|  | # C++ in Zircon | 
|  |  | 
|  | A subset of the C++14 language is used in the Zircon tree. This | 
|  | includes both the upper layers of the kernel (above the lk layer), as | 
|  | well as some userspace code. In particular, Zircon does not use the | 
|  | C++ standard library, and many language features are not used or | 
|  | allowed. | 
|  |  | 
|  | ## Language features | 
|  |  | 
|  | - Not allowed | 
|  | - Exceptions | 
|  | - RTTI and `dynamic_cast` | 
|  | - Operator overloading | 
|  | - Virtual inheritance | 
|  | - Statically constructed objects | 
|  | - Trailing return type syntax | 
|  | - Exception: when necessary for lambdas with otherwise unutterable return types | 
|  | - Initializer lists | 
|  | - `thread_local` in kernel code | 
|  | - Allowed | 
|  | - Pure interface inheritance | 
|  | - Lambdas | 
|  | - `constexpr` | 
|  | - `nullptr` | 
|  | - `enum class`es | 
|  | - `template`s | 
|  | - Default parameters | 
|  | - But use judgment. One optional out parameter at the end is | 
|  | probably fine. Four optional bool arguments, probably not. | 
|  | - Plain old classes | 
|  | - `auto` | 
|  | - Multiple implementation inheritance | 
|  | - But be judicious. This is used widely for e.g. intrusive | 
|  | container mixins. | 
|  | - Needs more ruling TODO(cpu) | 
|  | - Global constructors | 
|  | - Currently we have these for global data structures. | 
|  |  | 
|  | ## fbl | 
|  | We have built our own template library, called *fbl*, to | 
|  | address our particular needs. This library is split into two parts: | 
|  |  | 
|  | 1. [system/ulib/fbl](../system/ulib/fbl) which is usable from both | 
|  | kernel and userspace. | 
|  | 2. [kernel/lib/fbl](../kernel/lib/fbl) which is usable only from | 
|  | the kernel. | 
|  |  | 
|  | *fbl* provides | 
|  |  | 
|  | - utility code | 
|  | - [basic algorithms](../system/ulib/fbl/include/fbl/algorithm.h) | 
|  | - [integer type limits](../system/ulib/fbl/include/fbl/limits.h) | 
|  | - [type traits](../system/ulib/fbl/include/fbl/type_support.h) | 
|  | - [atomics](../system/ulib/fbl/include/fbl/atomic.h) | 
|  | - [alloc checking new](../system/ulib/fbl/include/fbl/alloc_checker.h) | 
|  | - allocators | 
|  | - [slab allocation](../system/ulib/fbl/include/fbl/slab_allocator.h) | 
|  | - [slab malloc](../system/ulib/fbl/include/fbl/slab_malloc.h) | 
|  | - arrays | 
|  | - [fixed sized arrays](../system/ulib/fbl/include/fbl/array.h) | 
|  | - [fixed sized arrays](../kernel/lib/fbl/include/fbl/inline_array.h), | 
|  | which stack allocates small arrays | 
|  | - inline containers | 
|  | - [doubly linked list](../system/ulib/fbl/include/fbl/intrusive_double_list.h) | 
|  | - [hash table](../system/ulib/fbl/include/fbl/intrusive_hash_table.h) | 
|  | - [singly linked list](../system/ulib/fbl/include/fbl/intrusive_single_list.h) | 
|  | - [wavl trees](../system/ulib/fbl/include/fbl/intrusive_wavl_tree.h) | 
|  | - smart pointers | 
|  | - [intrusive refcounting mixin](../system/ulib/fbl/include/fbl/ref_counted.h) | 
|  | - [intrusive refcounted pointer](../system/ulib/fbl/include/fbl/ref_ptr.h) | 
|  | - [unique pointer](../system/ulib/fbl/include/fbl/unique_ptr.h) | 
|  | - raii utilities | 
|  | - [auto call](../system/ulib/fbl/include/fbl/auto_call.h) to run | 
|  | code upon leaving scope | 
|  | - [AutoLock](../system/ulib/fbl/include/fbl/auto_lock.h) | 
|  |  | 
|  | The standard operator new is assumed to either return valid memory or | 
|  | to throw std::bad_alloc. This policy is not suitable for the | 
|  | kernel. We also want to dynamically enforce that returns are | 
|  | explicitly checked. As such, fbl introduces our own operator new | 
|  | overload which takes a reference to an `AllocChecker`. If the status | 
|  | of the `AllocChecker` is not queried after the new expression, an | 
|  | assertion is raised. This lets us enforce that the return value is | 
|  | checked without having to reason about optimizations of the standard | 
|  | operator new in the presence of -fno-exceptions and so on. | 
|  |  | 
|  | ## zx | 
|  |  | 
|  | We have built a minimal C++ library around the various Zircon | 
|  | [objects](objects) and [syscalls](syscalls.md) called | 
|  | [`zx`](../system/ulib/zx/README.md). `zx` is a minimal layer on top of | 
|  | `zx_handle_t` and the system calls, to provide handles with type | 
|  | safety and ownership semantics. | 
|  |  | 
|  | ## zxcpp | 
|  |  | 
|  | Some of our code runs in an environment which cannot include the | 
|  | standard C++ runtime environment. This environment includes symbols | 
|  | like __cxa_pure_virtual that are defined by the ABI and that the | 
|  | compiler expects to be ambient. [The zxcpp | 
|  | library](../system/ulib/zxcpp) provides that dependency. It also | 
|  | includes the placement operator new overloads and, in userspace, the | 
|  | standard new and delete operators. Note that it does not include the | 
|  | similarly named __cxa_atexit, which in userspace must be provided by | 
|  | the libc. See extensive comments in musl's atexit implementation if | 
|  | you are curious. | 
|  |  | 
|  | *This library is mutually exclusive of the standard C++ library.* |