| blob | 6b1d2fe1c0338abd0b3f68898a981cd772bd4f09 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef mozilla_NotNull_h
8 #define mozilla_NotNull_h
10 // It's often unclear if a particular pointer, be it raw (T*) or smart
11 // (RefPtr<T>, nsCOMPtr<T>, etc.) can be null. This leads to missing null
12 // checks (which can cause crashes) and unnecessary null checks (which clutter
13 // the code).
14 //
15 // C++ has a built-in alternative that avoids these problems: references. This
16 // module defines another alternative, NotNull, which can be used in cases
17 // where references are not suitable.
18 //
19 // In the comments below we use the word "handle" to cover all varieties of
20 // pointers and references.
21 //
22 // References
23 // ----------
24 // References are always non-null. (You can do |T& r = *p;| where |p| is null,
25 // but that's undefined behaviour. C++ doesn't provide any built-in, ironclad
26 // guarantee of non-nullness.)
27 //
28 // A reference works well when you need a temporary handle to an existing
29 // single object, e.g. for passing a handle to a function, or as a local handle
30 // within another object. (In Rust parlance, this is a "borrow".)
31 //
32 // A reference is less appropriate in the following cases.
33 //
34 // - As a primary handle to an object. E.g. code such as this is possible but
35 // strange: |T& t = *new T(); ...; delete &t;|
36 //
37 // - As a handle to an array. It's common for |T*| to refer to either a single
38 // |T| or an array of |T|, but |T&| cannot refer to an array of |T| because
39 // you can't index off a reference (at least, not without first converting it
40 // to a pointer).
41 //
42 // - When the handle identity is meaningful, e.g. if you have a hashtable of
43 // handles, because you have to use |&| on the reference to convert it to a
44 // pointer.
45 //
46 // - Some people don't like using non-const references as function parameters,
47 // because it is not clear at the call site that the argument might be
48 // modified.
49 //
50 // - When you need "smart" behaviour. E.g. we lack reference equivalents to
51 // RefPtr and nsCOMPtr.
52 //
53 // - When interfacing with code that uses pointers a lot, sometimes using a
54 // reference just feels like an odd fit.
55 //
56 // Furthermore, a reference is impossible in the following cases.
57 //
58 // - When the handle is rebound to another object. References don't allow this.
59 //
60 // - When the handle has type |void|. |void&| is not allowed.
61 //
62 // NotNull is an alternative that can be used in any of the above cases except
63 // for the last one, where the handle type is |void|. See below.
65 #include <stddef.h>
67 #include <type_traits>
68 #include <utility>
77 T mPtr;
81 };
87 // NotNull can be used to wrap a "base" pointer (raw or smart) to indicate it
88 // is not null. Some examples:
89 //
90 // - NotNull<char*>
91 // - NotNull<RefPtr<Event>>
92 // - NotNull<nsCOMPtr<Event>>
93 // - NotNull<UniquePtr<Pointee>>
94 //
95 // NotNull has the following notable properties.
96 //
97 // - It has zero space overhead.
98 //
99 // - It must be initialized explicitly. There is no default initialization.
100 //
101 // - It auto-converts to the base pointer type.
102 //
103 // - It does not auto-convert from a base pointer. Implicit conversion from a
104 // less-constrained type (e.g. T*) to a more-constrained type (e.g.
105 // NotNull<T*>) is dangerous. Creation and assignment from a base pointer can
106 // only be done with WrapNotNull() or MakeNotNull<>(), which makes them
107 // impossible to overlook, both when writing and reading code.
108 //
109 // - When initialized (or assigned) it is checked, and if it is null we abort.
110 // This guarantees that it cannot be null.
111 //
112 // - |operator bool()| is deleted. This means you cannot check a NotNull in a
113 // boolean context, which eliminates the possibility of unnecessary null
114 // checks.
115 //
116 // - It is not movable, but copyable if the base pointer type is copyable. It
117 // may be used together with MovingNotNull to avoid unnecessary copies or when
118 // the base pointer type is not copyable (such as UniquePtr<T>).
119 //
133 // This constructor is only used by WrapNotNull() and MakeNotNull<U>().
140 }
143 // Disallow default construction.
146 // Construct/assign from another NotNull with a compatible base pointer type.
155 // Disallow null checks, which are unnecessary for this type.
158 // Explicit conversion to a base pointer. Use only to resolve ambiguity or to
159 // get a castable pointer.
162 // Implicit conversion to a base pointer. Preferable to get().
165 // Dereference operators.
168 }
171 }
173 // NotNull can be copied, but not moved. Moving a NotNull with a smart base
174 // pointer would leave a nullptr NotNull behind. The move operations must not
175 // be explicitly deleted though, since that would cause overload resolution to
176 // fail in situations where a copy is possible.
179 };
181 // Specialization for T* to allow adding MOZ_NONNULL_RETURN attributes.
195 // This constructor is only used by WrapNotNull() and MakeNotNull<U>().
200 // Disallow default construction.
203 // Construct/assign from another NotNull with a compatible base pointer type.
211 }
217 // Disallow null checks, which are unnecessary for this type.
220 // Explicit conversion to a base pointer. Use only to resolve ambiguity or to
221 // get a castable pointer.
224 // Implicit conversion to a base pointer. Preferable to get().
227 // Dereference operators.
230 };
236 }
238 // WrapNotNullUnchecked should only be used in situations, where it is
239 // statically known that aBasePtr is non-null, and redundant release assertions
240 // should be avoided. It is only defined for raw base pointers, since it is only
241 // needed for those right now. There is no fundamental reason not to allow
242 // arbitrary base pointers here.
246 }
251 #if defined(__clang__)
252 # pragma clang diagnostic push
254 #elif defined(__GNUC__)
255 # pragma GCC diagnostic push
257 #endif
259 #if defined(__clang__)
260 # pragma clang diagnostic pop
261 #elif defined(__GNUC__)
262 # pragma GCC diagnostic pop
263 #endif
265 }
267 // A variant of NotNull that can be used as a return value or parameter type and
268 // moved into both NotNull and non-NotNull targets. This is not possible with
269 // NotNull, as it is not movable. MovingNotNull can therefore not guarantee it
270 // is always non-nullptr, but it can't be dereferenced, and there are debug
271 // assertions that ensure it is only moved once.
277 T mBasePtr;
278 #ifdef DEBUG
280 #endif
282 // This constructor is only used by WrapNotNull() and MakeNotNull<U>().
285 #ifndef DEBUG
288 #endif
291 }
311 }
314 #ifdef DEBUG
317 #endif
319 }
323 };
328 }
334 }
338 // Extract the pointed-to type from a pointer type (be it raw or smart).
339 // The default implementation uses the dereferencing operator of the pointer
340 // type to find what it's pointing to.
343 // Remove the reference that dereferencing operators may return.
346 };
348 // Specializations for raw pointers.
349 // This is especially required because VS 2017 15.6 (March 2018) started
350 // rejecting the above `decltype(*std::declval<Pointer>())` trick for raw
351 // pointers.
352 // See bug 1443367.
357 };
363 };
367 // Allocate an object with infallible new, and wrap its pointer in NotNull.
368 // |MakeNotNull<Ptr<Ob>>(args...)| will run |new Ob(args...)|
369 // and return NotNull<Ptr<Ob>>.
376 }
378 // Compare two NotNulls.
382 }
386 }
388 // Compare a NotNull to a base pointer.
392 }
396 }
398 // Compare a base pointer to a NotNull.
402 }
406 }
408 // Disallow comparing a NotNull to a nullptr.
414 // Disallow comparing a nullptr to a NotNull.