C++ in Zircon

A subset of the C++14 language is used in the Zircon tree. This includes both the upper layers of the kernel (above the lk layer), as well as some userspace code. In particular, Zircon does not use the C++ standard library, and many language features are not used or allowed.

Language features

• Not allowed
  • Exceptions
  • RTTI and dynamic_cast
  • Operator overloading
  • Default parameters
  • Virtual inheritance
  • Statically constructed objects
  • Trailing return type syntax
    • Exception: when necessary for lambdas with otherwise unutterable return types
  • Initializer lists
  • thread_local in kernel code
• Allowed
  • Pure interface inheritance
  • Lambdas
  • constexpr
  • nullptr
  • enum classes
  • templates
  • Plain old classes
  • auto
  • Multiple implementation inheritance
    • But be judicious. This is used widely for e.g. intrusive container mixins.
• Needs more ruling TODO(cpu)
  • Global constructors
    • Currently we have these for global data structures.

fbl

We have built our own template library, called fbl, to address our particular needs. This library is split into two parts:

1. system/ulib/fbl which is usable from both kernel and userspace.
2. kernel/lib/fbl which is usable only from the kernel.

fbl provides

• utility code
  • basic algorithms
  • integer type limits
  • type traits
  • atomics
  • alloc checking new
• allocators
  • slab allocation
  • slab malloc
• arrays
  • fixed sized arrays
  • fixed sized arrays, which stack allocates small arrays
• inline containers
  • doubly linked list
  • hash table
  • singly linked list
  • wavl trees
• smart pointers
  • intrusive refcounting mixin
  • intrusive refcounted pointer
  • unique pointer
• raii utilities
  • auto call to run code upon leaving scope
  • AutoLock

The standard operator new is assumed to either return valid memory or to throw std::bad_alloc. This policy is not suitable for the kernel. We also want to dynamically enforce that returns are explicitly checked. As such, fbl introduces our own operator new overload which takes a reference to an AllocChecker. If the status of the AllocChecker is not queried after the new expression, an assertion is raised. This lets us enforce that the return value is checked without having to reason about optimizations of the standard operator new in the presence of -fno-exceptions and so on.

zx

We have built a minimal C++ library around the various Zircon objects and syscalls called zx. zx is a minimal layer on top of zx_handle_t and the system calls, to provide handles with type safety and ownership semantics.

zxcpp

Some of our code runs in an environment which cannot include the standard C++ runtime environment. This environment includes symbols like __cxa_pure_virtual that are defined by the ABI and that the compiler expects to be ambient. The zxcpp library provides that dependency. It also includes the placement operator new overloads and, in userspace, the standard new and delete operators. Note that it does not include the similarly named __cxa_atexit, which in userspace must be provided by the libc. See extensive comments in musl's atexit implementation if you are curious.

This library is mutually exclusive of the standard C++ library.