| [533] | 1 | /*! |
|---|
| [539] | 2 | \page memory_management Memory Management in BDM |
|---|
| [533] | 3 | |
|---|
| 4 | C++ memory management is notoriously flexible, allowing a wide range |
|---|
| 5 | of efficient and dangerous techniques. BDM uses conventions which |
|---|
| 6 | allow high implementation efficiency (not absolutely maximal, but |
|---|
| 7 | within a measurement error of the most efficient way) while |
|---|
| 8 | substantially reducing the danger of memory errors. These conventions |
|---|
| 9 | are described below. |
|---|
| 10 | |
|---|
| 11 | \section Constructors |
|---|
| 12 | |
|---|
| 13 | \li Each configurable class must have public default constructor (that |
|---|
| 14 | is, a constructor which takes no parameters). This is required by the |
|---|
| 15 | configuration framework. Other constructors may also be defined when |
|---|
| 16 | convenient. |
|---|
| 17 | |
|---|
| 18 | \li Each constructor must initialize all fields of the constructed |
|---|
| 19 | object, to prevent unpredictable behavior. |
|---|
| 20 | |
|---|
| 21 | One consequence of the points above is the case when a default |
|---|
| 22 | constructor doesn't have the data with which to initialize a new |
|---|
| 23 | object - in that case it can simply call the default constructors of |
|---|
| 24 | all its object fields (and base classes), but must explicitly |
|---|
| 25 | initialize all numeric fields and raw pointers to 0. Such an object |
|---|
| 26 | isn't valid as constructed and must have some additional |
|---|
| 27 | initialization methods (typically from_settings, for reading its |
|---|
| 28 | configured state), but it can at least be destroyed. |
|---|
| 29 | |
|---|
| 30 | \section Exceptions |
|---|
| 31 | |
|---|
| 32 | BDM uses exceptions to signal runtime and some logic errors. The |
|---|
| 33 | library aims to provide the minimal exception safety (that is, |
|---|
| 34 | throwing an exception doesn't crash and doesn't leak any resources) |
|---|
| [539] | 35 | for all thrown exceptions \b except memory errors - when a program |
|---|
| [533] | 36 | using BDM exhausts memory, it should be terminated as soon as possible |
|---|
| 37 | (and in most cases it has probably already terminated by |
|---|
| 38 | itself). Specific exceptions may provide stronger guarantees, as |
|---|
| [539] | 39 | documented for specific cases. All exceptions thrown out of the |
|---|
| [543] | 40 | library are descendants of std::exception. Since they're organized |
|---|
| 41 | into a class hierarchy, they should be caught by reference: |
|---|
| [533] | 42 | |
|---|
| [543] | 43 | \code |
|---|
| 44 | try { |
|---|
| 45 | mpdf* mtmp = UI::build<mpdf> (_Sources, i); |
|---|
| 46 | Sources (i) = mtmp; |
|---|
| 47 | } catch (UIException &exc) { |
|---|
| 48 | \endcode |
|---|
| 49 | |
|---|
| 50 | This saves one call to copy constructor and prevents slicing. |
|---|
| 51 | |
|---|
| [533] | 52 | \section Pointers |
|---|
| 53 | |
|---|
| 54 | Pointers are used extensively (for efficiency), but usage of raw |
|---|
| 55 | pointers should be minimized. |
|---|
| 56 | |
|---|
| 57 | Objects allocated by operator new should be assigned to a smart |
|---|
| 58 | pointer instance immediately upon their construction, so that they can |
|---|
| 59 | be automatically deleted after use. BDM implements its own |
|---|
| 60 | reference-counted smart pointer template, bdm::shared_ptr, whose |
|---|
| 61 | interface and semantics are close to the proposed standard |
|---|
| 62 | std::tr1:shared_ptr (which is planned to replace bdm::shared_ptr once |
|---|
| 63 | it becomes widely available). Note that objects allocated on the stack |
|---|
| [539] | 64 | \b must \b not have their addresses passed to shared_ptr - that is a |
|---|
| [533] | 65 | bug leading to intermittent runtime errors. |
|---|
| 66 | |
|---|
| 67 | Non-null heap pointers may also be kept in instances of object_ptr, |
|---|
| 68 | which is convertible to (and from) shared_ptr. The SHAREDPTR macro (or |
|---|
| 69 | SHAREDPTR2, for templated types) defines standartized names for these |
|---|
| 70 | instances, simplifying library usage: |
|---|
| 71 | |
|---|
| 72 | \code |
|---|
| [539] | 73 | /* |
|---|
| 74 | egamma_ptr is typedef for object_ptr<egamma>, whose default |
|---|
| 75 | constructor calls new egamma() |
|---|
| 76 | */ |
|---|
| [533] | 77 | egamma_ptr eG; |
|---|
| 78 | eG->set_parameters ( a, b ); |
|---|
| 79 | |
|---|
| 80 | epdf_array Coms ( 2 ); // epdf_array is typedef for Array<shared_ptr<epdf> > |
|---|
| 81 | Coms ( 0 ) = eG; // object_ptr<T> is derived from shared_ptr<T> |
|---|
| 82 | |
|---|
| [539] | 83 | /* |
|---|
| 84 | The egamma instance doesn't leak: if the shared_ptr instance which |
|---|
| 85 | wraps it isn't assigned to anything else, the pointer is deleted by |
|---|
| 86 | the destructor of either object_ptr, or Array, whichever runs last. |
|---|
| 87 | */ |
|---|
| [533] | 88 | \endcode |
|---|
| 89 | |
|---|
| 90 | Pointers kept in object fields should be wrapped in a shared_ptr |
|---|
| 91 | instance, which will automatically keep them valid (at least) for the |
|---|
| 92 | lifetime of the containing object. When that isn't possible, it should |
|---|
| 93 | be documented why their containing class doesn't delete them and who |
|---|
| 94 | does. |
|---|
| 95 | |
|---|
| 96 | Pointers passed as arguments into functions (and methods) are |
|---|
| 97 | generally not expected to stay valid after the function returns - when |
|---|
| 98 | that is required, the parameter's documentation should specify the |
|---|
| 99 | required scope: |
|---|
| 100 | |
|---|
| 101 | \code |
|---|
| [539] | 102 | /* the pointer must stay valid for the lifetime of the object */ |
|---|
| [533] | 103 | CurrentContext ( const char *name, int idx ); |
|---|
| 104 | \endcode |
|---|
| 105 | |
|---|
| 106 | A simpler alternative is just to pass a shared pointer: |
|---|
| 107 | |
|---|
| 108 | \code |
|---|
| 109 | class mepdf : public mpdf |
|---|
| 110 | { |
|---|
| 111 | shared_ptr<epdf> iepdf; |
|---|
| 112 | public: |
|---|
| 113 | mepdf (shared_ptr<epdf> em) { |
|---|
| 114 | iepdf = em; |
|---|
| 115 | \endcode |
|---|
| 116 | |
|---|
| 117 | In the case above, passing a (constant) reference to shared_ptr<epdf> |
|---|
| 118 | might be more efficient, but no measurements have been performed. |
|---|
| 119 | |
|---|
| 120 | Functions returning raw pointers should document the scope of their |
|---|
| 121 | validity: |
|---|
| 122 | |
|---|
| 123 | \code |
|---|
| [539] | 124 | /* |
|---|
| 125 | Returns the stored pointer (which remains owned by this |
|---|
| 126 | instance). |
|---|
| 127 | */ |
|---|
| [533] | 128 | T *get(); |
|---|
| 129 | \endcode |
|---|
| 130 | |
|---|
| [541] | 131 | Functions generally shouldn't return raw pointers allocated by |
|---|
| 132 | operator new - such pointers should be wrapped in an instance of |
|---|
| 133 | shared_ptr, so that the pointer's unlimited life expectancy is encoded |
|---|
| 134 | in the function signature: |
|---|
| [533] | 135 | |
|---|
| 136 | \code |
|---|
| 137 | virtual shared_ptr<epdf> marginal (const RV &rv) const; |
|---|
| 138 | \endcode |
|---|
| 139 | |
|---|
| 140 | */ |
|---|
