FTL: Add invariant for non-null pointers
Upcasting is not supported for now.
Bug: 185536303
Test: ftl_test
Change-Id: Id37d3e9a4a794291417405eb2a8a300a9d2bfe72
diff --git a/include/ftl/non_null.h b/include/ftl/non_null.h
new file mode 100644
index 0000000..35d09d7
--- /dev/null
+++ b/include/ftl/non_null.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <cstdlib>
+#include <type_traits>
+#include <utility>
+
+namespace android::ftl {
+
+// Enforces and documents non-null pre/post-condition for (raw or smart) pointers.
+//
+// void get_length(const ftl::NonNull<std::shared_ptr<std::string>>& string_ptr,
+// ftl::NonNull<std::size_t*> length_ptr) {
+// // No need for `nullptr` checks.
+// *length_ptr = string_ptr->length();
+// }
+//
+// const auto string_ptr = ftl::as_non_null(std::make_shared<std::string>("android"));
+// std::size_t size;
+// get_length(string_ptr, ftl::as_non_null(&size));
+// assert(size == 7u);
+//
+// For compatibility with std::unique_ptr<T> and performance with std::shared_ptr<T>, move
+// operations are allowed despite breaking the invariant:
+//
+// using Pair = std::pair<ftl::NonNull<std::shared_ptr<int>>, std::shared_ptr<int>>;
+//
+// Pair dupe_if(ftl::NonNull<std::unique_ptr<int>> non_null_ptr, bool condition) {
+// // Move the underlying pointer out, so `non_null_ptr` must not be accessed after this point.
+// auto unique_ptr = std::move(non_null_ptr).take();
+//
+// auto non_null_shared_ptr = ftl::as_non_null(std::shared_ptr<int>(std::move(unique_ptr)));
+// auto nullable_shared_ptr = condition ? non_null_shared_ptr.get() : nullptr;
+//
+// return {std::move(non_null_shared_ptr), std::move(nullable_shared_ptr)};
+// }
+//
+// auto ptr = ftl::as_non_null(std::make_unique<int>(42));
+// const auto [ptr1, ptr2] = dupe_if(std::move(ptr), true);
+// assert(ptr1.get() == ptr2);
+//
+template <typename Pointer>
+class NonNull final {
+ struct Passkey {};
+
+ public:
+ // Disallow `nullptr` explicitly for clear compilation errors.
+ NonNull() = delete;
+ NonNull(std::nullptr_t) = delete;
+
+ // Copy operations.
+
+ constexpr NonNull(const NonNull&) = default;
+ constexpr NonNull& operator=(const NonNull&) = default;
+
+ constexpr const Pointer& get() const { return pointer_; }
+ constexpr explicit operator const Pointer&() const { return get(); }
+
+ // Move operations. These break the invariant, so care must be taken to avoid subsequent access.
+
+ constexpr NonNull(NonNull&&) = default;
+ constexpr NonNull& operator=(NonNull&&) = default;
+
+ constexpr Pointer take() && { return std::move(pointer_); }
+ constexpr explicit operator Pointer() && { return take(); }
+
+ // Dereferencing.
+ constexpr decltype(auto) operator*() const { return *get(); }
+ constexpr decltype(auto) operator->() const { return get(); }
+
+ // Private constructor for ftl::as_non_null. Excluded from candidate constructors for conversions
+ // through the passkey idiom, for clear compilation errors.
+ template <typename P>
+ constexpr NonNull(Passkey, P&& pointer) : pointer_(std::forward<P>(pointer)) {
+ if (!pointer_) std::abort();
+ }
+
+ private:
+ template <typename P>
+ friend constexpr auto as_non_null(P&&) -> NonNull<std::decay_t<P>>;
+
+ Pointer pointer_;
+};
+
+template <typename P>
+constexpr auto as_non_null(P&& pointer) -> NonNull<std::decay_t<P>> {
+ using Passkey = typename NonNull<std::decay_t<P>>::Passkey;
+ return {Passkey{}, std::forward<P>(pointer)};
+}
+
+template <typename P, typename Q>
+constexpr bool operator==(const NonNull<P>& lhs, const NonNull<Q>& rhs) {
+ return lhs.get() == rhs.get();
+}
+
+template <typename P, typename Q>
+constexpr bool operator!=(const NonNull<P>& lhs, const NonNull<Q>& rhs) {
+ return !operator==(lhs, rhs);
+}
+
+} // namespace android::ftl
diff --git a/libs/ftl/Android.bp b/libs/ftl/Android.bp
index c1945fd..81113bc 100644
--- a/libs/ftl/Android.bp
+++ b/libs/ftl/Android.bp
@@ -22,6 +22,7 @@
"flags_test.cpp",
"future_test.cpp",
"match_test.cpp",
+ "non_null_test.cpp",
"optional_test.cpp",
"small_map_test.cpp",
"small_vector_test.cpp",
diff --git a/libs/ftl/non_null_test.cpp b/libs/ftl/non_null_test.cpp
new file mode 100644
index 0000000..bd0462b
--- /dev/null
+++ b/libs/ftl/non_null_test.cpp
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <ftl/non_null.h>
+#include <gtest/gtest.h>
+
+#include <memory>
+#include <string>
+#include <string_view>
+
+namespace android::test {
+namespace {
+
+void get_length(const ftl::NonNull<std::shared_ptr<std::string>>& string_ptr,
+ ftl::NonNull<std::size_t*> length_ptr) {
+ // No need for `nullptr` checks.
+ *length_ptr = string_ptr->length();
+}
+
+using Pair = std::pair<ftl::NonNull<std::shared_ptr<int>>, std::shared_ptr<int>>;
+
+Pair dupe_if(ftl::NonNull<std::unique_ptr<int>> non_null_ptr, bool condition) {
+ // Move the underlying pointer out, so `non_null_ptr` must not be accessed after this point.
+ auto unique_ptr = std::move(non_null_ptr).take();
+
+ auto non_null_shared_ptr = ftl::as_non_null(std::shared_ptr<int>(std::move(unique_ptr)));
+ auto nullable_shared_ptr = condition ? non_null_shared_ptr.get() : nullptr;
+
+ return {std::move(non_null_shared_ptr), std::move(nullable_shared_ptr)};
+}
+
+} // namespace
+
+// Keep in sync with example usage in header file.
+TEST(NonNull, Example) {
+ const auto string_ptr = ftl::as_non_null(std::make_shared<std::string>("android"));
+ std::size_t size;
+ get_length(string_ptr, ftl::as_non_null(&size));
+ EXPECT_EQ(size, 7u);
+
+ auto ptr = ftl::as_non_null(std::make_unique<int>(42));
+ const auto [ptr1, ptr2] = dupe_if(std::move(ptr), true);
+ EXPECT_EQ(ptr1.get(), ptr2);
+}
+
+namespace {
+
+constexpr std::string_view kApple = "apple";
+constexpr std::string_view kOrange = "orange";
+
+using StringViewPtr = ftl::NonNull<const std::string_view*>;
+constexpr StringViewPtr kApplePtr = ftl::as_non_null(&kApple);
+constexpr StringViewPtr kOrangePtr = ftl::as_non_null(&kOrange);
+
+constexpr StringViewPtr longest(StringViewPtr ptr1, StringViewPtr ptr2) {
+ return ptr1->length() > ptr2->length() ? ptr1 : ptr2;
+}
+
+static_assert(longest(kApplePtr, kOrangePtr) == kOrangePtr);
+
+} // namespace
+} // namespace android::test