| blob | 208ce320e0ae87cb5d1a4a41842306126496f792 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef mozilla_NotNull_h
8 #define mozilla_NotNull_h
10 // It's often unclear if a particular pointer, be it raw (T*) or smart
11 // (RefPtr<T>, nsCOMPtr<T>, etc.) can be null. This leads to missing null
12 // checks (which can cause crashes) and unnecessary null checks (which clutter
13 // the code).
14 //
15 // C++ has a built-in alternative that avoids these problems: references. This
16 // module defines another alternative, NotNull, which can be used in cases
17 // where references are not suitable.
18 //
19 // In the comments below we use the word "handle" to cover all varieties of
20 // pointers and references.
21 //
22 // References
23 // ----------
24 // References are always non-null. (You can do |T& r = *p;| where |p| is null,
25 // but that's undefined behaviour. C++ doesn't provide any built-in, ironclad
26 // guarantee of non-nullness.)
27 //
28 // A reference works well when you need a temporary handle to an existing
29 // single object, e.g. for passing a handle to a function, or as a local handle
30 // within another object. (In Rust parlance, this is a "borrow".)
31 //
32 // A reference is less appropriate in the following cases.
33 //
34 // - As a primary handle to an object. E.g. code such as this is possible but
35 // strange: |T& t = *new T(); ...; delete &t;|
36 //
37 // - As a handle to an array. It's common for |T*| to refer to either a single
38 // |T| or an array of |T|, but |T&| cannot refer to an array of |T| because
39 // you can't index off a reference (at least, not without first converting it
40 // to a pointer).
41 //
42 // - When the handle identity is meaningful, e.g. if you have a hashtable of
43 // handles, because you have to use |&| on the reference to convert it to a
44 // pointer.
45 //
46 // - Some people don't like using non-const references as function parameters,
47 // because it is not clear at the call site that the argument might be
48 // modified.
49 //
50 // - When you need "smart" behaviour. E.g. we lack reference equivalents to
51 // RefPtr and nsCOMPtr.
52 //
53 // - When interfacing with code that uses pointers a lot, sometimes using a
54 // reference just feels like an odd fit.
55 //
56 // Furthermore, a reference is impossible in the following cases.
57 //
58 // - When the handle is rebound to another object. References don't allow this.
59 //
60 // - When the handle has type |void|. |void&| is not allowed.
61 //
62 // NotNull is an alternative that can be used in any of the above cases except
63 // for the last one, where the handle type is |void|. See below.
65 #include <stddef.h>
67 #include <utility>
73 // NotNull can be used to wrap a "base" pointer (raw or smart) to indicate it
74 // is not null. Some examples:
75 //
76 // - NotNull<char*>
77 // - NotNull<RefPtr<Event>>
78 // - NotNull<nsCOMPtr<Event>>
79 //
80 // NotNull has the following notable properties.
81 //
82 // - It has zero space overhead.
83 //
84 // - It must be initialized explicitly. There is no default initialization.
85 //
86 // - It auto-converts to the base pointer type.
87 //
88 // - It does not auto-convert from a base pointer. Implicit conversion from a
89 // less-constrained type (e.g. T*) to a more-constrained type (e.g.
90 // NotNull<T*>) is dangerous. Creation and assignment from a base pointer can
91 // only be done with WrapNotNull() or MakeNotNull<>(), which makes them
92 // impossible to overlook, both when writing and reading code.
93 //
94 // - When initialized (or assigned) it is checked, and if it is null we abort.
95 // This guarantees that it cannot be null.
96 //
97 // - |operator bool()| is deleted. This means you cannot check a NotNull in a
98 // boolean context, which eliminates the possibility of unnecessary null
99 // checks.
100 //
101 // NotNull currently doesn't work with UniquePtr. See
102 // https://github.com/Microsoft/GSL/issues/89 for some discussion.
103 //
111 T mBasePtr;
113 // This constructor is only used by WrapNotNull() and MakeNotNull<U>().
118 // Disallow default construction.
121 // Construct/assign from another NotNull with a compatible base pointer type.
129 }
131 // Default copy/move construction and assignment.
137 // Disallow null checks, which are unnecessary for this type.
140 // Explicit conversion to a base pointer. Use only to resolve ambiguity or to
141 // get a castable pointer.
144 // Implicit conversion to a base pointer. Preferable to get().
147 // Dereference operators.
150 };
157 }
161 // Extract the pointed-to type from a pointer type (be it raw or smart).
162 // The default implementation uses the dereferencing operator of the pointer
163 // type to find what it's pointing to.
166 // Remove the reference that dereferencing operators may return.
169 };
171 // Specializations for raw pointers.
172 // This is especially required because VS 2017 15.6 (March 2018) started
173 // rejecting the above `decltype(*DeclVal<Pointer>())` trick for raw pointers.
174 // See bug 1443367.
179 };
185 };
189 // Allocate an object with infallible new, and wrap its pointer in NotNull.
190 // |MakeNotNull<Ptr<Ob>>(args...)| will run |new Ob(args...)|
191 // and return NotNull<Ptr<Ob>>.
198 }
200 // Compare two NotNulls.
204 }
208 }
210 // Compare a NotNull to a base pointer.
214 }
218 }
220 // Compare a base pointer to a NotNull.
224 }
228 }
230 // Disallow comparing a NotNull to a nullptr.
236 // Disallow comparing a nullptr to a NotNull.