The Tor Browser / annotate

mfbt/GuardObjects.h@97036ab72558 (annotated)

mfbt/GuardObjects.h

Tue, 06 Jan 2015 21:39:09 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Tue, 06 Jan 2015 21:39:09 +0100
branch
TOR_BUG_9701
changeset 8
97036ab72558
permissions
-rw-r--r--

Conditionally force memory storage according to privacy.thirdparty.isolate;
This solves Tor bug #9701, complying with disk avoidance documented in
https://www.torproject.org/projects/torbrowser/design/#disk-avoidance.

michael@0 1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
michael@0 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
michael@0 3 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 6
michael@0 7 /* Implementation of macros to ensure correct use of RAII Auto* objects. */
michael@0 8
michael@0 9 #ifndef mozilla_GuardObjects_h
michael@0 10 #define mozilla_GuardObjects_h
michael@0 11
michael@0 12 #include "mozilla/Assertions.h"
michael@0 13 #include "mozilla/NullPtr.h"
michael@0 14 #include "mozilla/Types.h"
michael@0 15
michael@0 16 #ifdef __cplusplus
michael@0 17
michael@0 18 #ifdef DEBUG
michael@0 19
michael@0 20 namespace mozilla {
michael@0 21 namespace detail {
michael@0 22
michael@0 23 /*
michael@0 24 * The following classes are designed to cause assertions to detect
michael@0 25 * inadvertent use of guard objects as temporaries. In other words,
michael@0 26 * when we have a guard object whose only purpose is its constructor and
michael@0 27 * destructor (and is never otherwise referenced), the intended use
michael@0 28 * might be:
michael@0 29 *
michael@0 30 * AutoRestore savePainting(mIsPainting);
michael@0 31 *
michael@0 32 * but is is easy to accidentally write:
michael@0 33 *
michael@0 34 * AutoRestore(mIsPainting);
michael@0 35 *
michael@0 36 * which compiles just fine, but runs the destructor well before the
michael@0 37 * intended time.
michael@0 38 *
michael@0 39 * They work by adding (#ifdef DEBUG) an additional parameter to the
michael@0 40 * guard object's constructor, with a default value, so that users of
michael@0 41 * the guard object's API do not need to do anything. The default value
michael@0 42 * of this parameter is a temporary object. C++ (ISO/IEC 14882:1998),
michael@0 43 * section 12.2 [class.temporary], clauses 4 and 5 seem to assume a
michael@0 44 * guarantee that temporaries are destroyed in the reverse of their
michael@0 45 * construction order, but I actually can't find a statement that that
michael@0 46 * is true in the general case (beyond the two specific cases mentioned
michael@0 47 * there). However, it seems to be true.
michael@0 48 *
michael@0 49 * These classes are intended to be used only via the macros immediately
michael@0 50 * below them:
michael@0 51 *
michael@0 52 * MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER declares (ifdef DEBUG) a member
michael@0 53 * variable, and should be put where a declaration of a private
michael@0 54 * member variable would be placed.
michael@0 55 * MOZ_GUARD_OBJECT_NOTIFIER_PARAM should be placed at the end of the
michael@0 56 * parameters to each constructor of the guard object; it declares
michael@0 57 * (ifdef DEBUG) an additional parameter. (But use the *_ONLY_PARAM
michael@0 58 * variant for constructors that take no other parameters.)
michael@0 59 * MOZ_GUARD_OBJECT_NOTIFIER_PARAM_IN_IMPL should likewise be used in
michael@0 60 * the implementation of such constructors when they are not inline.
michael@0 61 * MOZ_GUARD_OBJECT_NOTIFIER_PARAM_TO_PARENT should be used in
michael@0 62 * the implementation of such constructors to pass the parameter to
michael@0 63 * a base class that also uses these macros
michael@0 64 * MOZ_GUARD_OBJECT_NOTIFIER_INIT is a statement that belongs in each
michael@0 65 * constructor. It uses the parameter declared by
michael@0 66 * MOZ_GUARD_OBJECT_NOTIFIER_PARAM.
michael@0 67 *
michael@0 68 * For more details, and examples of using these macros, see
michael@0 69 * https://developer.mozilla.org/en/Using_RAII_classes_in_Mozilla
michael@0 70 */
michael@0 71 class GuardObjectNotifier
michael@0 72 {
michael@0 73 private:
michael@0 74 bool* statementDone;
michael@0 75
michael@0 76 public:
michael@0 77 GuardObjectNotifier() : statementDone(nullptr) { }
michael@0 78
michael@0 79 ~GuardObjectNotifier() {
michael@0 80 *statementDone = true;
michael@0 81 }
michael@0 82
michael@0 83 void setStatementDone(bool* statementIsDone) {
michael@0 84 statementDone = statementIsDone;
michael@0 85 }
michael@0 86 };
michael@0 87
michael@0 88 class GuardObjectNotificationReceiver
michael@0 89 {
michael@0 90 private:
michael@0 91 bool statementDone;
michael@0 92
michael@0 93 public:
michael@0 94 GuardObjectNotificationReceiver() : statementDone(false) { }
michael@0 95
michael@0 96 ~GuardObjectNotificationReceiver() {
michael@0 97 /*
michael@0 98 * Assert that the guard object was not used as a temporary. (Note that
michael@0 99 * this assert might also fire if init is not called because the guard
michael@0 100 * object's implementation is not using the above macros correctly.)
michael@0 101 */
michael@0 102 MOZ_ASSERT(statementDone);
michael@0 103 }
michael@0 104
michael@0 105 void init(const GuardObjectNotifier& constNotifier) {
michael@0 106 /*
michael@0 107 * constNotifier is passed as a const reference so that we can pass a
michael@0 108 * temporary, but we really intend it as non-const.
michael@0 109 */
michael@0 110 GuardObjectNotifier& notifier = const_cast<GuardObjectNotifier&>(constNotifier);
michael@0 111 notifier.setStatementDone(&statementDone);
michael@0 112 }
michael@0 113 };
michael@0 114
michael@0 115 } /* namespace detail */
michael@0 116 } /* namespace mozilla */
michael@0 117
michael@0 118 #endif /* DEBUG */
michael@0 119
michael@0 120 #ifdef DEBUG
michael@0 121 # define MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER \
michael@0 122 mozilla::detail::GuardObjectNotificationReceiver _mCheckNotUsedAsTemporary;
michael@0 123 # define MOZ_GUARD_OBJECT_NOTIFIER_PARAM \
michael@0 124 , const mozilla::detail::GuardObjectNotifier& _notifier = \
michael@0 125 mozilla::detail::GuardObjectNotifier()
michael@0 126 # define MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM \
michael@0 127 const mozilla::detail::GuardObjectNotifier& _notifier = \
michael@0 128 mozilla::detail::GuardObjectNotifier()
michael@0 129 # define MOZ_GUARD_OBJECT_NOTIFIER_PARAM_IN_IMPL \
michael@0 130 , const mozilla::detail::GuardObjectNotifier& _notifier
michael@0 131 # define MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_IN_IMPL \
michael@0 132 const mozilla::detail::GuardObjectNotifier& _notifier
michael@0 133 # define MOZ_GUARD_OBJECT_NOTIFIER_PARAM_TO_PARENT \
michael@0 134 , _notifier
michael@0 135 # define MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_TO_PARENT \
michael@0 136 _notifier
michael@0 137 # define MOZ_GUARD_OBJECT_NOTIFIER_INIT \
michael@0 138 do { _mCheckNotUsedAsTemporary.init(_notifier); } while (0)
michael@0 139 #else
michael@0 140 # define MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
michael@0 141 # define MOZ_GUARD_OBJECT_NOTIFIER_PARAM
michael@0 142 # define MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM
michael@0 143 # define MOZ_GUARD_OBJECT_NOTIFIER_PARAM_IN_IMPL
michael@0 144 # define MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_IN_IMPL
michael@0 145 # define MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_TO_PARENT
michael@0 146 # define MOZ_GUARD_OBJECT_NOTIFIER_PARAM_TO_PARENT
michael@0 147 # define MOZ_GUARD_OBJECT_NOTIFIER_INIT do { } while (0)
michael@0 148 #endif
michael@0 149
michael@0 150 #endif /* __cplusplus */
michael@0 151
michael@0 152 #endif /* mozilla_GuardObjects_h */

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial