5204c32ad6
Resize() is not similar to realloc() in that it allocates a new object when passed a nullptr object. Avoid corner cases around Resize(nullptr, size) where size may be problematic if non-null by just requiring a valid object. The caller can perform the necesary nullptr check. Bug: chromium:1056170 Change-Id: Ic05972ae67c2968fc3eb002a6302b44e56b41ab4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752147 Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73336}
74 lines
2.4 KiB
C++
74 lines
2.4 KiB
C++
// Copyright 2021 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef INCLUDE_CPPGC_EXPLICIT_MANAGEMENT_H_
|
|
#define INCLUDE_CPPGC_EXPLICIT_MANAGEMENT_H_
|
|
|
|
#include <cstddef>
|
|
|
|
#include "cppgc/allocation.h"
|
|
#include "cppgc/internal/logging.h"
|
|
#include "cppgc/type-traits.h"
|
|
|
|
namespace cppgc {
|
|
namespace internal {
|
|
|
|
V8_EXPORT void FreeUnreferencedObject(void*);
|
|
V8_EXPORT bool Resize(void*, size_t);
|
|
|
|
} // namespace internal
|
|
|
|
namespace subtle {
|
|
|
|
/**
|
|
* Informs the garbage collector that `object` can be immediately reclaimed. The
|
|
* destructor may not be invoked immediately but only on next garbage
|
|
* collection.
|
|
*
|
|
* It is up to the embedder to guarantee that no other object holds a reference
|
|
* to `object` after calling `FreeUnreferencedObject()`. In case such a
|
|
* reference exists, it's use results in a use-after-free.
|
|
*
|
|
* \param object Reference to an object that is of type `GarbageCollected` and
|
|
* should be immediately reclaimed.
|
|
*/
|
|
template <typename T>
|
|
void FreeUnreferencedObject(T* object) {
|
|
static_assert(IsGarbageCollectedTypeV<T>,
|
|
"Object must be of type GarbageCollected.");
|
|
if (!object) return;
|
|
internal::FreeUnreferencedObject(object);
|
|
}
|
|
|
|
/**
|
|
* Tries to resize `object` of type `T` with additional bytes on top of
|
|
* sizeof(T). Resizing is only useful with trailing inlined storage, see e.g.
|
|
* `MakeGarbageCollected(AllocationHandle&, AdditionalBytes)`.
|
|
*
|
|
* `Resize()` performs growing or shrinking as needed and may skip the operation
|
|
* for internal reasons, see return value.
|
|
*
|
|
* It is up to the embedder to guarantee that in case of shrinking a larger
|
|
* object down, the reclaimed area is not used anymore. Any subsequent use
|
|
* results in a use-after-free.
|
|
*
|
|
* \param object Reference to an object that is of type `GarbageCollected` and
|
|
* should be resized.
|
|
* \param additional_bytes Bytes in addition to sizeof(T) that the object should
|
|
* provide.
|
|
* \returns true when the operation was successful and the result can be relied
|
|
* on, and false otherwise.
|
|
*/
|
|
template <typename T>
|
|
bool Resize(T& object, AdditionalBytes additional_bytes) {
|
|
static_assert(IsGarbageCollectedTypeV<T>,
|
|
"Object must be of type GarbageCollected.");
|
|
return internal::Resize(&object, sizeof(T) + additional_bytes.value);
|
|
}
|
|
|
|
} // namespace subtle
|
|
} // namespace cppgc
|
|
|
|
#endif // INCLUDE_CPPGC_EXPLICIT_MANAGEMENT_H_
|