mirror of
https://bitbucket.org/chromiumembedded/cef
synced 2024-12-11 09:08:06 +01:00
d2c884da86
If a WeakPtr references an already-destroyed object, operator-> and operator* end up simply dereferencing nullptr. However, dereferencing nullptr is undefined behavior and can be optimized in surprising ways by compilers. To prevent this from happening, add a defence of last resort and CHECK that the WeakPtr is still valid. Based on https://crrev.com/bbb64b5c69
386 lines
13 KiB
C++
386 lines
13 KiB
C++
// Copyright (c) 2014 Marshall A. Greenblatt. Portions copyright (c) 2012
|
|
// Google Inc. All rights reserved.
|
|
//
|
|
// Redistribution and use in source and binary forms, with or without
|
|
// modification, are permitted provided that the following conditions are
|
|
// met:
|
|
//
|
|
// * Redistributions of source code must retain the above copyright
|
|
// notice, this list of conditions and the following disclaimer.
|
|
// * Redistributions in binary form must reproduce the above
|
|
// copyright notice, this list of conditions and the following disclaimer
|
|
// in the documentation and/or other materials provided with the
|
|
// distribution.
|
|
// * Neither the name of Google Inc. nor the name Chromium Embedded
|
|
// Framework nor the names of its contributors may be used to endorse
|
|
// or promote products derived from this software without specific prior
|
|
// written permission.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
// Weak pointers are pointers to an object that do not affect its lifetime,
|
|
// and which may be invalidated (i.e. reset to NULL) by the object, or its
|
|
// owner, at any time, most commonly when the object is about to be deleted.
|
|
|
|
// Weak pointers are useful when an object needs to be accessed safely by one
|
|
// or more objects other than its owner, and those callers can cope with the
|
|
// object vanishing and e.g. tasks posted to it being silently dropped.
|
|
// Reference-counting such an object would complicate the ownership graph and
|
|
// make it harder to reason about the object's lifetime.
|
|
|
|
// EXAMPLE:
|
|
//
|
|
// class Controller {
|
|
// public:
|
|
// Controller() : weak_factory_(this) {}
|
|
// void SpawnWorker() { Worker::StartNew(weak_factory_.GetWeakPtr()); }
|
|
// void WorkComplete(const Result& result) { ... }
|
|
// private:
|
|
// // Member variables should appear before the WeakPtrFactory, to ensure
|
|
// // that any WeakPtrs to Controller are invalidated before its members
|
|
// // variable's destructors are executed, rendering them invalid.
|
|
// WeakPtrFactory<Controller> weak_factory_;
|
|
// };
|
|
//
|
|
// class Worker {
|
|
// public:
|
|
// static void StartNew(const WeakPtr<Controller>& controller) {
|
|
// Worker* worker = new Worker(controller);
|
|
// // Kick off asynchronous processing...
|
|
// }
|
|
// private:
|
|
// Worker(const WeakPtr<Controller>& controller)
|
|
// : controller_(controller) {}
|
|
// void DidCompleteAsynchronousProcessing(const Result& result) {
|
|
// if (controller_)
|
|
// controller_->WorkComplete(result);
|
|
// }
|
|
// WeakPtr<Controller> controller_;
|
|
// };
|
|
//
|
|
// With this implementation a caller may use SpawnWorker() to dispatch multiple
|
|
// Workers and subsequently delete the Controller, without waiting for all
|
|
// Workers to have completed.
|
|
|
|
// ------------------------- IMPORTANT: Thread-safety -------------------------
|
|
|
|
// Weak pointers may be passed safely between threads, but must always be
|
|
// dereferenced and invalidated on the same thread otherwise checking the
|
|
// pointer would be racey.
|
|
//
|
|
// To ensure correct use, the first time a WeakPtr issued by a WeakPtrFactory
|
|
// is dereferenced, the factory and its WeakPtrs become bound to the calling
|
|
// thread, and cannot be dereferenced or invalidated on any other thread. Bound
|
|
// WeakPtrs can still be handed off to other threads, e.g. to use to post tasks
|
|
// back to object on the bound thread.
|
|
//
|
|
// If all WeakPtr objects are destroyed or invalidated then the factory is
|
|
// unbound from the SequencedTaskRunner/Thread. The WeakPtrFactory may then be
|
|
// destroyed, or new WeakPtr objects may be used, from a different sequence.
|
|
//
|
|
// Thus, at least one WeakPtr object must exist and have been dereferenced on
|
|
// the correct thread to enforce that other WeakPtr objects will enforce they
|
|
// are used on the desired thread.
|
|
|
|
#ifndef CEF_INCLUDE_BASE_CEF_WEAK_PTR_H_
|
|
#define CEF_INCLUDE_BASE_CEF_WEAK_PTR_H_
|
|
#pragma once
|
|
|
|
#if defined(BASE_MEMORY_WEAK_PTR_H_)
|
|
// Do nothing if the Chromium header has already been included.
|
|
// This can happen in cases where Chromium code is used directly by the
|
|
// client application. When using Chromium code directly always include
|
|
// the Chromium header first to avoid type conflicts.
|
|
#elif defined(USING_CHROMIUM_INCLUDES)
|
|
// When building CEF include the Chromium header directly.
|
|
#include "base/memory/weak_ptr.h"
|
|
#else // !USING_CHROMIUM_INCLUDES
|
|
// The following is substantially similar to the Chromium implementation.
|
|
// If the Chromium implementation diverges the below implementation should be
|
|
// updated to match.
|
|
|
|
#include "include/base/cef_basictypes.h"
|
|
#include "include/base/cef_logging.h"
|
|
#include "include/base/cef_ref_counted.h"
|
|
#include "include/base/cef_template_util.h"
|
|
#include "include/base/cef_thread_checker.h"
|
|
|
|
namespace base {
|
|
|
|
template <typename T>
|
|
class SupportsWeakPtr;
|
|
template <typename T>
|
|
class WeakPtr;
|
|
|
|
namespace cef_internal {
|
|
// These classes are part of the WeakPtr implementation.
|
|
// DO NOT USE THESE CLASSES DIRECTLY YOURSELF.
|
|
|
|
class WeakReference {
|
|
public:
|
|
// Although Flag is bound to a specific thread, it may be deleted from another
|
|
// via base::WeakPtr::~WeakPtr().
|
|
class Flag : public RefCountedThreadSafe<Flag> {
|
|
public:
|
|
Flag();
|
|
|
|
void Invalidate();
|
|
bool IsValid() const;
|
|
|
|
private:
|
|
friend class base::RefCountedThreadSafe<Flag>;
|
|
|
|
~Flag();
|
|
|
|
// The current Chromium implementation uses SequenceChecker instead of
|
|
// ThreadChecker to support SequencedWorkerPools. CEF does not yet expose
|
|
// the concept of SequencedWorkerPools.
|
|
ThreadChecker thread_checker_;
|
|
bool is_valid_;
|
|
};
|
|
|
|
WeakReference();
|
|
explicit WeakReference(const Flag* flag);
|
|
~WeakReference();
|
|
|
|
bool is_valid() const;
|
|
|
|
private:
|
|
scoped_refptr<const Flag> flag_;
|
|
};
|
|
|
|
class WeakReferenceOwner {
|
|
public:
|
|
WeakReferenceOwner();
|
|
~WeakReferenceOwner();
|
|
|
|
WeakReference GetRef() const;
|
|
|
|
bool HasRefs() const { return flag_.get() && !flag_->HasOneRef(); }
|
|
|
|
void Invalidate();
|
|
|
|
private:
|
|
mutable scoped_refptr<WeakReference::Flag> flag_;
|
|
};
|
|
|
|
// This class simplifies the implementation of WeakPtr's type conversion
|
|
// constructor by avoiding the need for a public accessor for ref_. A
|
|
// WeakPtr<T> cannot access the private members of WeakPtr<U>, so this
|
|
// base class gives us a way to access ref_ in a protected fashion.
|
|
class WeakPtrBase {
|
|
public:
|
|
WeakPtrBase();
|
|
~WeakPtrBase();
|
|
|
|
protected:
|
|
explicit WeakPtrBase(const WeakReference& ref);
|
|
|
|
WeakReference ref_;
|
|
};
|
|
|
|
// This class provides a common implementation of common functions that would
|
|
// otherwise get instantiated separately for each distinct instantiation of
|
|
// SupportsWeakPtr<>.
|
|
class SupportsWeakPtrBase {
|
|
public:
|
|
// A safe static downcast of a WeakPtr<Base> to WeakPtr<Derived>. This
|
|
// conversion will only compile if there is exists a Base which inherits
|
|
// from SupportsWeakPtr<Base>. See base::AsWeakPtr() below for a helper
|
|
// function that makes calling this easier.
|
|
template <typename Derived>
|
|
static WeakPtr<Derived> StaticAsWeakPtr(Derived* t) {
|
|
typedef is_convertible<Derived, cef_internal::SupportsWeakPtrBase&>
|
|
convertible;
|
|
COMPILE_ASSERT(convertible::value,
|
|
AsWeakPtr_argument_inherits_from_SupportsWeakPtr);
|
|
return AsWeakPtrImpl<Derived>(t, *t);
|
|
}
|
|
|
|
private:
|
|
// This template function uses type inference to find a Base of Derived
|
|
// which is an instance of SupportsWeakPtr<Base>. We can then safely
|
|
// static_cast the Base* to a Derived*.
|
|
template <typename Derived, typename Base>
|
|
static WeakPtr<Derived> AsWeakPtrImpl(Derived* t,
|
|
const SupportsWeakPtr<Base>&) {
|
|
WeakPtr<Base> ptr = t->Base::AsWeakPtr();
|
|
return WeakPtr<Derived>(ptr.ref_, static_cast<Derived*>(ptr.ptr_));
|
|
}
|
|
};
|
|
|
|
} // namespace cef_internal
|
|
|
|
template <typename T>
|
|
class WeakPtrFactory;
|
|
|
|
// The WeakPtr class holds a weak reference to |T*|.
|
|
//
|
|
// This class is designed to be used like a normal pointer. You should always
|
|
// null-test an object of this class before using it or invoking a method that
|
|
// may result in the underlying object being destroyed.
|
|
//
|
|
// EXAMPLE:
|
|
//
|
|
// class Foo { ... };
|
|
// WeakPtr<Foo> foo;
|
|
// if (foo)
|
|
// foo->method();
|
|
//
|
|
template <typename T>
|
|
class WeakPtr : public cef_internal::WeakPtrBase {
|
|
public:
|
|
WeakPtr() : ptr_(NULL) {}
|
|
|
|
// Allow conversion from U to T provided U "is a" T. Note that this
|
|
// is separate from the (implicit) copy constructor.
|
|
template <typename U>
|
|
WeakPtr(const WeakPtr<U>& other) : WeakPtrBase(other), ptr_(other.ptr_) {}
|
|
|
|
T* get() const { return ref_.is_valid() ? ptr_ : NULL; }
|
|
|
|
T& operator*() const {
|
|
CHECK(ref_.is_valid());
|
|
return *get();
|
|
}
|
|
T* operator->() const {
|
|
CHECK(ref_.is_valid());
|
|
return get();
|
|
}
|
|
|
|
// Allow WeakPtr<element_type> to be used in boolean expressions, but not
|
|
// implicitly convertible to a real bool (which is dangerous).
|
|
//
|
|
// Note that this trick is only safe when the == and != operators
|
|
// are declared explicitly, as otherwise "weak_ptr1 == weak_ptr2"
|
|
// will compile but do the wrong thing (i.e., convert to Testable
|
|
// and then do the comparison).
|
|
private:
|
|
typedef T* WeakPtr::*Testable;
|
|
|
|
public:
|
|
operator Testable() const { return get() ? &WeakPtr::ptr_ : NULL; }
|
|
|
|
void reset() {
|
|
ref_ = cef_internal::WeakReference();
|
|
ptr_ = NULL;
|
|
}
|
|
|
|
private:
|
|
// Explicitly declare comparison operators as required by the bool
|
|
// trick, but keep them private.
|
|
template <class U>
|
|
bool operator==(WeakPtr<U> const&) const;
|
|
template <class U>
|
|
bool operator!=(WeakPtr<U> const&) const;
|
|
|
|
friend class cef_internal::SupportsWeakPtrBase;
|
|
template <typename U>
|
|
friend class WeakPtr;
|
|
friend class SupportsWeakPtr<T>;
|
|
friend class WeakPtrFactory<T>;
|
|
|
|
WeakPtr(const cef_internal::WeakReference& ref, T* ptr)
|
|
: WeakPtrBase(ref), ptr_(ptr) {}
|
|
|
|
// This pointer is only valid when ref_.is_valid() is true. Otherwise, its
|
|
// value is undefined (as opposed to NULL).
|
|
T* ptr_;
|
|
};
|
|
|
|
// A class may be composed of a WeakPtrFactory and thereby
|
|
// control how it exposes weak pointers to itself. This is helpful if you only
|
|
// need weak pointers within the implementation of a class. This class is also
|
|
// useful when working with primitive types. For example, you could have a
|
|
// WeakPtrFactory<bool> that is used to pass around a weak reference to a bool.
|
|
template <class T>
|
|
class WeakPtrFactory {
|
|
public:
|
|
explicit WeakPtrFactory(T* ptr) : ptr_(ptr) {}
|
|
|
|
~WeakPtrFactory() { ptr_ = NULL; }
|
|
|
|
WeakPtr<T> GetWeakPtr() {
|
|
DCHECK(ptr_);
|
|
return WeakPtr<T>(weak_reference_owner_.GetRef(), ptr_);
|
|
}
|
|
|
|
// Call this method to invalidate all existing weak pointers.
|
|
void InvalidateWeakPtrs() {
|
|
DCHECK(ptr_);
|
|
weak_reference_owner_.Invalidate();
|
|
}
|
|
|
|
// Call this method to determine if any weak pointers exist.
|
|
bool HasWeakPtrs() const {
|
|
DCHECK(ptr_);
|
|
return weak_reference_owner_.HasRefs();
|
|
}
|
|
|
|
private:
|
|
cef_internal::WeakReferenceOwner weak_reference_owner_;
|
|
T* ptr_;
|
|
DISALLOW_IMPLICIT_CONSTRUCTORS(WeakPtrFactory);
|
|
};
|
|
|
|
// A class may extend from SupportsWeakPtr to let others take weak pointers to
|
|
// it. This avoids the class itself implementing boilerplate to dispense weak
|
|
// pointers. However, since SupportsWeakPtr's destructor won't invalidate
|
|
// weak pointers to the class until after the derived class' members have been
|
|
// destroyed, its use can lead to subtle use-after-destroy issues.
|
|
template <class T>
|
|
class SupportsWeakPtr : public cef_internal::SupportsWeakPtrBase {
|
|
public:
|
|
SupportsWeakPtr() {}
|
|
|
|
WeakPtr<T> AsWeakPtr() {
|
|
return WeakPtr<T>(weak_reference_owner_.GetRef(), static_cast<T*>(this));
|
|
}
|
|
|
|
protected:
|
|
~SupportsWeakPtr() {}
|
|
|
|
private:
|
|
cef_internal::WeakReferenceOwner weak_reference_owner_;
|
|
DISALLOW_COPY_AND_ASSIGN(SupportsWeakPtr);
|
|
};
|
|
|
|
// Helper function that uses type deduction to safely return a WeakPtr<Derived>
|
|
// when Derived doesn't directly extend SupportsWeakPtr<Derived>, instead it
|
|
// extends a Base that extends SupportsWeakPtr<Base>.
|
|
//
|
|
// EXAMPLE:
|
|
// class Base : public base::SupportsWeakPtr<Producer> {};
|
|
// class Derived : public Base {};
|
|
//
|
|
// Derived derived;
|
|
// base::WeakPtr<Derived> ptr = base::AsWeakPtr(&derived);
|
|
//
|
|
// Note that the following doesn't work (invalid type conversion) since
|
|
// Derived::AsWeakPtr() is WeakPtr<Base> SupportsWeakPtr<Base>::AsWeakPtr(),
|
|
// and there's no way to safely cast WeakPtr<Base> to WeakPtr<Derived> at
|
|
// the caller.
|
|
//
|
|
// base::WeakPtr<Derived> ptr = derived.AsWeakPtr(); // Fails.
|
|
|
|
template <typename Derived>
|
|
WeakPtr<Derived> AsWeakPtr(Derived* t) {
|
|
return cef_internal::SupportsWeakPtrBase::StaticAsWeakPtr<Derived>(t);
|
|
}
|
|
|
|
} // namespace base
|
|
|
|
#endif // !USING_CHROMIUM_INCLUDES
|
|
|
|
#endif // CEF_INCLUDE_BASE_CEF_WEAK_PTR_H_
|