Bug 1294537 - introduce a non-null-checking placement operator new; r=sunfish,nbp
authorNathan Froyd <froydnj@gmail.com>
Fri, 12 Aug 2016 22:43:49 -0400
changeset 352835 e3608df9fe09f509a8fe62be0cd6743151e4f7a3
parent 352834 f67dc612d5a69c4b9ddf72bd31ffac2310d220a4
child 352836 ee721407a44afb26541d386c21c002a5b61a826b
push id1324
push usermtabara@mozilla.com
push dateMon, 16 Jan 2017 13:07:44 +0000
treeherdermozilla-release@a01c49833940 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssunfish, nbp
bugs1294537
milestone51.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1294537 - introduce a non-null-checking placement operator new; r=sunfish,nbp The default placement operator new is defined to always require that its result be null-checked. A sufficiently smart compiler can remove this check, but not all compilers are sufficiently smart. Better to have a custom placement operator new that will remove null checks in a way defined by the standard.
js/src/jit/JitAllocPolicy.h
mfbt/OperatorNewExtensions.h
mfbt/Vector.h
mfbt/moz.build
--- a/js/src/jit/JitAllocPolicy.h
+++ b/js/src/jit/JitAllocPolicy.h
@@ -4,16 +4,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef jit_JitAllocPolicy_h
 #define jit_JitAllocPolicy_h
 
 #include "mozilla/Attributes.h"
 #include "mozilla/GuardObjects.h"
+#include "mozilla/OperatorNewExtensions.h"
 #include "mozilla/TypeTraits.h"
 
 #include "jscntxt.h"
 
 #include "ds/LifoAlloc.h"
 #include "jit/InlineList.h"
 #include "jit/Ion.h"
 
@@ -161,16 +162,23 @@ struct TempObject
         return alloc.allocateInfallible(nbytes);
     }
     template <class T>
     inline void* operator new(size_t nbytes, T* pos) {
         static_assert(mozilla::IsConvertible<T*, TempObject*>::value,
                       "Placement new argument type must inherit from TempObject");
         return pos;
     }
+    template <class T>
+    inline void* operator new(size_t nbytes, mozilla::NotNullTag, T* pos) {
+        static_assert(mozilla::IsConvertible<T*, TempObject*>::value,
+                      "Placement new argument type must inherit from TempObject");
+        MOZ_ASSERT(pos);
+        return pos;
+    }        
 };
 
 template <typename T>
 class TempObjectPool
 {
     TempAllocator* alloc_;
     InlineForwardList<T> freed_;
 
new file mode 100644
--- /dev/null
+++ b/mfbt/OperatorNewExtensions.h
@@ -0,0 +1,53 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* A version of |operator new| that eschews mandatory null-checks. */
+
+#ifndef mozilla_OperatorNewExtensions_h
+#define mozilla_OperatorNewExtensions_h
+
+#include "mozilla/Assertions.h"
+#include "mozilla/Attributes.h"
+
+// Credit goes to WebKit for this implementation, cf.
+// https://bugs.webkit.org/show_bug.cgi?id=74676
+namespace mozilla {
+enum NotNullTag {
+  KnownNotNull,
+};
+} // namespace mozilla
+
+/*
+ * The logic here is a little subtle.  [expr.new] states that if the allocation
+ * function being called returns null, then object initialization must not be
+ * done, and the entirety of the new expression must return null.  Non-throwing
+ * (noexcept) functions are defined to return null to indicate failure.  The
+ * standard placement operator new is defined in such a way, and so it requires
+ * a null check, even when that null check would be extraneous.  Functions
+ * declared without such a specification are defined to throw std::bad_alloc if
+ * they fail, and return a non-null pointer otherwise.  We compile without
+ * exceptions, so any placement new overload we define that doesn't declare
+ * itself as noexcept must therefore avoid generating a null check.  Below is
+ * just such an overload.
+ *
+ * You might think that MOZ_NONNULL might perform the same function, but
+ * MOZ_NONNULL isn't supported on all of our compilers, and even when it is
+ * supported, doesn't work on all the versions we support.  And even keeping
+ * those limitations in mind, we can't put MOZ_NONNULL on the global,
+ * standardized placement new function in any event.
+ *
+ * We do, however, add MOZ_NONNULL here for the potential benefit of static
+ * analysis tools that understand such annotations.
+ */
+MOZ_NONNULL(3)
+inline void*
+operator new(size_t, mozilla::NotNullTag, void* p)
+{
+  MOZ_ASSERT(p);
+  return p;
+}
+
+#endif // mozilla_OperatorNewExtensions_h
--- a/mfbt/Vector.h
+++ b/mfbt/Vector.h
@@ -12,16 +12,17 @@
 #include "mozilla/Alignment.h"
 #include "mozilla/AllocPolicy.h"
 #include "mozilla/ArrayUtils.h" // for PointerRangeSize
 #include "mozilla/Assertions.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/MathAlgorithms.h"
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/Move.h"
+#include "mozilla/OperatorNewExtensions.h"
 #include "mozilla/ReentrancyGuard.h"
 #include "mozilla/TemplateLib.h"
 #include "mozilla/TypeTraits.h"
 
 #include <new> // for placement new
 
 /* Silence dire "bugs in previous versions of MSVC have been fixed" warnings */
 #ifdef _MSC_VER
@@ -57,17 +58,17 @@ struct VectorImpl
 {
   /*
    * Constructs an object in the uninitialized memory at *aDst with aArgs.
    */
   template<typename... Args>
   MOZ_NONNULL(1)
   static inline void new_(T* aDst, Args&&... aArgs)
   {
-    new(aDst) T(Forward<Args>(aArgs)...);
+    new(KnownNotNull, aDst) T(Forward<Args>(aArgs)...);
   }
 
   /* Destroys constructed objects in the range [aBegin, aEnd). */
   static inline void destroy(T* aBegin, T* aEnd)
   {
     MOZ_ASSERT(aBegin <= aEnd);
     for (T* p = aBegin; p < aEnd; ++p) {
       p->~T();
@@ -814,17 +815,17 @@ Vector<T, N, AllocPolicy>::Vector(Vector
 
 /* Move assignment. */
 template<typename T, size_t N, class AP>
 MOZ_ALWAYS_INLINE Vector<T, N, AP>&
 Vector<T, N, AP>::operator=(Vector&& aRhs)
 {
   MOZ_ASSERT(this != &aRhs, "self-move assignment is prohibited");
   this->~Vector();
-  new(this) Vector(Move(aRhs));
+  new(KnownNotNull, this) Vector(Move(aRhs));
   return *this;
 }
 
 template<typename T, size_t N, class AP>
 MOZ_ALWAYS_INLINE
 Vector<T, N, AP>::~Vector()
 {
   MOZ_REENTRANCY_GUARD_ET_AL;
--- a/mfbt/moz.build
+++ b/mfbt/moz.build
@@ -58,16 +58,17 @@ EXPORTS.mozilla = [
     'Maybe.h',
     'MaybeOneOf.h',
     'MemoryChecking.h',
     'MemoryReporting.h',
     'Move.h',
     'NotNull.h',
     'NullPtr.h',
     'Opaque.h',
+    'OperatorNewExtensions.h',
     'Pair.h',
     'PodOperations.h',
     'Poison.h',
     'Range.h',
     'RangedArray.h',
     'RangedPtr.h',
     'ReentrancyGuard.h',
     'RefCounted.h',