gecko-dev/mfbt/RefCounted.h
Nika Layzell effc2ca999 Bug 1843568 - Part 3: Annotate nsIEventTarget as rust_sync, r=xpcom-reviewers,barret
All event targets should be threadsafe and implemented in C++, and so should be
able to be used in `Sync` types in Rust code.

This also required annotating all interfaces deriving from `nsIEventTarget`, as
well as adding some associated constants to specific types to indicate to the
static assertion that they have threadsafe reference counts.

Differential Revision: https://phabricator.services.mozilla.com/D183592
2023-07-20 17:39:03 +00:00

328 lines
11 KiB
C++

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* CRTP refcounting templates. Do not use unless you are an Expert. */
#ifndef mozilla_RefCounted_h
#define mozilla_RefCounted_h
#include <utility>
#include <type_traits>
#include "mozilla/AlreadyAddRefed.h"
#include "mozilla/Assertions.h"
#include "mozilla/Atomics.h"
#include "mozilla/Attributes.h"
#include "mozilla/RefCountType.h"
#ifdef __wasi__
# include "mozilla/WasiAtomic.h"
#else
# include <atomic>
#endif // __wasi__
#if defined(MOZILLA_INTERNAL_API)
# include "nsXPCOM.h"
#endif
#if defined(MOZILLA_INTERNAL_API) && defined(NS_BUILD_REFCNT_LOGGING)
# define MOZ_REFCOUNTED_LEAK_CHECKING
#endif
namespace mozilla {
/**
* RefCounted<T> is a sort of a "mixin" for a class T. RefCounted
* manages, well, refcounting for T, and because RefCounted is
* parameterized on T, RefCounted<T> can call T's destructor directly.
* This means T doesn't need to have a virtual dtor and so doesn't
* need a vtable.
*
* RefCounted<T> is created with refcount == 0. Newly-allocated
* RefCounted<T> must immediately be assigned to a RefPtr to make the
* refcount > 0. It's an error to allocate and free a bare
* RefCounted<T>, i.e. outside of the RefPtr machinery. Attempts to
* do so will abort DEBUG builds.
*
* Live RefCounted<T> have refcount > 0. The lifetime (refcounts) of
* live RefCounted<T> are controlled by RefPtr<T> and
* RefPtr<super/subclass of T>. Upon a transition from refcounted==1
* to 0, the RefCounted<T> "dies" and is destroyed. The "destroyed"
* state is represented in DEBUG builds by refcount==0xffffdead. This
* state distinguishes use-before-ref (refcount==0) from
* use-after-destroy (refcount==0xffffdead).
*
* Note that when deriving from RefCounted or AtomicRefCounted, you
* should add MOZ_DECLARE_REFCOUNTED_TYPENAME(ClassName) to the public
* section of your class, where ClassName is the name of your class.
*
* Note: SpiderMonkey should use js::RefCounted instead since that type
* will use appropriate js_delete and also not break ref-count logging.
*/
namespace detail {
const MozRefCountType DEAD = 0xffffdead;
// When building code that gets compiled into Gecko, try to use the
// trace-refcount leak logging facilities.
class RefCountLogger {
public:
// Called by `RefCounted`-like classes to log a successful AddRef call in the
// Gecko leak-logging system. This call is a no-op outside of Gecko. Should be
// called afer incrementing the reference count.
template <class T>
static void logAddRef(const T* aPointer, MozRefCountType aRefCount) {
#ifdef MOZ_REFCOUNTED_LEAK_CHECKING
const void* pointer = aPointer;
const char* typeName = aPointer->typeName();
uint32_t typeSize = aPointer->typeSize();
NS_LogAddRef(const_cast<void*>(pointer), aRefCount, typeName, typeSize);
#endif
}
// Created by `RefCounted`-like classes to log a successful Release call in
// the Gecko leak-logging system. The constructor should be invoked before the
// refcount is decremented to avoid invoking `typeName()` with a zero
// reference count. This call is a no-op outside of Gecko.
class MOZ_STACK_CLASS ReleaseLogger final {
public:
template <class T>
explicit ReleaseLogger(const T* aPointer)
#ifdef MOZ_REFCOUNTED_LEAK_CHECKING
: mPointer(aPointer),
mTypeName(aPointer->typeName())
#endif
{
}
void logRelease(MozRefCountType aRefCount) {
#ifdef MOZ_REFCOUNTED_LEAK_CHECKING
MOZ_ASSERT(aRefCount != DEAD);
NS_LogRelease(const_cast<void*>(mPointer), aRefCount, mTypeName);
#endif
}
#ifdef MOZ_REFCOUNTED_LEAK_CHECKING
const void* mPointer;
const char* mTypeName;
#endif
};
};
// This is used WeakPtr.h as well as this file.
enum RefCountAtomicity { AtomicRefCount, NonAtomicRefCount };
template <typename T, RefCountAtomicity Atomicity>
class RC {
public:
explicit RC(T aCount) : mValue(aCount) {}
RC(const RC&) = delete;
RC& operator=(const RC&) = delete;
RC(RC&&) = delete;
RC& operator=(RC&&) = delete;
T operator++() { return ++mValue; }
T operator--() { return --mValue; }
#ifdef DEBUG
void operator=(const T& aValue) { mValue = aValue; }
#endif
operator T() const { return mValue; }
private:
T mValue;
};
template <typename T>
class RC<T, AtomicRefCount> {
public:
explicit RC(T aCount) : mValue(aCount) {}
RC(const RC&) = delete;
RC& operator=(const RC&) = delete;
RC(RC&&) = delete;
RC& operator=(RC&&) = delete;
T operator++() {
// Memory synchronization is not required when incrementing a
// reference count. The first increment of a reference count on a
// thread is not important, since the first use of the object on a
// thread can happen before it. What is important is the transfer
// of the pointer to that thread, which may happen prior to the
// first increment on that thread. The necessary memory
// synchronization is done by the mechanism that transfers the
// pointer between threads.
return mValue.fetch_add(1, std::memory_order_relaxed) + 1;
}
T operator--() {
// Since this may be the last release on this thread, we need
// release semantics so that prior writes on this thread are visible
// to the thread that destroys the object when it reads mValue with
// acquire semantics.
T result = mValue.fetch_sub(1, std::memory_order_release) - 1;
if (result == 0) {
// We're going to destroy the object on this thread, so we need
// acquire semantics to synchronize with the memory released by
// the last release on other threads, that is, to ensure that
// writes prior to that release are now visible on this thread.
#if defined(MOZ_TSAN) || defined(__wasi__)
// TSan doesn't understand std::atomic_thread_fence, so in order
// to avoid a false positive for every time a refcounted object
// is deleted, we replace the fence with an atomic operation.
mValue.load(std::memory_order_acquire);
#else
std::atomic_thread_fence(std::memory_order_acquire);
#endif
}
return result;
}
#ifdef DEBUG
// This method is only called in debug builds, so we're not too concerned
// about its performance.
void operator=(const T& aValue) {
mValue.store(aValue, std::memory_order_seq_cst);
}
#endif
operator T() const {
// Use acquire semantics since we're not sure what the caller is
// doing.
return mValue.load(std::memory_order_acquire);
}
T IncrementIfNonzero() {
// This can be a relaxed load as any write of 0 that we observe will leave
// the field in a permanently zero (or `DEAD`) state (so a "stale" read of 0
// is fine), and any other value is confirmed by the CAS below.
//
// This roughly matches rust's Arc::upgrade implementation as of rust 1.49.0
T prev = mValue.load(std::memory_order_relaxed);
while (prev != 0) {
MOZ_ASSERT(prev != detail::DEAD,
"Cannot IncrementIfNonzero if marked as dead!");
// TODO: It may be possible to use relaxed success ordering here?
if (mValue.compare_exchange_weak(prev, prev + 1,
std::memory_order_acquire,
std::memory_order_relaxed)) {
return prev + 1;
}
}
return 0;
}
private:
std::atomic<T> mValue;
};
template <typename T, RefCountAtomicity Atomicity>
class RefCounted {
protected:
RefCounted() : mRefCnt(0) {}
#ifdef DEBUG
~RefCounted() { MOZ_ASSERT(mRefCnt == detail::DEAD); }
#endif
public:
// Compatibility with RefPtr.
void AddRef() const {
// Note: this method must be thread safe for AtomicRefCounted.
MOZ_ASSERT(int32_t(mRefCnt) >= 0);
MozRefCountType cnt = ++mRefCnt;
detail::RefCountLogger::logAddRef(static_cast<const T*>(this), cnt);
}
void Release() const {
// Note: this method must be thread safe for AtomicRefCounted.
MOZ_ASSERT(int32_t(mRefCnt) > 0);
detail::RefCountLogger::ReleaseLogger logger(static_cast<const T*>(this));
MozRefCountType cnt = --mRefCnt;
// Note: it's not safe to touch |this| after decrementing the refcount,
// except for below.
logger.logRelease(cnt);
if (0 == cnt) {
// Because we have atomically decremented the refcount above, only
// one thread can get a 0 count here, so as long as we can assume that
// everything else in the system is accessing this object through
// RefPtrs, it's safe to access |this| here.
#ifdef DEBUG
mRefCnt = detail::DEAD;
#endif
delete static_cast<const T*>(this);
}
}
using HasThreadSafeRefCnt =
std::integral_constant<bool, Atomicity == AtomicRefCount>;
// Compatibility with wtf::RefPtr.
void ref() { AddRef(); }
void deref() { Release(); }
MozRefCountType refCount() const { return mRefCnt; }
bool hasOneRef() const {
MOZ_ASSERT(mRefCnt > 0);
return mRefCnt == 1;
}
private:
mutable RC<MozRefCountType, Atomicity> mRefCnt;
};
#ifdef MOZ_REFCOUNTED_LEAK_CHECKING
// Passing override for the optional argument marks the typeName and
// typeSize functions defined by this macro as overrides.
# define MOZ_DECLARE_REFCOUNTED_VIRTUAL_TYPENAME(T, ...) \
virtual const char* typeName() const __VA_ARGS__ { return #T; } \
virtual size_t typeSize() const __VA_ARGS__ { return sizeof(*this); }
#else
# define MOZ_DECLARE_REFCOUNTED_VIRTUAL_TYPENAME(T, ...)
#endif
// Note that this macro is expanded unconditionally because it declares only
// two small inline functions which will hopefully get eliminated by the linker
// in non-leak-checking builds.
#define MOZ_DECLARE_REFCOUNTED_TYPENAME(T) \
const char* typeName() const { return #T; } \
size_t typeSize() const { return sizeof(*this); }
} // namespace detail
template <typename T>
class RefCounted : public detail::RefCounted<T, detail::NonAtomicRefCount> {
public:
~RefCounted() {
static_assert(std::is_base_of<RefCounted, T>::value,
"T must derive from RefCounted<T>");
}
};
namespace external {
/**
* AtomicRefCounted<T> is like RefCounted<T>, with an atomically updated
* reference counter.
*
* NOTE: Please do not use this class, use NS_INLINE_DECL_THREADSAFE_REFCOUNTING
* instead.
*/
template <typename T>
class AtomicRefCounted
: public mozilla::detail::RefCounted<T, mozilla::detail::AtomicRefCount> {
public:
~AtomicRefCounted() {
static_assert(std::is_base_of<AtomicRefCounted, T>::value,
"T must derive from AtomicRefCounted<T>");
}
};
} // namespace external
} // namespace mozilla
#endif // mozilla_RefCounted_h