Re: deleting an array of objects and undefined behaviour
On Sep 23, 6:09 am, Agents Marlow <marlow.age...@gmail.com> wrote:
I have just come across something I didn't know from the std:
When deleting an array, the dynamic and the static type of the object
must be the same, or the behavior is undefined (C++ Standard 5.3.5/3).
I was amazed to discover this. It was revealed to me in a test
question where it had a code fragment and said "what, if anything, is
wrong with this code?". Here is the code:
struct X {
virtual ~X() {}
};
class Y : public X {
};
int main() {
X* p = new Y[2];
delete [] p;
return 0;
}
The above code has undefined behaviour according to the std. But why?
I really don't understand. The usual gotcha when doing polymorphic
deletes is forgetting to make the dtor of the base class virtual but
that has been done here and it's still undefined behaviour!
I don't claim to be a standards whiz, but I would guess the problem
here is that ::operator delete[] is getting an X* pointing to the
first object that was allocated, and it will presume that all the
other X objects are contiguous in memory after that (which will not in
general be the case if this is in fact an array of Y objects).
This is one of several reasons why it is almost always a bad idea to
use ::operator new[] (or for that matter, any STL container) to make
or store multiple polymorphic objects directly.
If one wanted an array of base class pointers then how would one
delete the objects when the time comes? Would it be ok to have a
vector of boost::shared_ptrs? Or would that boil down to the above and
thus yield undefined behaviour also?
Now you're talking about something completely different. The
following is perfectly OK, aside from the lack of exception safety and
the annoyance of having to clean everything up when finished with it.
X ** ppX = new X* [2]; // Allocate some base class POINTERS, not
objects
ppX[0] = new X; // OK, obviously
ppX[1] = new Y; // OK, cast derived class pointer to base class
pointer
//...
delete ppX[0]; // Fine, delete X object through X pointer.
delete ppX[1]; // Fine, delete Y object through X pointer and
virtual dtor.
delete [] ppX; // Fine, delete the pointers created with new[].
I am worried if the answer to
that is "yes" because I have written such code recently. I hope it
would be ok since the container is a vector rather than a native
array. Perhaps it is native arrays that are the source of the trouble
for reasons I don't understand.
Not precisely, though you wouldn't be quite as easily able to get
undefined behavior with a vector (e.g.). But you can only put one
kind of object into it, which usually defeats polymorphism:
vector<Y> vY;
X x;
Y y;
vY.push_back(y); // Fine
vY.push_back(x); // Won't compile: can't implicitly cast an X to a Y
vY.push_back(dynamic_cast<Y &>(x)); // Throws exception: x is not a
Y
And some things are still bad:
X * pX = & vY[0]; // Fine, get pointer to X base class of first Y
object.
X * pX2 = pX + 1; // Does not point at a valid object: undefined
behavior.
X & x2 = pX[1]; // Likewise.
Instead of a vector of derived objects, you might (unwisely) decide to
use a vector of base objects. This is better from the perspective of
how easy it is to trigger undefined behavior, but it is even worse
from the point of view of causing unexpected, hard-to-debug bugs:
vector<X> vX;
vX.push_back(x); // Fine
vX.push_back(y); // Slicing: only the X part of y gets copied into
the vector
As you suspect, the best solution in this context would probably be a
vector<shared_ptr<X> >
// This is analogous to X ** ppX = new X* [2] above
vector<shared_ptr<X> > vp;
vp.push_back(make_shared<X>()); // Fine, make an X and store a
pointer to it
vp.push_back(make_shared<Y>()); // Fine, make a Y and store a base
class pointer to it
shared_ptr<X> pX = vp[0]; // Fine
shared_ptr<X> pX2 = vp[1]; // Fine, pointer to base class
shared_ptr<Y> pY = dynamic_pointer_cast<Y>(vp[0]); // Fine, but pY
is null pointer
shared_ptr<Y> pY2 = dynamic_pointer_cast<Y>(vp[1]); // Fine
When the vector goes out of scope, it and all of its contents are
properly destroyed (the Y object pointed to by vp[1] via the virtual
dtor).
Finally, some remarks on the unfortunately extremely confusing C++
terminology.
This is a C++ array:
X arrX[5];
This is not technically an array, although nearly everyone calls it
one:
X * pX = new X[5];
Rather, it is a pointer to the first of a bunch of objects that are
contiguous in memory. As far as I know -- probably someone will
correct me -- there is no term that is both concise and technically
correct for a group of contiguous objects that were allocated
with ::operator new[] (nor for a group of contiguous objects
irrespective of allocation method).
You can tell the difference because the following function template
will accept arrX, but not pX:
template <typename T, size_t N>
size_t array_size(const (T &)[N]) { return N; }
although these equivalent functions will accept either:
void bar(const X * ptr) { }
void bar2(const X ptr[5]) { } // The 5 is ignored and could be
omitted: ptr[]
For what it's worth, this C++11 container is not an array either,
despite the name (and the fact that it behaves very similarly to a C++
array):
std::array<X, 5> stdarrX;
--
Kevin B. McCarty
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]