[webkit-dev] Lets use PassRefPtr for arguments less; lets use RefPtr for locals and data members more

Ryosuke Niwa rniwa at webkit.org
Sun Jun 19 14:03:20 PDT 2011


On Sun, Jun 19, 2011 at 12:48 PM, Darin Adler <darin at apple.com> wrote:
>
> > Con (of abandoning PassRefPtr for function arguments entirely):
>
> >     Possible accidental freed memory access bugs.
>
> I think the reverse of this Con is one of the stronger Pro arguments for
> using PassRefPtr even more for arguments rather than my proposal to use it
> less. Object lifetime mistakes are much less likely when raw pointers are
> kept to an absolute minimum. I thought about this when reviewing the design
> of Automatic Reference Counting. The ARC design largely eliminates raw
> pointers for Objective-C objects.
>

One of the most common security bugs I have seen in editing is that we keep
a raw pointer to a node and call some helper method that modifies DOM
(therefore invoking scripts).

I'm sometimes tempted to replace all instances of Node* in the editing
component by RefPtr/PassRefPtr.

- Ryosuke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20110619/0857da4b/attachment.html>


More information about the webkit-dev mailing list