[webkit-dev] Checking allocation failures [was: Re: Naked new considered harmful]
Stephan Assmus
superstippi at gmx.de
Wed Aug 25 07:09:37 PDT 2010
Am 24.08.2010 19:46, schrieb Adam Barth:
> One thing Darin and I discussed at WWDC (yes, this email has been a
> long time coming) is better programming patterns to prevent memory
> leaks. As I'm sure you know, whenever you allocate a RefCounted
> object, you need to call adoptRef to prevent a memory leak by adopting
> the object's initial reference:
>
> adoptRef(new FancyRefCountedObject())
>
> We now have an ASSERT that enforces this programming pattern, so we
> should be able to catch errors pretty easily. Recently, Darin also
> introduced an analogous function for OwnPtr:
>
> adoptPtr(new NiftyNonRefCountedObject())
>
> What adoptPtr does is shove the newly allocated object into a
> PassOwnPtr, which together with OwnPtr, makes sure we don't leak the
> object. By using one of these two functions every time we call new,
> it's easy to see that we don't have any memory leaks. In the cases
> where we have an intentional memory leak (e.g., for a static), please
> use the leakPtr() member function to document the leak.
>
> In writing new code, please avoid using "naked" calls to new. If
> you're making an object that you expect to be heap-allocated, please
> add a "create" method, similar to the create method we use for
> RefCounted objects:
>
> static PassOwnPtr<NiftyNonRefCountedObject> create(ParamClass* param)
> {
> return adoptPtr(new NiftyNonRefCountedObject(param));
> }
>
> You should also make the constructor non-public so folks are forced to
> call the create method. (Of course, stack-allocated objects should
> have public constructors.)
>
> I'm going through WebCore and removing as many naked news and I can.
> At some point, we'll add a stylebot rule to flag violations for new
> code. If you'd like to help out, pick a directory and change all the
> calls to new to use adoptRef or adoptPtr, as appropriate.
this reminds me that I've always been wondering about checks for
allocation failure in WebCore (versus concerns about leaks). A plain
call to new may throw an std::bad_alloc exception. If this is not
considered, it may leave objects in an invalid state, even when using
objects such as RefPtr to wrap arround allocations. I don't remember any
specific place in the WebCore code where it would be a problem, I just
don't remember seeing any code that deals with allocation failures. Is
this a design choice somehow? If so, is there some online
documentation/discussion about it? (Tried to google it but found nothing...)
Best regards,
-Stephan
More information about the webkit-dev
mailing list