| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Firefox/mfbt/ (Browser von der Mozilla Stiftung Version 136.0.1©) Datei vom 10.2.2025 mit Größe 4 kB |
|
Quelle NonDereferenceable.h Sprache: C |
|||||||||
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef mozilla_NonDereferenceable_h #define mozilla_NonDereferenceable_h /* A pointer wrapper indicating that the pointer should not be dereferenced. */ #include "mozilla/Attributes.h" #include <cstdint> // Macro indicating that a function manipulates a pointer that will not be // dereferenced, and therefore there is no need to check the object. #if defined(__clang__) # define NO_POINTEE_CHECKS __attribute__((no_sanitize("vptr"))) #else # define NO_POINTEE_CHECKS /* nothing */ #endif namespace mozilla { // NonDereferenceable<T> wraps a raw pointer value of type T*, but prevents // dereferencing. // // The main use case is for pointers that referencing memory that may not // contain a valid object, either because the object has already been freed, or // is under active construction or destruction (and hence parts of it may be // uninitialized or destructed.) // Such a pointer may still be useful, e.g., for its numeric value for // logging/debugging purposes, which may be accessed with `value()`. // Using NonDereferenceable with such pointers will make this intent clearer, // and prevent misuses. // // Note that NonDereferenceable is only a wrapper and is NOT an owning pointer, // i.e., it will not release/free the object. // // NonDereferenceable allows conversions between compatible pointer types, e.g., // to navigate a class hierarchy and identify parent/sub-objects. Note that the // converted pointers stay safely NonDereferenceable. // // Use of NonDereferenceable is required to avoid errors from sanitization tools // like `clang++ -fsanitize=vptr`, and should prevent false positives while // pointers are manipulated within NonDereferenceable objects. // template <typename T> class NonDereferenceable { public: // Default construction with a null value. NonDereferenceable() : mPtr(nullptr) {} // Default copy construction and assignment. NO_POINTEE_CHECKS NonDereferenceable(const NonDereferenceable&) = default; NO_POINTEE_CHECKS NonDereferenceable<T>& operator=(const NonDereferenceable&) = default; // No move operations, as we're only carrying a non-owning pointer, so // copying is most efficient. // Construct/assign from a T* raw pointer. // A raw pointer should usually point at a valid object, however we want to // leave the ability to the user to create a NonDereferenceable from any // pointer. Also, strictly speaking, in a constructor or destructor, `this` // points at an object still being constructed or already partially // destructed, which some very sensitive sanitizers could complain about. NO_POINTEE_CHECKS explicit NonDereferenceable(T* aPtr) : mPtr(aPtr) {} NO_POINTEE_CHECKS NonDereferenceable& operator=(T* aPtr) { mPtr = aPtr; return *this; } // Construct/assign from a compatible pointer type. template <typename U> NO_POINTEE_CHECKS explicit NonDereferenceable(U* aOther) : mPtr(static_cast<T*>(aOther)) {} template <typename U> NO_POINTEE_CHECKS NonDereferenceable& operator=(U* aOther) { mPtr = static_cast<T*>(aOther); return *this; } // Construct/assign from a NonDereferenceable with a compatible pointer type. template <typename U> NO_POINTEE_CHECKS MOZ_IMPLICIT NonDereferenceable(const NonDereferenceable<U>& aOther) : mPtr(static_cast<T*>(aOther.mPtr)) {} template <typename U> NO_POINTEE_CHECKS NonDereferenceable& operator=( const NonDereferenceable<U>& aOther) { mPtr = static_cast<T*>(aOther.mPtr); return *this; } // Explicitly disallow dereference operators, so that compiler errors point // at these lines: T& operator*() = delete; // Cannot dereference NonDereferenceable! T* operator->() = delete; // Cannot dereference NonDereferenceable! // Null check. NO_POINTEE_CHECKS explicit operator bool() const { return !!mPtr; } // Extract the pointer value, untyped. NO_POINTEE_CHECKS uintptr_t value() const { return reinterpret_cast<uintptr_t>(mPtr); } private: // Let other NonDereferenceable templates access mPtr, to permit construction/ // assignment from compatible pointer types. template <typename> friend class NonDereferenceable; T* MOZ_NON_OWNING_REF mPtr; }; } // namespace mozilla #undef NO_POINTEE_CHECKS #endif /* mozilla_NonDereferenceable_h */ ¤ Dauer der Verarbeitung: 0.12 Sekunden (vorverarbeitet) ¤*© Formatika GbR, Deutschland |
|
2026-03-28