Placement syntax

From HandWiki

In the C++ programming language, placement syntax allows programmers to explicitly specify the memory management of individual objects — i.e. their "placement" in memory. Normally, when an object is created dynamically, an allocation function is invoked in such a way that it will both allocate memory for the object, and initialize the object within the newly allocated memory. The placement syntax allows the programmer to supply additional arguments to the allocation function. A common use is to supply a pointer to a suitable region of storage where the object can be initialized, thus separating memory allocation from object construction.[citation needed] The "placement" versions of the new and delete operators and functions are known as placement new and placement delete.[1] A new expression, placement or otherwise, calls a new function, also known as an allocator function, whose name is operator new. Similarly, a delete expression calls a delete function, also known as a deallocator function, whose name is operator delete.[2][3]

Any new expression that uses the placement syntax is a placement new expression, and any operator new or operator delete function that takes more than the mandatory first parameter (std::size_t) is a placement new or placement delete function.[4] A placement new function takes two input parameters: std::size_t and void *.

History

In earlier versions of C++ there was no such thing as placement new; instead, developers used explicit assignment to this within constructors to achieve similar effect.[5] This practice has been deprecated and abolished later, and the third edition of The C++ Programming Language doesn't mention this technique.

Expressions

The Standard C++ syntax for a non-placement new expression is[2]

new new-type-id ( optional-initializer-expression-list )

The placement syntax adds an expression list immediately after the new keyword. This expression list is the placement. It can contain any number of expressions.[2][3][6]

new ( expression-list ) new-type-id ( optional-initializer-expression-list )

Functions

The placement new functions are overloads of the non-placement new functions. The declaration of the non-placement new functions, for non-array and array new expressions respectively, are:[7][8]

void* operator new(std::size_t) throw(std::bad_alloc);
    void* operator new[](std::size_t) throw(std::bad_alloc);

The Standard C++ library provides two placement overloads each for these functions. Their declarations are:[7][8]

void* operator new(std::size_t, const std::nothrow_t&) throw();
    void* operator new(std::size_t, void*) throw();
    void* operator new[](std::size_t, const std::nothrow_t&) throw();
    void* operator new[](std::size_t, void*) throw();

In all of the overloads, the first parameter to the operator new function is of type std::size_t, which when the function is called will be passed as an argument specifying the amount of memory, in bytes, to allocate. All of the functions must return type void *, which is a pointer to the storage that the function allocates.[2]

There are also placement delete functions. They are overloaded versions of the non-placement delete functions. The non-placement delete functions are declared as:[7][8]

void operator delete(void*) throw();
    void operator delete[](void*) throw();

The Standard C++ library provides two placement overloads each for these functions. Their declarations are:[7][8]

void operator delete(void*, const std::nothrow_t&) throw();
    void operator delete(void*, void*) throw();
    void operator delete[](void*, const std::nothrow_t&) throw();
    void operator delete[](void*, void*) throw();

In all of the overloads, the first parameter to the operator delete function is of type void *, which is the address of the storage to deallocate.[2]

For both the new and the delete functions, the functions are global, are not in any namespace, and do not have static linkage.[2]

Use

Placement syntax has four main uses: default placement, preventing exceptions, custom allocators, and debugging.

Default placement

The placement overloads of operator new and operator delete that employ an additional void * parameter are used for default placement, also known as pointer placement. Their definitions by the Standard C++ library, which it is not permitted for a C++ program to replace or override, are:[7][8][9]

void* operator new(std::size_t, void* p) throw() { return p; }
void* operator new[](std::size_t, void* p) throw() { return p; }
void operator delete(void*, void*) throw() { }
void operator delete[](void*, void*) throw() { }

There are various uses for default placement.

Bjarne Stroustrup originally observed, in his book The Design and Evolution of C++, that pointer placement new is necessary for hardware that expects a certain object at a specific hardware address. It is also required for the construction of objects that need to reside in a certain memory area, such as an area that is shared between several processors of a multiprocessor computer.[10]

Other uses, however, include calling a constructor directly, something which the C++ language does not otherwise permit.[3]

The C++ language does allow a program to call a destructor directly, and, since it is not possible to destroy the object using a delete expression, that is how one destroys an object that was constructed via a pointer placement new expression. For example:[11][12]

p->~T();

Use cases

Placement new is used when you do not want operator new to allocate memory (you have pre-allocated it and you want to place the object there), but you do want the object to be constructed. Examples of typical situations where this may be required are:

  • You want to create objects in memory shared between two different processes.
  • You want objects to be created in non-pageable memory.
  • You want to separate memory allocation from construction e.g. in implementing a std::vector<> (see std::vector<>::reserve).

The basic problem is that the constructor is a peculiar function; when it starts off, there is no object, only raw memory. And by the time it finishes, you have a fully initialized object. Therefore, i) The constructor cannot be called on an object ii) However, it needs to access (and initialize) non-static members. This makes calling the constructor directly an error. The solution is the placement form of operator new.

This operator is implemented as:

void* operator new(std::size_t count, void* here) { return here; }
    void* operator new[](std::size_t count, void* here) { return here; }

Preventing exceptions

Normally, the (non-placement) new functions throw an exception, of type std::bad_alloc, if they encounter an error, such as exhaustion of all available memory. This was not how the functions were defined by Stroustrup's Annotated C++ Reference Manual, but was a change made by the standardization committee when the C++ language was standardized. The original behaviour of the functions, which was to return a NULL pointer when an error occurred, is accessible via placement syntax.[3][4][6]

Programmers who wish to do this in their programs must include the Standard C++ library header <new> in the source code. This header declares the global std::nothrow object, which is of type std::nothrow_t (also declared in the header), which is used to call the overloaded new functions that are declared as taking const std::nothrow_t & as their second parameter. For example:[9]

#include <new>

struct T {};

int main() {
    // Call the function operator new(std::size_t, const std::nothrow_t &) and (if successful) construct the object.
    T* p = new (std::nothrow) T;
    if (p) {
        // The storage has been allocated and the constructor called.
        delete p;
    } else
        ; // An error has occurred.  No storage has been allocated and no object constructed.
    return 0;
}

Custom allocators

Placement syntax is also employed for custom allocators. This does not use any of the allocator and deallocator functions from the Standard C++ library header <new>, but requires that programmers write their own allocation and deallocation functions, overloaded for user-defined types. For example, one could define a memory management class as follows:[7][8]

#include <cstdlib>
class A {
public:
    void* allocate(std::size_t);
    void deallocate(void*);
};

And define custom placement allocation and deallocation functions as follows:[7][8]

void* operator new(std::size_t size, A& arena) {
    return arena.allocate(size);
}

void operator delete(void* p, A& arena) {
    arena.deallocate(p);
}

The program would employ the placement syntax to allocate objects using different instances of the A class as follows:[7][8]

A first_arena, second_arena;
T* p1 = new(first_arena) T;
T* p2 = new(second_arena) T;

Destroying an object whose storage is allocated in such a fashion requires some care. Because there is no placement delete expression, one cannot use it to invoke the custom deallocator. One must either write a destruction function that invokes the custom deallocator, or call the placement delete function directly, as a function call.[11][7][8]

The former would resemble:[8]

void destroy(T* p, A& arena) {
    p->~T();  // First invoke the destructor explicitly.
    arena.deallocate(p);  // Then call the deallocator function directly.
}

which would be invoked from a program as:

A arena;
T* p = new(arena) T;
/* ... */
destroy(p, arena);

The latter would involve simply writing the destructor invocation and delete function call into the program:[7][13]

A arena;
T* p = new(arena) T;
/* ... */
p->~T();  // First invoke the destructor explicitly.
operator delete(p, arena);  // Then call the deallocator function indirectly via operator delete(void*, A &).

A common error is to attempt to use a delete expression to delete the object. This results in the wrong operator delete function being called. Dewhurst recommends two strategies for avoiding this error. The first is to ensure that any custom allocators rely upon the Standard C++ library's global, non-placement, operator new, and are thus nothing more than simple wrappers around the C++ library's memory management. The second is to create new and delete functions for individual classes, and customize memory management via class function members rather than by using the placement syntax.[13]

Debugging

Placement new can also be used as a simple debugging tool, to enable programs to print the filename and line number of the source code where a memory allocation has failed. This does not require the inclusion of the Standard C++ library header <new>, but does require the inclusion of a header that declares four placement functions and a macro replacement for the new keyword that is used in new expressions. For example, such a header would contain:[9][14]

#if defined(DEBUG_NEW)
void* operator new(std::size_t size, const char* file, int line);
void* operator new[](std::size_t size, const char* file, int line);
void operator delete(void* p, const char* file, int line);
void operator delete[](void* p, const char* file, int line);
#define New new(__FILE__, __LINE__)
#else
#define New new
#endif

This would be employed in a program as follows:[9][14]

T* p = New T;

The custom-written placement new functions would then handle using the supplied file and line number information in the event of an exception. For example:[9][14]

#include <new>
#include <cstdlib>

class NewError {
public:
    NewError(const char* file, int line) { /* ... */ }
    /* ... */
} ;

void *
operator new(std::size_t size, const char* file, int line)
{
    if (void* p = ::operator new(size, std::nothrow))
        return p;
    throw NewError(file, line);
}

Placement delete

As noted above, there is no placement delete expression. It is not possible to call any placement operator delete function using a delete expression.[11][15]

The placement delete functions are called from placement new expressions. In particular, they are called if the constructor of the object throws an exception. In such a circumstance, in order to ensure that the program does not incur a memory leak, the placement delete functions are called. A placement new expression first calls the placement operator new function, then calls the constructor of the object upon the raw storage returned from the allocator function. If the constructor throws an exception, it is necessary to deallocate that storage before propagating the exception back to the code that executed the placement new expression, and that is the purpose of the placement delete functions.[2][4][11][15]

The placement delete function that is called matches the placement new function that was invoked by the placement new expression. So, for example, if the following code is executed, the placement delete function that is called will be operator delete(void *, const A &):[2][11][15]

#include <cstdlib>
#include <iostream>

struct A {};
struct E {};

class T {
public:
    T() { throw E(); }
};

void * operator new(std::size_t, const A&) {
    std::cout << "Placement new called." << std::endl;
}

void operator delete(void*, const A&) {
    std::cout << "Placement delete called." << std::endl;
}

int main(){
    A a;
    try {
        T* p = new(a) T;
    } catch (E exp) {
        std::cout << "Exception caught." << std::endl;
    }
    return 0;
}

This is why the pointer placement delete functions are defined as no-operations by the Standard C++ library. Since the pointer placement new functions do not allocate any storage, there is no storage to [16] be deallocated in the event of the object's constructor throwing an exception.[11]

If no matching placement delete function exists, no deallocation function is called in the event of an exception being thrown by a constructor within a placement new expression. There are also some (older) C++ implementations that do not support placement delete (which, like the exception-throwing allocator functions, were an addition made to C++ when it was standardized) at all. In both such situations, an exception being thrown by a constructor when allocating using a custom allocator will result in a memory leak. (In the case of the older C++ implementations, a memory leak will also occur with non-placement new expressions.)[4][15]

Security

Placement new expressions are vulnerable to security exploits. In 2011, Kundu and Bertino[16] demonstrated some of the exploits on placement new. Some of the attacks are buffer overflow attacks, object overflow, selective stackguard overriding, virtual pointer subterfuge, memory misalignment attacks. In 2015, GCC released a patch[17] based on the findings in.[16]

Notes

  1. McCluskey 2000
  2. 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 Lischner 2003, pp. 72–73,128–129,310, 623–625
  3. 3.0 3.1 3.2 3.3 Lippman 1997, pp. 386–389
  4. 4.0 4.1 4.2 4.3 Meyers 1998
  5. Stroustrup 1991[page needed]
  6. 6.0 6.1 Loudon 2003, pp. 109–110
  7. 7.0 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 Vermeir 2001, pp. 113–115
  8. 8.0 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 Stroustrup 1997, pp. 255–256, 576
  9. 9.0 9.1 9.2 9.3 9.4 Anderson 1998a, pp. 345–356
  10. Stroustrup 1994, pp. 214
  11. 11.0 11.1 11.2 11.3 11.4 11.5 Solter & Kleper 2005, pp. 458–461
  12. Seed & Cooper 2001, pp. 435–436
  13. 13.0 13.1 Dewhurst 2003, pp. 173–176
  14. 14.0 14.1 14.2 Yongwei 2007
  15. 15.0 15.1 15.2 15.3 Anderson 1998b, pp. 631–632
  16. 16.0 16.1 16.2 Kundu, Ashish; Bertino, Elisa (June 2011). "A New Class of Buffer Overflow Attacks". 2011 31st International Conference on Distributed Computing Systems. pp. 730–739. doi:10.1109/ICDCS.2011.63. ISBN 978-1-61284-384-1. https://ieeexplore.ieee.org/document/5961725. 
  17. "Martin Sebor - [PING [PATCH] c++/67942 - diagnose placement new buffer overflow"]. https://gcc.gnu.org/legacy-ml/gcc-patches/2015-10/msg02001.html. 

References

Further reading