Commit Graph

31 Commits

Author SHA1 Message Date
Andreas Kling
a4b4b358ff AK+Kernel: Remove one_ref_left() footgun
This mechanism was unsafe to use in any multithreaded context, since
the hook function was invoked on a raw pointer *after* decrementing
the local ref count.

Since we don't use it for anything anymore, let's just get rid of it.
2022-01-11 01:12:16 +01:00
Andreas Kling
0e70759271 AK: Unbreak ref counting hooks in RefCounted
Same fix as 5871072ed3, but for userspace
this time. Regressed in c4a0f01b02.
2022-01-08 19:38:00 +01:00
Andreas Kling
c4a0f01b02 AK+Kernel: Use requires expression when invoking ref counting hooks
Replace some old-school template trickery with C++20 requires. :^)
2022-01-08 16:31:14 +01:00
Andrew Kaster
7014d37dd6 AK+Kernel: Suppress clang-tidy warnings from the cert-* category
cert-dcl50-cpp: No variadic functions, suppressed in RefCounted and
ThreadSafeRefCounted for implementing the magic one_ref_left and
will_be_destroyed functions.

cert-dcl58-cpp: No opening ::std, suppressed in the places we put names
in ::std to aid tools (move, forward, nullptr_t, align_val_t, etc).
2021-11-14 22:52:35 +01:00
Andreas Kling
77f72c7cfe AK: Always inline the RefCountedBase functions 2021-10-08 22:11:39 +02:00
Andreas Kling
5b1f697460 AK+Kernel: Make automatically locking RefPtr & co a kernel-only thing
Some time ago, automatic locking was added to the AK smart pointers to
paper over various race conditions in the kernel. Until we've actually
solved the issues in the kernel, we're stuck with the locking.

However, we don't need to punish single-threaded userspace programs with
the high cost of locking. This patch moves the thread-safe variants of
RefPtr, NonnullRefPtr, WeakPtr and RefCounted into Kernel/Library/.
2021-10-07 19:27:30 +02:00
Andreas Kling
90c7307c6c AK: Pull RefCountedBase into the global namespace 2021-08-15 12:44:35 +02:00
Gunnar Beutner
ed0068d04d AK: Allow inlining ref-count functionality
Previously we'd incur the costs for a function call via the PLT even
for the most trivial ref-count actions like increasing/decreasing the
reference count.

By moving the code to the header file we allow the compiler to inline
this code into the caller's function.
2021-06-03 08:06:51 +02:00
Andreas Kling
66f3ec687b AK: Move RefCountedBase definitions out-of-line
This dramatically reduces code size since we no longer inline all these
VERIFY() checks everywhere. Appears to be performance neutral.
2021-05-29 20:18:57 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Andreas Kling
5d180d1f99 Everywhere: Rename ASSERT => VERIFY
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)

Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.

We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
2021-02-23 20:56:54 +01:00
Lenny Maiorani
e6f907a155 AK: Simplify constructors and conversions from nullptr_t
Problem:
- Many constructors are defined as `{}` rather than using the ` =
  default` compiler-provided constructor.
- Some types provide an implicit conversion operator from `nullptr_t`
  instead of requiring the caller to default construct. This violates
  the C++ Core Guidelines suggestion to declare single-argument
  constructors explicit
  (https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c46-by-default-declare-single-argument-constructors-explicit).

Solution:
- Change default constructors to use the compiler-provided default
  constructor.
- Remove implicit conversion operators from `nullptr_t` and change
  usage to enforce type consistency without conversion.
2021-01-12 09:11:45 +01:00
Tom
a6c459dd29 AK: Decorate RefCountedBase::try_ref with nodiscard
Because try_ref only increments the ref count if it returned true,
it is important that any caller properly acts upon the return value.
2021-01-04 19:13:52 +01:00
Tom
54eeb8ee9a AK: Fix a race condition with WeakPtr<T>::strong_ref and destruction
Since RefPtr<T> decrements the ref counter to 0 and after that starts
destructing the object, there is a window where the ref count is 0
and the weak references have not been revoked.

Also change WeakLink to be able to obtain a strong reference
concurrently and block revoking instead, which should happen a lot
less often.

Fixes a problem observed in #4621
2020-12-31 00:39:43 +01:00
Andrew Kaster
6919639190 AK: Add test for the will_be_destroyed and one_ref_left magic functions
Fixes a regression introduced by 5c1b3ce. The commit description there
asserts that the changes allow calling will_be_destroyed and
one_ref_left, which are not required to be const qualified. The
implementation in fact does require the methods to be const qualified,
because we forgot to add the const_cast inside the decltypes :^)
2020-12-06 15:49:33 +01:00
Lenny Maiorani
f5ced347e6 AK: Prefer using instead of typedef
Problem:
- `typedef` is a keyword which comes from C and carries with it old
  syntax that is hard to read.
- Creating type aliases with the `using` keyword allows for easier
  future maintenance because it supports template syntax.
- There is inconsistent use of `typedef` vs `using`.

Solution:
- Use `clang-tidy`'s checker called `modernize-use-using` to update
  the syntax to use the newer syntax.
- Remove unused functions to make `clang-tidy` happy.
- This results in consistency within the codebase.
2020-11-12 10:19:04 +01:00
Tom
75f61fe3d9 AK: Make RefPtr, NonnullRefPtr, WeakPtr thread safe
This makes most operations thread safe, especially so that they
can safely be used in the Kernel. This includes obtaining a strong
reference from a weak reference, which now requires an explicit
call to WeakPtr::strong_ref(). Another major change is that
Weakable::make_weak_ref() may require the explicit target type.
Previously we used reinterpret_cast in WeakPtr, assuming that it
can be properly converted. But WeakPtr does not necessarily have
the knowledge to be able to do this. Instead, we now ask the class
itself to deliver a WeakPtr to the type that we want.

Also, WeakLink is no longer specific to a target type. The reason
for this is that we want to be able to safely convert e.g. WeakPtr<T>
to WeakPtr<U>, and before this we just reinterpret_cast the internal
WeakLink<T> to WeakLink<U>, which is a bold assumption that it would
actually produce the correct code. Instead, WeakLink now operates
on just a raw pointer and we only make those constructors/operators
available if we can verify that it can be safely cast.

In order to guarantee thread safety, we now use the least significant
bit in the pointer for locking purposes. This also means that only
properly aligned pointers can be used.
2020-11-10 19:11:52 +01:00
AnotherTest
060ddd2a7a AK: Really disallow making OwnPtrs from refcounted types
This looks at three things:
- if the type has a typedef `AllowOwnPtr', respect that
- if not, disallow construction if both of `ref()' and `unref()' are
  present.
Note that in the second case, if a type only defines `ref()' or only
defines `unref()', an OwnPtr can be created, as a RefPtr of that type
would be ill-formed.

Also marks a `Performance' to explicitly allow OwnPtrs.
2020-11-03 19:14:34 +01:00
Ben Wiederhake
9f7ec33180 Meta: Force semi-colon after MAKE_AK_NONXXXABLE()
Before, we had about these occurrence counts:
COPY: 13 without, 33 with
MOVE: 12 without, 28 with

Clearly, 'with' was the preferred way. However, this introduced double-semicolons
all over the place, and caused some warnings to trigger.

This patch *forces* the usage of a semi-colon when calling the macro,
by removing the semi-colon within the macro. (And thus also gets rid
of the double-semicolon.)
2020-08-27 10:12:04 +02:00
Sergey Bugaev
3ff651323c AK: Ensure RefCounted types are never copied or moved
Before this, it has been possible to assign a RefCounted object to another
RefCounted object. Hilariosly (or sadly), that copied the refcount among
the other fields, meaning the target value ended up with a wrong refcount.

Ensure this never happens by disallowing copies and moves for RefCounted types.
2020-06-12 16:08:45 +02:00
Sergey Bugaev
0ff3c1c34d AK: Assert refcount doesn't overflow
We don't really have a good way to prevent this kind of overflow,
but let's at least immediately panic in this case.
2020-06-12 16:08:45 +02:00
Sergey Bugaev
c80e657dda AK: Switch RefCounted to atomic refcounting
This fixes all sorts of race conditions, primarily in the kernel, where till
now it's been possible to obtain either double free or use-after-free by
exploiting refcounting races.
2020-06-12 16:08:45 +02:00
Sergey Bugaev
583108004c AK: Use unsigned int for refcount
And while fixing all the tests that look at ref_count(),
sneak in a fix for the test suite name.
2020-06-12 16:08:45 +02:00
Sergey Bugaev
0466810638 AK: Ensure we never use OwnPtr<> with RefCounted types 2020-06-12 16:08:45 +02:00
Andreas Kling
e10183a6c5 AK: Include Platform.h in RefCounted.h so we have ALWAYS_INLINE
Otherwise Lagom doesn't build on my host machine.
2020-05-20 14:13:39 +02:00
Sergey Bugaev
d2b500fbcb AK+Kernel: Help the compiler inline a bunch of trivial methods
If these methods get inlined, the compiler is able to statically eliminate most
of the assertions. Alas, it doesn't realize this, and believes inlining them to
be too expensive. So give it a strong hint that it's not the case.

This *decreases* the kernel binary size.
2020-05-20 14:11:13 +02:00
Itamar
5c1b3ce42e AK: Allow having ref counted pointers to const object
We allow the ref-counting parts of an object to be mutated even when the
object itself is a const.

An important detail is that we allow invoking 'will_be_destroyed' and
'one_ref_left', which are not required to be const qualified, on const
objects.
2020-04-20 17:25:50 +02:00
Liav A
8bdb08c354 AK: Apply changes for the Bootstrapper environment 2020-02-09 19:38:17 +01:00
Andreas Kling
3de5439579 AK: Let's call decrementing reference counts "unref" instead of "deref"
It always bothered me that we're using the overloaded "dereference"
term for this. Let's call it "unreference" instead. :^)
2020-01-23 15:14:21 +01:00
Andreas Kling
94ca55cefd Meta: Add license header to source files
As suggested by Joshua, this commit adds the 2-clause BSD license as a
comment block to the top of every source file.

For the first pass, I've just added myself for simplicity. I encourage
everyone to add themselves as copyright holders of any file they've
added or modified in some significant way. If I've added myself in
error somewhere, feel free to replace it with the appropriate copyright
holder instead.

Going forward, all new source files should include a license header.
2020-01-18 09:45:54 +01:00
Andreas Kling
d343fb2429 AK: Rename Retainable.h => RefCounted.h. 2019-06-21 18:58:45 +02:00