boost::checked delete

[Capstar]

Hi NG,

I was looking through the code of boost::shared_ptr, and found the
following piece of code in some referenced header file. As far as I
understand it, it is used to delete the object the shared pointer object
points to.
I think the struct checked_deleter is used to store the deleter in the
shared_ptr class without having to store a function pointer.

But what I don't understand is what the purpose is of checked delete.
what additional safety does it bring?
Maybe I'm just missing the big picture, but the compiler knows or does
not know how to delete an object. So why would a typedef and a
completely useless (void)sizeof( that_typedef ) help?

Thanks in advance,
Mark

template<class T> inline void checked_delete(T * x)
{
// intentionally complex - simplification causes regressions
typedef char type_must_be_complete[ sizeof(T)? 1: -1 ];
(void) sizeof(type_must_be_complete);
delete x;
}

template<class T> struct checked_deleter
{
typedef void result_type;
typedef T * argument_type;

void operator()(T * x) const
{
// boost:: disables ADL
boost::checked_delete(x);
}
};

 

[Simon Elliott]

I was looking through the code of boost::shared_ptr,

I've been looking through this too, with a view to porting it to BCB3.

and found the
following piece of code in some referenced header file. As far as I
understand it, it is used to delete the object the shared pointer
object points to. I think the struct checked_deleter is used to
store the deleter in the shared_ptr class without having to store a
function pointer.

But what I don't understand is what the purpose is of checked delete.
what additional safety does it bring?
Maybe I'm just missing the big picture, but the compiler knows or
does not know how to delete an object. So why would a typedef and a
completely useless (void)sizeof( that_typedef ) help?

As I understand it, boost::checked_delete is a mechanism to ensure that
objects which are only partially defined are not deleted. If this were
not prevented, boost::shared_ptr could take ownership of an incomplete
type and delete it. If the type were a class with a non trivial
destructor, the destrutor would not be called.

 

[Capstar]

I've been looking through this too, with a view to porting it to BCB3.





As I understand it, boost::checked_delete is a mechanism to ensure that
objects which are only partially defined are not deleted. If this were
not prevented, boost::shared_ptr could take ownership of an incomplete
type and delete it. If the type were a class with a non trivial
destructor, the destrutor would not be called.

How would this work then? As I see it (mostly from a C point of view I
admin), sizeof(an_incomplete_type) would give a compiler error, but so
would delete an_incomplete_type_pointer.

Mark

 

[John Harrison]

How would this work then? As I see it (mostly from a C point of view I
admin), sizeof(an_incomplete_type) would give a compiler error, but so
would delete an_incomplete_type_pointer.

In C++ templates does not get fully compiled unless they are used. Therefore
checked_delete does not cause a compiler error unless it is actually called
(and the type is incomplete).

john

 

[Capstar]

In C++ templates does not get fully compiled unless they are used. Therefore
checked_delete does not cause a compiler error unless it is actually called
(and the type is incomplete).

john

Yes, I understand that, but if I have the next piece of code:

template<class T> struct checked_deleter
{
typedef void result_type;
typedef T * argument_type;

void operator()(T * x) const
{
delete x;
}
};

I expect this to compile ok for a complete type, and fail to compile for
an incomplete type. So I don't see any difference in functionality with
the code in my original post.

Mark

 

[John Harrison]

Yes, I understand that, but if I have the next piece of code:

template<class T> struct checked_deleter
{
typedef void result_type;
typedef T * argument_type;

void operator()(T * x) const
{
delete x;
}
};

I expect this to compile ok for a complete type, and fail to compile for
an incomplete type. So I don't see any difference in functionality with
the code in my original post.

Well one point is that 'type_must_be_complete' is likely to appear in the
compiler error message. Therefore giving the user some clue as to what is
wrong.

john

 

[Capstar]

Well one point is that 'type_must_be_complete' is likely to appear in the
compiler error message. Therefore giving the user some clue as to what is
wrong.

john

Ok, that seems very likely now you mention it.

Thanks,
Mark

 

[David Hilsee]

Yes, I understand that, but if I have the next piece of code:

template<class T> struct checked_deleter
{
typedef void result_type;
typedef T * argument_type;

void operator()(T * x) const
{
delete x;
}
};

I expect this to compile ok for a complete type, and fail to compile for
an incomplete type. So I don't see any difference in functionality with
the code in my original post.

According to boost's documentation on checked_delete
(http://www.boost.org/libs/utility/checked_delete.html), your expectations
will not be met:

" The C++ Standard allows, in 5.3.5/5, pointers to incomplete class types to
be deleted with a delete-expression. When the class has a non-trivial
destructor, or a class-specific operator delete, the behavior is undefined.
Some compilers issue a warning when an incomplete type is deleted, but
unfortunately, not all do, and programmers sometimes ignore or disable
warnings. "

 

[Capstar]

According to boost's documentation on checked_delete
(http://www.boost.org/libs/utility/checked_delete.html), your expectations
will not be met:

" The C++ Standard allows, in 5.3.5/5, pointers to incomplete class types to
be deleted with a delete-expression. When the class has a non-trivial
destructor, or a class-specific operator delete, the behavior is undefined.
Some compilers issue a warning when an incomplete type is deleted, but
unfortunately, not all do, and programmers sometimes ignore or disable
warnings. "

Ok, I wasn't aware of that. I have been looking for this particular
documentation, but I couldn't find it.

Thanks.