Extend scoped_ptr to be closer to unique_ptr. Support custom deleters, and deleting arrays.

base/memory/scoped_ptr.h

Index: base/memory/scoped_ptr.h
diff --git a/base/memory/scoped_ptr.h b/base/memory/scoped_ptr.h
index 3547b7a15397f9c58f3c5193401d6d9defae333d..a4d27a399d305d618b5f17ba0be5636cf5867b7a 100644
--- a/base/memory/scoped_ptr.h
+++ b/base/memory/scoped_ptr.h
@@ -95,6 +95,8 @@
 #include <stddef.h>
 #include <stdlib.h>
 
+#include <utility>
+
 #include "base/basictypes.h"
 #include "base/compiler_specific.h"
 #include "base/move.h"
@@ -107,6 +109,47 @@ class RefCountedBase;
 class RefCountedThreadSafeBase;
 }  // namespace subtle
 
+// Function object which deletes its parameter, which must be a pointer.
+// If C is an array type, invokes 'delete[]' on the parameter; otherwise,
+// invokes 'delete'. The default deleter for scoped_ptr<T>.
+template <class C>
+struct DefaultDeleter {
+  DefaultDeleter() {}
+  template <typename U> DefaultDeleter(const DefaultDeleter<U>& other) {
+    // All default single-object deleters can trivially convert to one another.
+  }
+  inline void operator()(C* ptr) const {
+    enum { type_must_be_complete = sizeof(C) };
+    delete ptr;
+  }
+};
+
+// Specialization of DefaultDeleter for array types.
+template <class C>
+struct DefaultDeleter<C[]> {
+  inline void operator()(C* ptr) const {
+    enum { type_must_be_complete = sizeof(C) };
+    delete[] ptr;
+  }
+
+ private:
+  // Disable this operator for any U != C because it is unsafe to execute
+  // an array delete when the static type of the array mismatches the dynamic
+  // type.
+  template <typename U> void operator()(U* array) const;
+};
+
+// Function object which invokes 'free' on its parameter, which must be
+// a pointer. Can be used to store malloc-allocated pointers in scoped_ptr:
+//
+// scoped_ptr<int, base::FreeDeleter> foo_ptr(
+//     static_cast<int>(malloc(sizeof(int))));
+struct FreeDeleter {
+  inline void operator()(void* ptr) const {
+    free(ptr);
+  }
+};
+
 namespace internal {
 
 template <typename T> struct IsNotRefCounted {
@@ -117,7 +160,101 @@ template <typename T> struct IsNotRefCounted {
   };
 };
 
+// Minimal implementation of the core logic of scoped_ptr, suitable for
+// reuse in both scoped_ptr and its specialization.
+template <class Element, class Deleter>

[Ryan Sleevi, 2012/10/18 03:17:10]

Why not keep the naming consistent with std::, in calling the type T instead.

[awong, 2012/10/18 18:08:02]

I don't have a strong preference.

We already have base::DefaultDeleter instead of base::default_deleter which
would better parallel c++11 std::default_deleter so there's precedent to
"Googlify" the style.

[gromer, 2012/10/18 20:45:20]

Note that unique_ptr has element_type and deleter_type typedefs, which in
principle might be added to scoped_ptr; at that point I think the similarity
between these parameter names and the corresponding typedefs would be confusing.

So I'd say stick with single-letter names for the template parameters, and if
you're changing them at all, change them to the names from the standard (T and
D). If you're concerned about readability, add those typedefs and use them
instead of the parameter names in the class body.

[awong, 2012/11/27 22:36:16]

Went back to T and D.

+class scoped_ptr_impl {
+  MOVE_ONLY_TYPE_FOR_CPP_03(scoped_ptr_impl, RValue)
+
+ public:
+  explicit scoped_ptr_impl(Element* p) : data_(p) { }
+
+  template <typename U, typename V>
+  scoped_ptr_impl(scoped_ptr_impl<U, V> other) : data_(NULL) {
+    // TODO(ajwong): This needs to respect move only deleters rather than doing
+    // a copy to be consistent with unique_ptr. But we don't have a general
+    // "move()" function. Do I need to use SFINAE to make this work?  Or should

[Jeffrey Yasskin, 2012/10/18 04:14:29]

I'd like to get a general move() function, which can forward to .Pass() on
move-only types, and be implemented as:
template<typename T> T move(T arg) {
  T result;
  using std::swap;
  swap(arg, result);
  return result;
}
for copyable types. However, I don't know that there's enough interest in
C++98-move efficiency to really justify the function.

For now, I think you can ignore move-only deleters, and assume they're copyable.
A future change can add move support if it becomes important.

[awong, 2012/10/18 18:08:02]

It could be useful in specifically this situation.

The reason I avoided introducing a base::move() or similar is because the C++03
move emulation is incomplete. Specifically, if you write a function that uses
our RValue type to try and be rvalue-reference only, it will also happily accept
lvalues and execute a move on them. Bad.

I think I'll take your advice and leave support out for move-only deleters. Then
we don't need to worry about this.

+    // I modify how RValue works so we have a base::subtle::move() with a
+    // base::suble::rvalue<> template rather than a private RValue struct?
+    reset(other.release());
+    get_deleter() = other.get_deleter();

[Ryan Sleevi, 2012/10/18 03:17:10]

So I'm not misreading - you're intentionally relying on type punning (shearing?
stripping) to ensure that |data_.ptr| is not copied over (since it's being
explicitly cast to the Deleter class and invoking Deleter& operator=(Deleter&)?

Nice.

[awong, 2012/10/18 18:08:02]

Yep. Credit gromer@.

+  }
+
+  template <typename U, typename V>
+  const scoped_ptr_impl& operator=(scoped_ptr_impl<U, V> rhs) {
+    // TODO(ajwong): Same problem as in the constructor above.
+    reset(rhs.release());
+    get_deleter() = rhs.get_deleter();
+    return *this;
+  }
+
+  scoped_ptr_impl(RValue rvalue) : data_(NULL) {
+    swap(*rvalue.object);
+  }
+
+  ~scoped_ptr_impl() {
+    if (data_.ptr != NULL) {
+      get_deleter()(data_.ptr);
+    }
+  }
+
+  void reset(Element* p) {
+    // This self-reset check is deprecated.
+    // this->reset(this->get()) currently works, but it is DEPRECATED, and
+    // will be removed once we verify that no one depends on it.
+    //
+    // TODO(ajwong): File bug for the deprecation and ordering issue below.
+    if (p != data_.ptr) {
+      if (data_.ptr != NULL) {
+        // Note that this can lead to undefined behavior and memory leaks
+        // in the unlikely but possible case that get_deleter()(get())
+        // indirectly deletes this. The fix is to reset ptr_ before deleting
+        // its old value, but first we need to clean up the code that relies
+        // on the current sequencing.
+        get_deleter()(data_.ptr);
+      }
+      data_.ptr = p;
+    }
+  }
+
+  Element* get() const { return data_.ptr; }
+
+  Deleter& get_deleter() { return data_; }
+  const Deleter& get_deleter() const { return data_; }
+
+  void swap(scoped_ptr_impl& p2) {
+    // Standard swap idiom: 'using std::swap' ensures that std::swap is
+    // present in the overload set, but we call swap unqualified so that
+    // any more-specific overloads can be used, if available.
+    using std::swap;

[Ryan Sleevi, 2012/10/18 03:17:10]

I seem to recall (and of course, without citable reference) that this will
prevent searching for swap methods in the global namespace.

I ran into something similar with std::operator<<(std::ostream&) overloads in
printing, and where using ::operator<< would prevent searching when the type in
doubly-nested namespaces (eg: net::foo::SomeMethod() with using std::operator<<
searched within net::foo and std::, but not within net:: or ::)

doubt it's all that important though... maybe.

[Jeffrey Yasskin, 2012/10/18 04:14:29]

Yep. swap methods that people want found need to be in the same namespace as the
type they're swapping, not the global namespace. ADL is the only reliable way to
find functions.

+    swap(static_cast<Deleter&>(data_), static_cast<Deleter&>(p2.data_));
+    swap(data_.ptr, p2.data_.ptr);
+  }
+
+  Element* release() {
+    Element* retVal = data_.ptr;
+    data_.ptr = NULL;
+    return retVal;
+  }
+
+ private:
+  // Needed to allow type-converting constructor.
+  template <typename U, typename V> friend class scoped_ptr_impl;

[Ryan Sleevi, 2012/10/18 03:17:10]

I didn't think MSVC let you get away with this.

[awong, 2012/10/18 18:08:02]

Okay, will test. Worst case, I just merge scoped_ptr_impl back into both
specializations.

+
+  // Use the empty base class optimization to allow us to have a Deleter
+  // member, while avoiding any space overhead for it when Deleter is an
+  // empty class.  See e.g. http://www.cantrip.org/emptyopt.html for a good
+  // discussion of this technique.
+  struct Data : public Deleter {
+    explicit Data(Element* ptr_in) : ptr(ptr_in) {}
+    Element* ptr;
+  };
+
+  Data data_;
+};
+
 }  // namespace internal
+
 }  // namespace base
 
 // A scoped_ptr<T> is like a T*, except that the destructor of scoped_ptr<T>
@@ -129,45 +266,41 @@ template <typename T> struct IsNotRefCounted {
 //
 // The size of a scoped_ptr is small:
 // sizeof(scoped_ptr<C>) == sizeof(C*)
-template <class C>
+template <class Element, class Deleter = base::DefaultDeleter<Element> >
 class scoped_ptr {
   MOVE_ONLY_TYPE_FOR_CPP_03(scoped_ptr, RValue)
 
-  COMPILE_ASSERT(base::internal::IsNotRefCounted<C>::value,
-                 C_is_refcounted_type_and_needs_scoped_refptr);
+  COMPILE_ASSERT(base::internal::IsNotRefCounted<Element>::value,
+                 Element_is_refcounted_type_and_needs_scoped_refptr);
 
  public:
-
-  // The element type
-  typedef C element_type;
+  // The element and deleter types.
+  typedef Element element_type;
+  typedef Deleter deleter_type;
 
   // Constructor.  Defaults to initializing with NULL.
   // There is no way to create an uninitialized scoped_ptr.
-  // The input parameter must be allocated with new.
-  explicit scoped_ptr(C* p = NULL) : ptr_(p) { }
+  //
+  // TODO(ajwong): REVIEWER QUESTION: is it work breaking out the default
+  // constructor here, and a 0-arity reset() function below to get rid of the
+  // default arguments?
+  explicit scoped_ptr(element_type* p = NULL) : impl_(p) { }

[Ryan Sleevi, 2012/10/18 03:17:10]

This is the ONE place that I actually like default arguments. I think having

scoped_ptr() : impl_(NULL) {}
explicit scoped_ptr(element_type* p) : impl_(p) {}

is just... silly.

That said, the style guide says what the style guide says...

[Jeffrey Yasskin, 2012/10/18 04:14:29]

Yeah. Meh on my part.

[awong, 2012/10/18 18:08:02]

I guess I'll stick with the style guide. The C++ readability mantle grows heavy.

[gromer, 2012/10/18 20:45:20]

FWIW the standard specifies the 0- and 1-arg constructors separately, but uses a
default parameter for reset.

[awong, 2012/11/27 22:36:16]

All the more reason to avoid default arguments :-/

 
   // Constructor.  Allows construction from a scoped_ptr rvalue for a
-  // convertible type.
-  template <typename U>
-  scoped_ptr(scoped_ptr<U> other) : ptr_(other.release()) { }
+  // convertible type and deleter.
+  template <typename U, typename V>
+  scoped_ptr(scoped_ptr<U, V> other) : impl_(other.impl_.Pass()) { }
 
   // Constructor.  Move constructor for C++03 move emulation of this type.
-  scoped_ptr(RValue rvalue)
-      : ptr_(rvalue.object->release()) {
-  }
-
-  // Destructor.  If there is a C object, delete it.
-  // We don't need to test ptr_ == NULL because C++ does that for us.
-  ~scoped_ptr() {
-    enum { type_must_be_complete = sizeof(C) };
-    delete ptr_;
-  }
+  //
+  // TODO(ajwong): REVIEWER QUESTION: is it cleaner to use the swap() idiom?

[Jeffrey Yasskin, 2012/10/18 04:14:29]

The "swap idiom" means to me the operator= technique, which I think is the right
way to implement operator=, but doesn't apply to the move constructor.

You can't actually use swap() in the move constructor unless you first
initialize the object to "empty" before calling swap().

[awong, 2012/10/18 18:08:02]

Yes, I was thinking exactly

scoped_ptr(RValue rvalue) : impl_(NULL) { swap(*rvalue.object); }

But your comment makes me thing that you prefer the current implementation?  I'm
honestly completely ambivalent. 

[Jeffrey Yasskin, 2012/10/18 18:33:45]

I somewhat prefer the current implementation.

[awong, 2012/11/27 22:36:16]

Done.

+  scoped_ptr(RValue rvalue) : impl_(rvalue.object->release()) { }
 
   // operator=.  Allows assignment from a scoped_ptr rvalue for a convertible
-  // type.
-  template <typename U>
-  scoped_ptr& operator=(scoped_ptr<U> rhs) {
-    reset(rhs.release());
+  // type and deleter.
+  template <typename U, typename V>
+  scoped_ptr& operator=(scoped_ptr<U, V> rhs) {
+    impl_ = rhs.impl_.Pass();
     return *this;
   }
 
@@ -179,43 +312,40 @@ class scoped_ptr {
 
   // Reset.  Deletes the current owned object, if any.
   // Then takes ownership of a new object, if given.
-  // this->reset(this->get()) works.
-  void reset(C* p = NULL) {
-    if (p != ptr_) {
-      enum { type_must_be_complete = sizeof(C) };
-      delete ptr_;
-      ptr_ = p;
-    }
+  void reset(element_type* p = NULL) {
+    impl_.reset(p);
   }
 
   // Accessors to get the owned object.
   // operator* and operator-> will assert() if there is no current object.
-  C& operator*() const {
-    assert(ptr_ != NULL);
-    return *ptr_;
+  element_type& operator*() const {
+    assert(impl_.get() != NULL);
+    return *impl_.get();
   }
-  C* operator->() const  {
-    assert(ptr_ != NULL);
-    return ptr_;
+  element_type* operator->() const  {
+    assert(impl_.get() != NULL);
+    return impl_.get();
   }
-  C* get() const { return ptr_; }
+  element_type* get() const { return impl_.get(); }
 
-  // Allow scoped_ptr<C> to be used in boolean expressions, but not
+  // Access to the deleter.
+  deleter_type& get_deleter() { return impl_.get_deleter(); }
+  const deleter_type& get_deleter() const { return impl_.get_deleter(); }
+
+  // Allow scoped_ptr<element_type> to be used in boolean expressions, but not
   // implicitly convertible to a real bool (which is dangerous).
-  typedef C* scoped_ptr::*Testable;
-  operator Testable() const { return ptr_ ? &scoped_ptr::ptr_ : NULL; }
+  typedef element_type* scoped_ptr::*Testable;
+  operator Testable() const { return impl_.get() ? &impl_.get() : NULL; }
 
   // Comparison operators.
   // These return whether two scoped_ptr refer to the same object, not just to
   // two different but equal objects.
-  bool operator==(C* p) const { return ptr_ == p; }
-  bool operator!=(C* p) const { return ptr_ != p; }
+  bool operator==(element_type* p) const { return impl_.get() == p; }
+  bool operator!=(element_type* p) const { return impl_.get() != p; }
 
   // Swap two scoped pointers.
   void swap(scoped_ptr& p2) {
-    C* tmp = ptr_;
-    ptr_ = p2.ptr_;
-    p2.ptr_ = tmp;
+    impl_.swap(p2.impl_);
   }
 
   // Release a pointer.
@@ -223,41 +353,159 @@ class scoped_ptr {
   // If this object holds a NULL pointer, the return value is NULL.
   // After this operation, this object will hold a NULL pointer,
   // and will not own the object any more.
-  C* release() WARN_UNUSED_RESULT {
-    C* retVal = ptr_;
-    ptr_ = NULL;
-    return retVal;
+  element_type* release() WARN_UNUSED_RESULT {
+    return impl_.release();
   }
 
-  template <typename PassAsType>
-  scoped_ptr<PassAsType> PassAs() {
-    return scoped_ptr<PassAsType>(release());
+  template <typename PassAsType,
+            typename PasAsDeleter = base::DefaultDeleter<PassAsType> >
+  scoped_ptr<PassAsType, PasAsDeleter> PassAs() {

[Ryan Sleevi, 2012/10/18 03:17:10]

Did you accidentally an S? ( Pas*s*AsDeleter )

[awong, 2012/10/18 18:08:02]

heh...yes I did. But I also just had to remove deleter conversion support from
PassAs because C++98 can't use default template parameters for function
templates. <grumble />

+    return scoped_ptr<PassAsType, PasAsDeleter>(Pass());
   }
 
  private:
-  C* ptr_;
+  // Needed to reach into |impl_| in the constructor.
+  template <typename U, typename V> friend class scoped_ptr;
+  base::internal::scoped_ptr_impl<element_type, deleter_type> impl_;
+
+  // Forbid comparison of scoped_ptr types.  If U != Element, it totally
+  // doesn't make sense, and if U == Element, it still doesn't make sense
+  // because you should never have the same object owned by two different
+  // scoped_ptrs.
+  template <class U> bool operator==(scoped_ptr<U> const& p2) const;
+  template <class U> bool operator!=(scoped_ptr<U> const& p2) const;
+};
+
+template <class Element, class Deleter>
+class scoped_ptr<Element[], Deleter> {
+  MOVE_ONLY_TYPE_FOR_CPP_03(scoped_ptr, RValue)
+
+  COMPILE_ASSERT(base::internal::IsNotRefCounted<Element>::value,
+                 Element_is_refcounted_type_and_needs_scoped_refptr);
+
+ public:
+  // The element and deleter types.
+  typedef Element element_type;
+  typedef Deleter deleter_type;
+
+  // Constructor.  Defaults to initializing with NULL.
+  // There is no way to create an uninitialized scoped_ptr.

[Ryan Sleevi, 2012/10/18 03:17:10]

line 392 seems superflous

[awong, 2012/10/18 18:08:02]

Yeah. It was just keeping in line with the old impl, but I'll remove it.

+  scoped_ptr() : impl_(NULL) { }
+
+  // Constructor. Stores the given array. Note that the argument's type
+  // must exactly match Element*. In particular:
+  // - it cannot be a pointer to a type derived from Element, because it is
+  //   inherently unsafe to access an array through a pointer whose

[Jeffrey Yasskin, 2012/10/18 04:14:29]

There's vague wording on subscripting at [expr.add]p5 saying "When an expression
that has integral type is added to or subtracted from a pointer, the result has
the type of the pointer operand. If the pointer operand points to an element of
an array object, and the array is large enough, the result points to an element
offset from the original element such that the difference of the subscripts of
the resulting and original array elements equals the integral expression."

If the pointer has the type of a base class object, it points to a subobject of
an element of an array object, which is not "an element of an array object", so
the if doesn't apply. I've had trouble finding clearer wording forbidding this,
but it obviously won't work.

Deletion is clearer: "In the second alternative (delete array) if the dynamic
type of the object to be deleted differs from its static type, the behavior is
undefined." —[expr.delete]p3

[awong, 2012/10/18 18:08:02]

Let me ask gromer@ for pointers. This is really his comment.

[gromer, 2012/10/18 20:45:20]

From [basic.compound]p3: "If an object of type T is located at an address A, a
pointer of type cv T* whose value is the
address A is said to point to that object, regardless of how the value was
obtained." So, for example, the 'if' definitely seems to apply if the base and
derived classes are standard-layout. Defect report?
The bottom line here is that this is what unique_ptr does, and the goal is to
make scoped_ptr a pure subset of unique_ptr. I inferred that the objective of
this restriction in unique_ptr was to prevent slicing, but I don't have any
specific evidence of that, and some of the standardization history suggests that
the focus was on deletion:

http://cplusplus.github.com/LWG/lwg-defects.html#938

In any event, I'm not sure what you're asking for WRT this comment. I suppose it
would be somewhat more accurate to say "index into" rather than "access"- would
that address your concern? I'd prefer to keep the emphasis on the risk of
slicing rather than the risk of bad deletion, because I don't want people to
think they can evade this issue with a custom deleter.

[awong, 2012/11/27 22:36:16]

I don't think I understand this quite enough to write a defect report.
jyasskin@, gromer@, do one of you want to write that up?
The citation is exactly what I was looking for :)  Thanks!

+  //   dynamic type does not match its static type. If you're doing this,
+  //   fix your code.
+  // - it cannot be NULL, because NULL is an integral expression, not a
+  //   pointer to Element. Use the no-argument version instead of explicitly
+  //   passing NULL.
+  // - it cannot be const-qualified differently from Element. You can work

[Jeffrey Yasskin, 2012/10/18 04:14:29]

Interesting. What goes wrong with this?

[awong, 2012/10/18 18:08:02]

Will ask gromer@

[gromer, 2012/10/18 20:45:20]

Nothing; it's perfectly safe, but forbidden by unique_ptr, and so we must forbid
it for compatibility. See http://cplusplus.github.com/LWG/lwg-active.html#2118.

I gather Chromium has no near-term prospect of using unique_ptr due to the need
to support older toolchains, so the need to be a strict subset is less pressing.
That being the case, you could always remove this restriction in the Chromium
codebase. In fact, having an actual implementation might be useful data for that
DR, since AFAICT removing this restriction while maintaining the
no-derived-pointer restriction will require nontrivial metaprogramming.

[willchan no longer on Chromium, 2012/10/18 21:28:42]

We actually do hope to switch to using unique_ptr in the future. It'll be awhile
until all our platforms support it, but it's definitely on the horizon.

[awong, 2012/11/27 22:36:16]

I added the citation, and removed the reference to implicit_cast<> since
chromium doesn't have it.

+  //   around this using implicit_cast (from base/casts.h):
+  //
+  //   int* i;
+  //   scoped_ptr<const int[]> arr(implicit_cast<const int[]>(i));
+  //
+  // TODO(ajwong): Find citations for the above.  Also see if we want to keep
+  // the implicit_cast<> comment.
+  explicit scoped_ptr(element_type* array = NULL) : impl_(array) { }
+
+  // Constructor.  Move constructor for C++03 move emulation of this type.
+  //
+  // TODO(ajwong): reviewer question: is it cleaner to use the swap() idiom?
+  scoped_ptr(RValue rvalue) : impl_(rvalue.object->release()) { }
 
-  // Forbid comparison of scoped_ptr types.  If C2 != C, it totally doesn't
-  // make sense, and if C2 == C, it still doesn't make sense because you should
-  // never have the same object owned by two different scoped_ptrs.
-  template <class C2> bool operator==(scoped_ptr<C2> const& p2) const;
-  template <class C2> bool operator!=(scoped_ptr<C2> const& p2) const;
+  // operator=.  Move operator= for C++03 move emulation of this type.
+  scoped_ptr& operator=(RValue rhs) {
+    swap(*rhs->object);
+    return *this;
+  }
 
+  // Reset.  Deletes the current owned object, if any.
+  // Then takes ownership of a new object, if given.
+  void reset(element_type* array = NULL) {
+    impl_.reset(array);
+  }
+
+  // Accessors to get the owned object.
+  // operator* and operator-> will assert() if there is no current object.
+  element_type& operator[](size_t i) const {
+    assert(impl_.get() != NULL);
+    return impl_.get()[i];
+  }
+  element_type* get() const { return impl_.get(); }
+
+  // Access to the deleter.
+  deleter_type& get_deleter() { return impl_.get_deleter(); }
+  const deleter_type& get_deleter() const { return impl_.get_deleter(); }
+
+  // Allow scoped_ptr<element_type> to be used in boolean expressions, but not
+  // implicitly convertible to a real bool (which is dangerous).
+  typedef element_type* scoped_ptr::*Testable;
+  operator Testable() const { return impl_.get() ? &impl_.get() : NULL; }
+
+  // Comparison operators.
+  // These return whether two scoped_ptr refer to the same object, not just to
+  // two different but equal objects.
+  bool operator==(element_type* array) const { return impl_.get() == array; }
+  bool operator!=(element_type* array) const { return impl_.get() != array; }
+
+  // Swap two scoped pointers.
+  void swap(scoped_ptr& p2) {
+    impl_.swap(p2.impl_);
+  }
+
+  // Release a pointer.
+  // The return value is the current pointer held by this object.
+  // If this object holds a NULL pointer, the return value is NULL.
+  // After this operation, this object will hold a NULL pointer,
+  // and will not own the object any more.
+  element_type* release() WARN_UNUSED_RESULT {
+    return impl_.release();
+  }
+
+ private:
+  // Force element_type to be a complete type.
+  enum { type_must_be_complete = sizeof(element_type) };
+
+  // Actually hold the data.
+  base::internal::scoped_ptr_impl<element_type, deleter_type> impl_;
+
+  // Disable initialization from any type other than element_type*, by
+  // providing a constructor that matches such an initialization, but is
+  // private and has no definition. This is disabled because it is not safe to
+  // call delete[] on an array whose static type does not match its dynamic
+  // type.
+  template <typename T>
+  explicit scoped_ptr(T* array);
+
+  // Disable reset() from any type other than element_type*, for the same
+  // reasons as the constructor above.
+  template <typename T>
+  void reset(T* array);
+
+  // Forbid comparison of scoped_ptr types.  If U != Element, it totally
+  // doesn't make sense, and if U == Element, it still doesn't make sense
+  // because you should never have the same object owned by two different
+  // scoped_ptrs.
+  template <class U> bool operator==(scoped_ptr<U> const& p2) const;
+  template <class U> bool operator!=(scoped_ptr<U> const& p2) const;
 };
 
 // Free functions
-template <class C>
-void swap(scoped_ptr<C>& p1, scoped_ptr<C>& p2) {
+template <class C, class D>
+void swap(scoped_ptr<C, D>& p1, scoped_ptr<C, D>& p2) {
   p1.swap(p2);
 }
 
-template <class C>
-bool operator==(C* p1, const scoped_ptr<C>& p2) {
+template <class C, class D>
+bool operator==(C* p1, const scoped_ptr<C, D>& p2) {
   return p1 == p2.get();
 }
 
-template <class C>
-bool operator!=(C* p1, const scoped_ptr<C>& p2) {
+template <class C, class D>
+bool operator!=(C* p1, const scoped_ptr<C, D>& p2) {
   return p1 != p2.get();
 }