1 files changed, 121 insertions, 0 deletions
diff --git a/core/fxcrt/unowned_ptr.h b/core/fxcrt/unowned_ptr.h
new file mode 100644
index 0000000000..012af3ddf7
--- /dev/null
+++ b/core/fxcrt/unowned_ptr.h
@@ -0,0 +1,121 @@
+// Copyright 2017 PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CORE_FXCRT_UNOWNED_PTR_H_
+#define CORE_FXCRT_UNOWNED_PTR_H_
+
+#include <functional>
+#include <memory>
+#include <type_traits>
+#include <utility>
+
+// UnownedPtr is a smart pointer class that behaves very much like a
+// standard C-style pointer. The advantages of using it over raw
+// pointers are:
+//
+// 1. It documents the nature of the pointer with no need to add a comment
+//    explaining that is it // Not owned. Additionally, an attempt to delete
+//    an unowned ptr will fail to compile rather than silently succeeding,
+//    since it is a class and not a raw pointer.
+//
+// 2. When built for a memory tool like ASAN, the class provides a destructor
+//    which checks that the object being pointed to is still alive.
+//
+// Hence, when using UnownedPtr, no dangling pointers are ever permitted,
+// even if they are not de-referenced after becoming dangling. The style of
+// programming required is that the lifetime an object containing an
+// UnownedPtr must be strictly less than the object to which it points.
+//
+// The same checks are also performed at assignment time to prove that the
+// old value was not a dangling pointer, either.
+//
+// The array indexing operation [] is not supported on an unowned ptr,
+// because an unowned ptr expresses a one to one relationship with some
+// other heap object.
+
+namespace fxcrt {
+
+template <class T>
+class UnownedPtr {
+ public:
+  UnownedPtr() {}
+  UnownedPtr(const UnownedPtr& that) : UnownedPtr(that.Get()) {}
+
+  template <typename U>
+  explicit UnownedPtr(U* pObj) : m_pObj(pObj) {}
+
+  // Deliberately implicit to allow returning nullptrs.
+  // NOLINTNEXTLINE(runtime/explicit)
+  UnownedPtr(std::nullptr_t ptr) {}
+
+  ~UnownedPtr() { ProbeForLowSeverityLifetimeIssue(); }
+
+  UnownedPtr& operator=(T* that) {
+    ProbeForLowSeverityLifetimeIssue();
+    m_pObj = that;
+    return *this;
+  }
+
+  UnownedPtr& operator=(const UnownedPtr& that) {
+    ProbeForLowSeverityLifetimeIssue();
+    if (*this != that)
+      m_pObj = that.Get();
+    return *this;
+  }
+
+  bool operator==(const UnownedPtr& that) const { return Get() == that.Get(); }
+  bool operator!=(const UnownedPtr& that) const { return !(*this == that); }
+  bool operator<(const UnownedPtr& that) const {
+    return std::less<T*>()(Get(), that.Get());
+  }
+
+  template <typename U>
+  bool operator==(const U* that) const {
+    return Get() == that;
+  }
+
+  template <typename U>
+  bool operator!=(const U* that) const {
+    return !(*this == that);
+  }
+
+  T* Get() const { return m_pObj; }
+
+  T* Release() {
+    ProbeForLowSeverityLifetimeIssue();
+    T* pTemp = nullptr;
+    std::swap(pTemp, m_pObj);
+    return pTemp;
+  }
+
+  explicit operator bool() const { return !!m_pObj; }
+  T& operator*() const { return *m_pObj; }
+  T* operator->() const { return m_pObj; }
+
+ private:
+  inline void ProbeForLowSeverityLifetimeIssue() {
+#if defined(MEMORY_TOOL_REPLACES_ALLOCATOR)
+    if (m_pObj)
+      reinterpret_cast<const volatile uint8_t*>(m_pObj)[0];
+#endif
+  }
+
+  T* m_pObj = nullptr;
+};
+
+template <typename T, typename U>
+inline bool operator==(const U* lhs, const UnownedPtr<T>& rhs) {
+  return rhs == lhs;
+}
+
+template <typename T, typename U>
+inline bool operator!=(const U* lhs, const UnownedPtr<T>& rhs) {
+  return rhs != lhs;
+}
+
+}  // namespace fxcrt
+
+using fxcrt::UnownedPtr;
+
+#endif  // CORE_FXCRT_UNOWNED_PTR_H_