Closed Bug 104346 Opened 23 years ago Closed 14 years ago

need |nsRefPtr|

Categories

(Core :: XPCOM, defect, P1)

Product:
Core
Component:
XPCOM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Future

People

(Reporter: dbaron, Assigned: dbaron)

References

Details

(Whiteboard: [patch])

Attachments

(9 files, 6 obsolete files)

fancy version (don't try this at home), to be abandoned
5.91 KB, text/plain
Details
Tests that the previous code passes, with gcc3
2.02 KB, text/plain
Details
work in progress (works fine on gcc 3.0.1!)
27.12 KB, patch
Details | Diff | Splinter Review
patch to tests to go along with attachment 111746
15.27 KB, patch
Details | Diff | Splinter Review
a version of nsAutoPtr.h based on nsCOMPtr
35.17 KB, text/plain
Details
patch against attachment 111884 to fix msvc bustage
522 bytes, patch
Details | Diff | Splinter Review
remove operator= and add reset() v3
12.94 KB, patch
dbaron
: review-
Details | Diff | Splinter Review
patch to nsDerivedSafe
563 bytes, patch
jag+mozilla
: review+
dbaron
: superreview+
Details | Diff | Splinter Review
attempt to fix otaku bustage
4.68 KB, patch
bbaetz
: review+
bryner
: superreview+
Details | Diff | Splinter Review 
We need a refcounting smart pointer that doesn't require inheritance from
nsISupports so that people don't overuse COM just because they want a refcount
and they like nsCOMPtr.  (See bug 104336.)

I'll attach an experimental implementation I was playing with and a test that
actually works on gcc3.  And then I'll start over from scratch (and from
nsCOMPtr.h) later to write something that we could really consider checking in.
Target Milestone: --- → mozilla0.9.6
should that topic be about nsAutoPtr? ;-) Though there is no impl file, should
this go into glue? Or not depend on glue, doubling already_AddRefed, or 
getting it out of nsCOMPtr.h?
There's no need for it to be in glue since it's entirely inlined.
Target Milestone: mozilla0.9.6 → mozilla0.9.7
Status: NEW → ASSIGNED
Nice start, but looks to me like these classes are a little too lean.

The project on which I am currently working has all of these types of pointers, 
but our implementations also cover the following:

	T& operator*() const
		{
		assert(p!=NULL);
		return *p;
		}
	T * operator->() const
		{
		assert(p!=NULL);
		return p;
		}
	//The assert on operator& usually indicates a bug.  If this is really
	//what is needed, however, take the address of the p member explicitly.
	T** operator&()
		{
		assert(p==NULL);
		return &p;
		}
	bool operator!() const
		{
		return (p == NULL);
		}
	bool operator<(T* pT) const
		{
		return p < pT;
		}
	bool operator==(T* pT) const
		{
		return p == pT;
		}
	bool operator!=(T* pT) const
		{
		return p != pT;
		}
	T* Detach()
		{
		T* pt = p;
		p = NULL;
		return pt;
		}

The first 3 are mostly just debug help over what you have today. On #3 though, 
I notice that you force the use of 'begin_assign' instead, which, I guess, 
seems okay, but it looks to me like it leaks:

T** begin_assignment() { mPtr = 0; return &mPtr; }

My #3 above asserts that the pointer is NULL, and you just set it to NULL.  
What if mPtr is already holding a pointer to allocated memory?  You haven't 
freed it.

The boolean operators are useful, since they make converting existing pointer 
code the an auto-pointer easier, and less prone to introduction of new bugs or 
compiler errors that need to be fixed.

And finally, a Detach method seems crucial for times when you want to release 
the auto-pointer from responsibility for freeing the object, because you are 
transfering that responsibility to another class or function.
Many of those operators you mention should be handled by implicit conversion --
I've yet to test whether that actually works across compilers.

Instead of |Detach| I used |release|, as std::auto_ptr does.

That is a mistake in begin_assignment -- I was thinking |*this = 0|.  I hadn't
tested that yet, though.

I should also probably make operator& private as for nsCOMPtr.
Yup.  All but '>' work on my compiler.

I don't see 'release' in the posted patch, but perhaps I am just not good at 
reading these yet.  The term would get pretty overloaded on the nsRefPtr, I'd 
imagine, where release should imply a ref count decrement.

Given the ref counting issue, we use 'release' to 'free' (either by 
decrementing, deleting, or freeing), and 'detach' to remove the pointer 
without 'freeing'.

There's a newer version checked in to the tree.  There is no |release| on
nsRefPtr.  Perhaps it needs a |swap| like the patch for nsCOMPtr in bug 78016.
Target Milestone: mozilla0.9.7 → mozilla0.9.8
Target Milestone: mozilla0.9.8 → mozilla0.9.7
-> 0.9.8
Target Milestone: mozilla0.9.7 → mozilla0.9.8
r=jag on what's currently in the tree.
Target Milestone: mozilla0.9.8 → mozilla0.9.9
Target Milestone: mozilla0.9.9 → mozilla1.1
Target Milestone: mozilla1.1alpha → Future
I want to use nsRefPtr<> on a COM object (it implements nsIDocumentObserver) so
that I don't have to create an interface and IID for the concrete class.  I have
found that I can use an nsCOMPtr<> in the meantime (since I only implement one
interface) but I'll try switching on nsRefPtr<> first since I think that's
really what I'm trying to do.  It turns out I don't need operator-> but I'll
test that anyway.

Any chance we can make nsCOMPtr<T> extend from nsRefPtr<T>?  It seems like they
have mostly the same purpose (nsRefPtr<T> just has *extra* stuff) and we could
save some lines of code that way (and obscure bugs--copying implementations from
nsCOMPtr save us the headache of repeating history).  The specialized
nsCOMPtr<nsISupports> is the only thing I'm worried about there.  Some kind of
funkiness is going on extending from nsCOMPtr_base.  Anyhow, I'll give this a
shot.  At the least, I think nsRefPtr method implementations should look like
nsCOMPtr's do, whether that means changing nsRefPtr or changing nsCOMPtr :)

Finally, should we comment out everything else in nsAutoPtr.h (nsAutoPtr<T>,
nsAutoArrayPtr<T> and nsMemoryAutoPtr<T>) or is this a "include one, include
all" thing?  I think until we need them we should #if 0 out the other classes.
Messing with nsCOMPtr that much is scary and, in my opinion, unnecessary.
hmmm, why write our own if we can use the pointers from boost?
i might have a look at finishing this. One bug i found was that nsRefPtr needs
to "NS_IF_ADDREF" rather then "NS_ADDREF", i.e. it needs to nullcheck before
calling Addref/Release
all begin_assignment needs to exit() the current pointer before returning.
Attached patch fixes a few random things (obsolete) — Splinter Review 
This fixes:
* comment 15 and comment 16
* make nsRefPtr return nsDeriviedSafe to protect against addreffing and
  releasing an nsRefPtr
* fixes a typo in nsMemoryAutoPtr::operator=
* removes the implementations of all operator& since they should not be called


There are a few things i'm pondering:
1. Scott raises a good question on if we should be doing our own implementation

   at all. There are two things i don't like with boost
   a) They keep the refcount outside the object. Their pointer therefor bigger
      then 4 bytes, and they have an extra heap-allocated object for each
      refcounted object to keep the count.
   b) AFAICT there is no way to get an equivalent to nsMemoryAutoPtr with
boost.
      How big of a loss this is I don't know.
   If we can live with these things, or if it would be worth using boost for
the
   other pointertypes, I don't know.
   
2. Should we really have |operator=| and |operator T*| on the autoptrs. On one
   hand we do on nsRefPtr and nsCOMPtr, but it seems easier to forget to call 
   .release() on an autoptr and crash. Maybe it's the |operator T*| that is
   dangerous, if the only way to get the pointer was through .get() and
   .release() then people might be less likly to accidently get the pointer
   without properly managing the ownership.
   If we decide not to have |operator=| we should probably not have
   |getter_Transfers| either.

3. |explicit| on the ctors seems like a nice thing to have. If we have an
   operator=(T*) then that should be enough to get |nsAutoPtr<T> ptr = foo;| to

   compile. This is of course related to the previous point.
I believe there was a very good reason std::auto_ptr didn't provide an opertor
=(T*); Unfortunately I don't remember the reason, just that there was one.

And there's issues to deal with protecting const pointers. And some of the
solutions may not be supported across the wide variety platforms we work on.

Also, if we're going to do something different than what std::auto_ptr does, you
might think about changing the name.

As far as the reference counted pointers go. A friend of mine created a template
implementation that allowed the user to decide how the reference counting system
was implemented. This allowed us to handle both intrusive and passive ref
counting mechanisms. It could be a little edgy on templates for our uses, but I
don't think it would be. In addition to the type of pointer, we had an
additional template parameter which was the class to implement the ref counting.
This essentially would allow all ref counting code to be based of the same base
template, whether it was XPCOM or regular pointer, or some other system. I'd
have to sit down and remember the full implementation. It's been like 4 years ago.




I need this for some deCOMtamination work I'm doing.  Any chance we can come to
a decision on this and get nsRefPtr turned on?
1. Comment #14 and Comment #17 couldn't we use the stuff that fits our needs? I
don't know about licensing issues and such, though.
2. Why is this in XPCOM? What does it have to do with XPCOM?
Skimming I noticed the assignment operators for most if not all the class are
not self assignment safe. They also don't take into account you could be
assigning the same pointer value but using two different pointer class
instances. In both these cases you'll end up with class holding pointers to dead
objects.

So I think there's some work to be done even if we use the interfaces provided.
(it still makes me nervous to allow conventions that other implementations have
disallowed to avoid accidental misuse, such as non-explicit constructors and
assignment operators taking pointer types)


Since bryner wants to be able to use something quickly, here's a version of
nsAutoPtr.h based on nsCOMPtr, which is something that we know works and meets
our portability requirements.
This is a patch to TestAutoPtr.  It compiles with the above patch.

However, a bunch of the tests fail, mostly related to casting to base classes
(perhaps only dealing with equality).  I still haven't investigated why.
This one passes the equality tests, at least with gcc 3.2.1.

I think I'd like to check in these changes (to nsAutoPtr and to the tests) so
we can test this on multiple platforms.  Does that seem reasonable?
Attachment #111746 - Attachment is obsolete: true
Also, what do you think about the name |forget()|?  People didn't like the use
of |release()| as in the standard auto_ptr since we use |Release()| for
something else.  |drop()| was also suggested above, I think, but I just happened
to think of |forget()| and like it.
Also, we should probably port the equality fixes to nsCOMPtr (although I
actually worry such comparisons may not compile cross-platform).
Visual C++ doesn't quite like this:

../../dist/include/xpcom\nsAutoPtr.h(1059) : error C2440: 'reinterpret_cast' : 
cannot convert from 'const class TestRefObject *' to 'class 
nsDerivedSafe<class TestRefObject const > *'
        ../../dist/include/xpcom\nsAutoPtr.h(1058) : while compiling class-
template member function 'class nsDerivedSafe<class TestRefObject const > 
*__thiscall
 nsRefPtr<class TestRefObject const >::get(void) const'
make[1]: *** [TestAutoPtr.obj] Error 2
Blocks: 114713
Just a note, it looks like nsCOMPtr may go the with swap instead of a 'forget'
type function. Thought I'd mention in case you want to keep the two in sync or
have other ideas.
Attached patch remove operator= and add reset() (obsolete) — Splinter Review 
This patch removes the potentially harmful operator= and introduces a
reset-method instead. It allows

myAutoPtr.reset();
myAutoPtr.reset(myRawPtr);
myAutoPtr.reset(myOtherAutoPtr);

It also removes getter_Transfers() since it is pretty much as dangerous as
operator=. I'm a little unsure about removing it though feel free to speak up
if you want it to stick around. The new way of doing the same is

Foo* rawptr
obj->GetFoo(&rawptr);
nsAutoPtr<Foo> ptr(rawptr);

or

nsAutoPtr<Foo> ptr;
...
Foo* rawptr
obj->GetFoo(&rawptr);
ptr.reset(rawptr);

I also made all ctors explicit. (should the empty ctor be explicit?)
Attachment #110185 - Attachment is obsolete: true
Does |TestAutoPtr| still work with this patch?
This includes neccesary changes to make TestAutoPtr.cpp build on windows. It
also adds some more tests.

There are two things that i find strange:

1. The following compiles even though the ctor taking a raw-pointer is
explicit:

   nsAutoPtr<TestObject> TestObjectFactory()
   {
       return new TestObject;
   }

   Not that i see a great risk in this, i just found it a bit strange and
thought
   it'd be best to get tested on all platforms

2. I had to make the ctor taking an nsAutoPtr be *not* explicit. Otherwise I
   could not get functions like:
   void Sink(nsAutoPtr<TestObject> aObject);
   to compile, no matter how i tried to call it. I kept getting a compileerror
   saying "cannot convert parameter 1 from 'class nsAutoPtr<TestObject>' to
   'class nsAutoPtr<TestObject>'. No copy constructor supplied"
   nsAutoPtr<TestObject>"
Attachment #113346 - Attachment is obsolete: true
one thing i thought about if we really really want |getter_Transfers| is to
force a syntax like

nsAutoPtr<Foo> foo;
...
getFoo(getter_Transfers(foo.reset());

that way it should be apparent to anyone that whatever foo is pointing to is
deleted. I would prefer removing getter_Transfers entierly though.
I'm comfortable with removing getter_Transfers entirely.  In fact, now that you
mention it, I'm strongly in favor of removing it entirely.
exactly the same as the above but with an additional test that simulates
out-of-memory
Attachment #113368 - Attachment is obsolete: true
Attachment #113368 - Attachment is obsolete: false
Attachment #113368 - Flags: review?(dbaron)
Comment on attachment 113556 [details] [diff] [review]
remove operator= and add reset() v3

cool. Then i propose that we go with this interface.
Attachment #113556 - Flags: review?(dbaron)
I think adding explicit to the default constructor has no meaning. And why not
just remove the default constructor and use the T * constructor with a default
of null. explicit nsAutoPtr(T * aRawPtr = 0);
I'm not sure that nsAutoPtr(T * aRawPtr = 0) would work across all compilers.
nsCOMPtr has separate ctors
There's a potential problem on platforms where HAVE_CPP_ACCESS_CHANGING_USING
is not defined.  The fact that nsDerivedSafe declares AddRef and Release as
virtual functions can change the object layout, since they may be non-virtual
on the template class.	There's really no _need_ for them to be marked virtual
on nsDerivedSafe (a call to them won't compile anyway!) so this patch removes
the virtual.
Attachment #114729 - Flags: review?(dbaron)
Comment on attachment 114729 [details] [diff] [review]
patch to nsDerivedSafe

There *might* be an issue with this on Windows because of the calling
convention stuff hidden in |NS_IMETHOD_|.  (|virtual| should be implied when
the method is |virtual| on the base class.)  Did you test on Windows?
yeah, i compiled and ran on windows and things appeared to be fine.
Comment on attachment 114729 [details] [diff] [review]
patch to nsDerivedSafe

Scott, what do you think?
Attachment #114729 - Flags: superreview?(dbaron)
Attachment #114729 - Flags: review?(scc)
Attachment #114729 - Flags: review?(dbaron)
Attachment #114729 - Flags: superreview?(dbaron) → superreview+
Comment on attachment 114729 [details] [diff] [review]
patch to nsDerivedSafe

r=jag.
Attachment #114729 - Flags: review?(scc) → review+
Comment on attachment 115277 [details] [diff] [review]
attempt to fix otaku bustage

r=bbaetz
Attachment #115277 - Flags: review+
Attachment #115277 - Flags: superreview+
dbaron, i'll leave it up to you whether this bug should be resolved as fixed now.
IMHO we should still check in the interface change in attachment 113556 [details] [diff] [review]. It
makes the interface "safer" and more similar to other smart-pointer
implementations out there.

Bug 185797 (huge rewrite of the XSLT part of transformiix) is very dependant on
nsAutoPtr. If we're going to go with the current interface i'd like to know so
that i can start using it as is. Right now i'm waiting for the patch to be
checked in so that i can start using it.
I don't think I'm the person that put those modifiers on there.  I think that
was a fix for some platform horkage.  My advice is to make sure you try building
on the compilers that use that hunk with your changes.
Comment on attachment 113556 [details] [diff] [review]
remove operator= and add reset() v3

Removing getter_Transfers is a good idea.  I'm not so sure about the operator=
changes -- is the idea to make it so that you can't use |=| syntax?  What about
compiler generated operator=?  Do the same things compile and not compile
across platforms?
Yes, the idea is that the |=| syntax since it might not be obvious that the old
object will be deleted (though I forgot to make a private non-implemented one).
It's code like this that I want to avoid:

nsAutoPtr<Foo> foo(new Foo);
...
Foo* old = foo;
foo = getFoo();
...
old->useFoo();


It is IMHO not apparant that this will crash due to the first Foo being deleted
when |foo| gets a new value. So the idea is to force

nsAutoPtr<Foo> foo(new Foo);
...
foo.reset(getFoo());

which should make it more apparent that the old value gets deleted. This is the
same reason that I wanted to get rid of getter_Transfers, that it isn't apparent
that the old value will unmercifully be deleted.

Looking at scoped_ptr from boost and auto_ptr from stl it seems like they
instead protect against this be not having an |operator T*()| but instead force
you to call .get(). Though scoped_ptr doesn't have an operator= either.


The same things should compile across all platforms. I added every possible
thing I could think of to TestAutoPtr.cpp so as long as that behaves properly it
should work.
So on OS X I get the following compilation error for
    nsAutoPtr<foo> bar = new foo();

no matching function for call to `nsAutoPtr<T>::nsAutoPtr(nsAutoPtr<T>)'
candidates are: nsAutoPtr<T>::nsAutoPtr(nsAutoPtr<T>&) [with T = foo]
                nsAutoPtr<T>::nsAutoPtr(T*) [with T = foo]
initializing temporary from result of `nsAutoPtr<T>::nsAutoPtr(T*) [with T = foo]'
i've started using nsAutoPtr and am more and more convinced that we should get
rid of the operator=. Even in cases where you do want the old value to be
deleted it is pretty unclear that it actually is. For example in functions like

void
txStylesheetCompilerState::popChooseGotoList()
{
    // this will delete the old value
    mChooseGotoList = popObject();
}

i've found that i always end up commenting that the old value is deleted. It
would IMHO look much better as

void
txStylesheetCompilerState::popChooseGotoList()
{
    mChooseGotoList.reset(popObject());
}

David: you mentioned that you were worried that we would have cross-platform
issues with my patch. Could you explain what you suspect would/wouldn't compile
where? I'd happily try out different things on neccesary platforms.
I'm worried that if you remove operator= then using operator= (but not in the
ctor, like peterv used it) will compile on some platforms and not others. 
Although the ctor case matters to.  We need to make things so that we're as
close as possible to having the same set of things compile across platforms.
I also find the reset syntax a bit clumsy, especially when dealing with member
variables.  Furthermore, I don't think people have had a problem with nsCOMPtr
and realizing that the object can't be accessed once the nsCOMPtr holds another
value.
another thing we should protect against is constructing an nsAutoPtr<A> from an
nsAutoPtr<B> (where B inherits A). For example in constructs like

class B : public A {
};

void sink(nsAutoPtr<A> aItem) {
}


  nsAutoPtr<B> b = new B;
  sink(b);
should either not compile, or it should behave like
  nsAutoPtr<A> a = new A;
  sink(a);
i.e. pass the value to the sink and then loose its value.
Attached patch patch to remove getter_Transfers (obsolete) — Splinter Review 
This subsumes part of attachment 113556 [details] [diff] [review], and I'd like to get it in sooner
rather than later.
Comment on attachment 113556 [details] [diff] [review]
remove operator= and add reset() v3

Marking review- pending testing that this doesn't make the set of things that
compile inconsistent between platforms.  Also note that the test functions like

+nsAutoPtr<TestObject> TestObjectFactory()
+{
+    return new TestObject;
+}

won't compile on gcc3, since they give the error (at least without the
nsAutoPtr.h changes, and I expect with them as well):

/builds/trunk/mozilla/xpcom/tests/TestAutoPtr.cpp: In function
`nsAutoPtr<TestObject> TestObjectFactory()':
/builds/trunk/mozilla/xpcom/tests/TestAutoPtr.cpp:57: error: no matching
function for call to `nsAutoPtr<TestObject>::nsAutoPtr(nsAutoPtr<TestObject>)'
../../dist/include/xpcom/nsAutoPtr.h:93: error: candidates are:
nsAutoPtr<T>::nsAutoPtr(nsAutoPtr<T>&) [with T = TestObject]
../../dist/include/xpcom/nsAutoPtr.h:87: error: 	       
nsAutoPtr<T>::nsAutoPtr(T*) [with T = TestObject]
/builds/trunk/mozilla/xpcom/tests/TestAutoPtr.cpp:57: error:   initializing
temporary from result of `nsAutoPtr<T>::nsAutoPtr(T*) [with T = TestObject]'
Attachment #113556 - Flags: review?(dbaron) → review-
Attached patch patch to remove getter_Transfers (obsolete) — Splinter Review 
This one also removes |begin_assignment| from nsRefPtr as cleanup that should
have happened when I fixed some build bustage before that was caused by having
the non-inlined function in the header.
Attachment #125243 - Flags: superreview?(jaggernaut)
Attachment #125243 - Flags: review?(bugmail)
Comment on attachment 125243 [details] [diff] [review]
patch to remove getter_Transfers

Oh, and I'll also remove |CreateTestObject| from TestAutoPtr.cpp since this
makes it unused, but I won't bother attaching a new patch just for that.
Comment on attachment 125243 [details] [diff] [review]
patch to remove getter_Transfers

Oh, never mind, transformix is using StartAssignment directly.
Attachment #125243 - Flags: superreview?(jaggernaut)
Attachment #125243 - Flags: superreview-
Attachment #125243 - Flags: review?(bugmail)
Attachment #125243 - Flags: review-
Attachment #125243 - Attachment is obsolete: true
Attachment #125243 - Flags: superreview-
Attachment #125243 - Flags: review-
Can't we just change those two places in Transformiix where we use
StartAssignment to something else?
Is it needed?  What I wanted to remove would remove the ability to do that kind
of thing entirely in any way other than casting and knowing what the internals
are.  (However, either way, you shouldn't be using |StartAssignment| directly.)
Yeah, i wasn't sure if using StartAssignment was a good idea. I had a gut
feeling it wasn't. However it performed exactly the functionality that I wanted
so in a weird way it kinda made sense to use it.

What I had was a class-member that is an nsAutoPointer, and I need to get a
pointer to the internal rawpointer in there. Is there a preffered way to do
this, or is that what getter_Transfers is for.

Anyhow, we need a way to get a pointer to the internal pointer, and that
function should probably delete+nullify the internal value. Personally I like
.StartAssignment() better since it better describes what actually happens, but
OTOH getter_Transfers is closer to getter_AddRefs so I guess it makes more sense.

David, i'm not sure what you mean with "casting and knowing what the internals
are", do you mean that I should do |&mFirstInstruction.mRawPtr|?

I'm perfectly fine with using any of
mNextInstrPtr = &mFirstInstruction.mRawPtr;
mNextInstrPtr = getter_Transfers(mFirstInstruction);
or
mNextInstrPtr = mFirstInstruction.StartAssignment();
QA Contact: scc → xpcom
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: