[webkit-dev] Tightening up smart pointer usage rules

Adam Barth abarth at webkit.org
Mon Jun 28 14:14:23 PDT 2010 

Sounds great.  Let me know how I can help.

Do we need an exception for statics that we intend to leak at
shutdown?  Maybe leakPtr(new Foo)?

Adam


On Mon, Jun 28, 2010 at 1:39 PM, Darin Adler <darin at apple.com> wrote:
> Hi folks.
>
> I’d like to use our smart pointers more consistently to decrease the chances of memory leaks or other similar problems.
>
> My proposal is that we have a rule that all calls to "new" are immediately followed by putting the object into a smart pointer. The main types of smart pointer that matter for these purposes are:
>
>    RefPtr
>    OwnPtr
>    OwnArrayPtr
>
> Today, we put a new reference counted object into a RefPtr by calling adoptRef. The code looks something like this:
>
>    PassRefPtr<SharedObject> createSharedObject()
>    {
>        return adoptRef(new SharedObject);
>    }
>
> I propose we do the same thing with single ownership objects. It would look like this:
>
>    PassOwnPtr<SingleOwnerObject> createSingleOwnerObject()
>    {
>        return adoptPtr(new SingleOwnerObject);
>    }
>
> Then it would be a programming mistake to call new without immediately calling adoptPtr or adoptRef. As part of this effort I plan to do the following:
>
>    1) Add a debugging mode where we assert at runtime if we ref, deref, or destroy a RefCounted object before doing adoptRef. Tracked in <https://bugs.webkit.org/show_bug.cgi?id=27672>.
>
>    2) Add an adoptPtr function that returns a PassOwnPtr, and a releasePtr function that returns a raw pointer to the PassOwnPtr class.
>
>    3) Add a PassOwnArrayPtr with similar adoptArrayPtr and releaseArrayPtr functions.
>
>    4) Add a strict mode to PassOwnPtr and OwnPtr which removes OwnPtr::set entirely and removes the ability to construct a PassOwnPtr or OwnPtr from a raw pointer directly, making it a compile time error to forget to use adoptPtr.
>
>    5) Once everything compiles with the strict mode, make the strict mode the only mode.
>
>    6) Add validator rules that make invocation of the "new" operator legal only inside adoptRef and adoptPtr function calls.
>
> Code that used to say this:
>
>    OwnPtr<OtherObject> m_otherObject;
>    ...
>    m_otherObject.set(new OtherObject);
>
> Will now say this:
>
>    OwnPtr<OtherObject> m_otherObject;
>    ...
>    m_otherObject = adoptPtr(new OtherObject);
>
> And one thing that’s cool about that is it is quite natural for this to become:
>
>    OwnPtr<OtherObject> m_otherObject;
>    ...
>    m_otherObject = OtherObject::create();
>
> I thought I’d mention this to everyone on the list before getting doing significantly more work on this. I think it’s going to work well. Any questions or comments?
>
>    -- Darin
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>

More information about the webkit-dev mailing list