b1;
123 * b1 = new int; // BAD: can only assign another UniquePtr
124 * int* ptr = b1; // BAD: no auto-conversion to pointer, use get()
125 *
126 * UniquePtr<int> b2(b1); // BAD: can't copy a UniquePtr
127 * UniquePtr<int> b3 = b1; // BAD: can't copy-assign a UniquePtr
128 *
129 * (Note that changing a UniquePtr to store a direct |new| expression is
130 * permitted, but usually you should use MakeUnique, defined at the end of this
131 * header.)
132 *
133 * A few miscellaneous notes:
134 *
135 * UniquePtr, when not instantiated for an array type, can be move-constructed
136 * and move-assigned, not only from itself but from "derived" UniquePtr<U, E>
137 * instantiations where U converts to T and E converts to D. If you want to use
138 * this, you're going to have to specify a deletion policy for both UniquePtr
139 * instantations, and T pretty much has to have a virtual destructor. In other
140 * words, this doesn't work:
141 *
142 * struct Base { virtual ~Base() {} };
143 * struct Derived : Base {};
144 *
145 * UniquePtr<Base> b1;
146 * // BAD: DefaultDelete<Base> and DefaultDelete<Derived> don't interconvert
147 * UniquePtr<Derived> d1(std::move(b));
148 *
149 * UniquePtr<Base> b2;
150 * UniquePtr<Derived, DefaultDelete<Base>> d2(std::move(b2)); // okay
151 *
152 * UniquePtr is specialized for array types. Specializing with an array type
153 * creates a smart-pointer version of that array -- not a pointer to such an
154 * array.
155 *
156 * UniquePtr<int[]> arr(new int[5]);
157 * arr[0] = 4;
158 *
159 * What else is different? Deletion of course uses |delete[]|. An operator[]
160 * is provided. Functionality that doesn't make sense for arrays is removed.
161 * The constructors and mutating methods only accept array pointers (not T*, U*
162 * that converts to T*, or UniquePtr<U[]> or UniquePtr<U>) or |nullptr|.
163 *
164 * It's perfectly okay for a function to return a UniquePtr. This transfers
165 * the UniquePtr's sole ownership of the data, to the fresh UniquePtr created
166 * in the calling function, that will then solely own that data. Such functions
167 * can return a local variable UniquePtr, |nullptr|, |UniquePtr(ptr)| where
168 * |ptr| is a |T*|, or a UniquePtr |Move()|'d from elsewhere.
169 *
170 * UniquePtr will commonly be a member of a class, with lifetime equivalent to
171 * that of that class. If you want to expose the related resource, you could
172 * expose a raw pointer via |get()|, but ownership of a raw pointer is
173 * inherently unclear. So it's better to expose a |const UniquePtr&| instead.
174 * This prohibits mutation but still allows use of |get()| when needed (but
175 * operator-> is preferred). Of course, you can only use this smart pointer as
176 * long as the enclosing class instance remains live -- no different than if you
177 * exposed the |get()| raw pointer.
178 *
179 * To pass a UniquePtr-managed resource as a pointer, use a |const UniquePtr&|
180 * argument. To specify an inout parameter (where the method may or may not
181 * take ownership of the resource, or reset it), or to specify an out parameter
182 * (where simply returning a |UniquePtr| isn't possible), use a |UniquePtr&|
183 * argument. To unconditionally transfer ownership of a UniquePtr
184 * into a method, use a |UniquePtr| argument. To conditionally transfer
185 * ownership of a resource into a method, should the method want it, use a
186 * |UniquePtr&&| argument.
187 */
205 /**
206 * Construct a UniquePtr containing |nullptr|.
207 */
211 }
213 /**
214 * Construct a UniquePtr containing |aPtr|.
215 */
219 }
225 // If you encounter an error with MSVC10 about RemoveReference below, along
226 // the lines that "more than one partial specialization matches the template
227 // argument list": don't use UniquePtr<T, reference to function>! Ideally
228 // you should make deletion use the same function every time, using a
229 // deleter policy:
230 //
231 // // BAD, won't compile with MSVC10, deleter doesn't need to be a
232 // // variable at all
233 // typedef void (&FreeSignature)(void*);
234 // UniquePtr<int, FreeSignature> ptr((int*) malloc(sizeof(int)), free);
235 //
236 // // GOOD, compiles with MSVC10, deletion behavior statically known and
237 // // optimizable
238 // struct DeleteByFreeing
239 // {
240 // void operator()(void* aPtr) { free(aPtr); }
241 // };
242 //
243 // If deletion really, truly, must be a variable: you might be able to work
244 // around this with a deleter class that contains the function reference.
245 // But this workaround is untried and untested, because variable deletion
246 // behavior really isn't something you should use.
251 }
257 MOZ_IMPLICIT
261 }
266 typename EnableIf<
280 }
293 }
298 }
304 }
317 }
324 }
325 }
332 };
334 // In case you didn't read the comment by the main definition (you should!): the
335 // UniquePtr<T[]> specialization exists to manage array pointers. It deletes
336 // such pointers using delete[], it will reject construction and modification
337 // attempts using U* or U[]. Otherwise it works like the normal UniquePtr.
349 /**
350 * Construct a UniquePtr containing nullptr.
351 */
355 }
357 /**
358 * Construct a UniquePtr containing |aPtr|.
359 */
363 }
365 // delete[] knows how to handle *only* an array of a single class type. For
366 // delete[] to work correctly, it must know the size of each element, the
367 // fields and base classes of each element requiring destruction, and so on.
368 // So forbid all overloads which would end up invoking delete[] on a pointer
369 // of the wrong type.
380 // If you encounter an error with MSVC10 about RemoveReference below, along
381 // the lines that "more than one partial specialization matches the template
382 // argument list": don't use UniquePtr<T[], reference to function>! See the
383 // comment by this constructor in the non-T[] specialization above.
388 }
390 // Forbidden for the same reasons as stated above.
401 MOZ_IMPLICIT
405 }
413 }
418 }
432 }
439 }
440 }
447 }
448 }
458 };
460 /**
461 * A default deletion policy using plain old operator delete.
462 *
463 * Note that this type can be specialized, but authors should beware of the risk
464 * that the specialization may at some point cease to match (either because it
465 * gets moved to a different compilation unit or the signature changes). If the
466 * non-specialized (|delete|-based) version compiles for that type but does the
467 * wrong thing, bad things could happen.
468 *
469 * This is a non-issue for types which are always incomplete (i.e. opaque handle
470 * types), since |delete|-ing such a type will always trigger a compilation
471 * error.
472 */
487 }
488 };
490 /** A default deletion policy using operator delete[]. */
499 }
503 };
508 }
513 }
518 }
523 }
528 }
533 }
538 }
540 // No operator<, operator>, operator<=, operator>= for now because simplicity.
547 };
552 };
557 };
561 /**
562 * MakeUnique is a helper function for allocating new'd objects and arrays,
563 * returning a UniquePtr containing the resulting pointer. The semantics of
564 * MakeUnique<Type>(...) are as follows.
565 *
566 * If Type is an array T[n]:
567 * Disallowed, deleted, no overload for you!
568 * If Type is an array T[]:
569 * MakeUnique<T[]>(size_t) is the only valid overload. The pointer returned
570 * is as if by |new T[n]()|, which value-initializes each element. (If T
571 * isn't a class type, this will zero each element. If T is a class type,
572 * then roughly speaking, each element will be constructed using its default
573 * constructor. See C++11 [dcl.init]p7 for the full gory details.)
574 * If Type is non-array T:
575 * The arguments passed to MakeUnique<T>(...) are forwarded into a
576 * |new T(...)| call, initializing the T as would happen if executing
577 * |T(...)|.
578 *
579 * There are various benefits to using MakeUnique instead of |new| expressions.
580 *
581 * First, MakeUnique eliminates use of |new| from code entirely. If objects are
582 * only created through UniquePtr, then (assuming all explicit release() calls
583 * are safe, including transitively, and no type-safety casting funniness)
584 * correctly maintained ownership of the UniquePtr guarantees no leaks are
585 * possible. (This pays off best if a class is only ever created through a
586 * factory method on the class, using a private constructor.)
587 *
588 * Second, initializing a UniquePtr using a |new| expression requires repeating
589 * the name of the new'd type, whereas MakeUnique in concert with the |auto|
590 * keyword names it only once:
591 *
592 * UniquePtr<char> ptr1(new char()); // repetitive
593 * auto ptr2 = MakeUnique<char>(); // shorter
594 *
595 * Of course this assumes the reader understands the operation MakeUnique
596 * performs. In the long run this is probably a reasonable assumption. In the
597 * short run you'll have to use your judgment about what readers can be expected
598 * to know, or to quickly look up.
599 *
600 * Third, a call to MakeUnique can be assigned directly to a UniquePtr. In
601 * contrast you can't assign a pointer into a UniquePtr without using the
602 * cumbersome reset().
603 *
604 * UniquePtr<char> p;
605 * p = new char; // ERROR
606 * p.reset(new char); // works, but fugly
607 * p = MakeUnique<char>(); // preferred
608 *
609 * (And third, although not relevant to Mozilla: MakeUnique is exception-safe.
610 * An exception thrown after |new T| succeeds will leak that memory, unless the
611 * pointer is assigned to an object that will manage its ownership. UniquePtr
612 * ably serves this function.)
613 */
618 }
625 }
631 /**
632 * WrapUnique is a helper function to transfer ownership from a raw pointer
633 * into a UniquePtr<T>. It can only be used with a single non-array type.
634 *
635 * It is generally used this way:
636 *
637 * auto p = WrapUnique(new char);
638 *
639 * It can be used when MakeUnique is not usable, for example, when the
640 * constructor you are using is private, or you want to use aggregate
641 * initialization.
642 */
647 }