// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef BASE_MEMORY_SAFE_REF_H_ #define BASE_MEMORY_SAFE_REF_H_ #include <compare> #include <concepts> #include <utility> #include "base/check.h" #include "base/memory/safe_ref_traits.h" #include "base/memory/weak_ptr.h" namespace base { // SafeRef smart pointers are used to represent a non-owning pointer to an // object, where the pointer is always intended to be valid. These are useful in // the same cases that a raw pointer `T*` (or a `T&`) would traditionally be // used, as the owner of the SafeRef knows the lifetime of the pointed-to object // from other means and will not use the pointer after the pointed-to object is // destroyed. However, unlike a `T*` or `T&`, a logic bug will manifest as a // benign crash instead of as a Use-after-Free. // // SafeRef pointers cannot be null (as expressed by the "Ref" suffix instead of // "Ptr"). A SafeRef can be wrapped in an std::optional if it should not always // point to something valid. (A SafePtr sibling type can be introduced if this // is problematic, or if consuming moves are needed!) // // If code wants to track the lifetime of the object directly through its // pointer, and dynamically handle the case of the pointer outliving the object // it points to, then base::WeakPtr should be used instead. // // The SafeRef pointer is constructed from a base::WeakPtrFactory's GetSafeRef() // method. Since it is tied to the base::WeakPtrFactory, it will consider its // pointee invalid when the base::WeakPtrFactory is invalidated, in the same way // as base::WeakPtr does, including after a call to InvalidateWeakPtrs(). // // SafeRefTraits are only meant to mark SafeRefs that were found to be dangling, // thus one should not use this flag to disable dangling pointer detection on // SafeRef. This parameter is set to SafeRefTraits::kEmpty by default. // // THREAD SAFETY: SafeRef pointers (like base::WeakPtr) may only be used on the // sequence (or thread) where the associated base::WeakPtrFactory will be // invalidated and/or destroyed. They are safe to passively hold or to destroy // on any thread though. // // This class is expected to one day be replaced by a more flexible and safe // smart pointer abstraction which is not tied to base::WeakPtrFactory, such as // raw_ptr<T> from the MiraclePtr project (though perhaps a non-nullable raw_ref // equivalent). template <typename T, SafeRefTraits Traits /*= SafeRefTraits::kEmpty*/> class SafeRef { … }; namespace internal { template <typename T> SafeRef<T> MakeSafeRefFromWeakPtrInternals(internal::WeakReference&& ref, T* ptr) { … } } // namespace internal } // namespace base #endif // BASE_MEMORY_SAFE_REF_H_
Codebase Browser
chromium