1 | /*! |
---|
2 | \page Memory Management in BDM |
---|
3 | |
---|
4 | C++ memory management is notoriously flexible, allowing a wide range |
---|
5 | of efficient and dangerous techniques. BDM uses conventions which |
---|
6 | allow high implementation efficiency (not absolutely maximal, but |
---|
7 | within a measurement error of the most efficient way) while |
---|
8 | substantially reducing the danger of memory errors. These conventions |
---|
9 | are described below. |
---|
10 | |
---|
11 | \section Constructors |
---|
12 | |
---|
13 | \li Each configurable class must have public default constructor (that |
---|
14 | is, a constructor which takes no parameters). This is required by the |
---|
15 | configuration framework. Other constructors may also be defined when |
---|
16 | convenient. |
---|
17 | |
---|
18 | \li Each constructor must initialize all fields of the constructed |
---|
19 | object, to prevent unpredictable behavior. |
---|
20 | |
---|
21 | One consequence of the points above is the case when a default |
---|
22 | constructor doesn't have the data with which to initialize a new |
---|
23 | object - in that case it can simply call the default constructors of |
---|
24 | all its object fields (and base classes), but must explicitly |
---|
25 | initialize all numeric fields and raw pointers to 0. Such an object |
---|
26 | isn't valid as constructed and must have some additional |
---|
27 | initialization methods (typically from_settings, for reading its |
---|
28 | configured state), but it can at least be destroyed. |
---|
29 | |
---|
30 | \section Exceptions |
---|
31 | |
---|
32 | BDM uses exceptions to signal runtime and some logic errors. The |
---|
33 | library aims to provide the minimal exception safety (that is, |
---|
34 | throwing an exception doesn't crash and doesn't leak any resources) |
---|
35 | for all thrown exceptions \b except \b memory errors - when a program |
---|
36 | using BDM exhausts memory, it should be terminated as soon as possible |
---|
37 | (and in most cases it has probably already terminated by |
---|
38 | itself). Specific exceptions may provide stronger guarantees, as |
---|
39 | documented for specific cases. All exceptions thrown outside the |
---|
40 | library are descendants of std::exception. |
---|
41 | |
---|
42 | \section Pointers |
---|
43 | |
---|
44 | Pointers are used extensively (for efficiency), but usage of raw |
---|
45 | pointers should be minimized. |
---|
46 | |
---|
47 | Objects allocated by operator new should be assigned to a smart |
---|
48 | pointer instance immediately upon their construction, so that they can |
---|
49 | be automatically deleted after use. BDM implements its own |
---|
50 | reference-counted smart pointer template, bdm::shared_ptr, whose |
---|
51 | interface and semantics are close to the proposed standard |
---|
52 | std::tr1:shared_ptr (which is planned to replace bdm::shared_ptr once |
---|
53 | it becomes widely available). Note that objects allocated on the stack |
---|
54 | \b must not \b have their addresses passed to shared_ptr - that is a |
---|
55 | bug leading to intermittent runtime errors. |
---|
56 | |
---|
57 | Non-null heap pointers may also be kept in instances of object_ptr, |
---|
58 | which is convertible to (and from) shared_ptr. The SHAREDPTR macro (or |
---|
59 | SHAREDPTR2, for templated types) defines standartized names for these |
---|
60 | instances, simplifying library usage: |
---|
61 | |
---|
62 | \code |
---|
63 | // egamma_ptr is typedef for object_ptr<egamma>, whose default |
---|
64 | // constructor calls new egamma() |
---|
65 | egamma_ptr eG; |
---|
66 | eG->set_parameters ( a, b ); |
---|
67 | |
---|
68 | epdf_array Coms ( 2 ); // epdf_array is typedef for Array<shared_ptr<epdf> > |
---|
69 | Coms ( 0 ) = eG; // object_ptr<T> is derived from shared_ptr<T> |
---|
70 | |
---|
71 | // The egamma instance doesn't leak: if the shared_ptr instance which |
---|
72 | // wraps it isn't assigned to anything else, the pointer is deleted by |
---|
73 | // the destructor of either object_ptr, or Array, whichever runs last. |
---|
74 | \endcode |
---|
75 | |
---|
76 | Pointers kept in object fields should be wrapped in a shared_ptr |
---|
77 | instance, which will automatically keep them valid (at least) for the |
---|
78 | lifetime of the containing object. When that isn't possible, it should |
---|
79 | be documented why their containing class doesn't delete them and who |
---|
80 | does. |
---|
81 | |
---|
82 | Pointers passed as arguments into functions (and methods) are |
---|
83 | generally not expected to stay valid after the function returns - when |
---|
84 | that is required, the parameter's documentation should specify the |
---|
85 | required scope: |
---|
86 | |
---|
87 | \code |
---|
88 | // the pointer must stay valid for the lifetime of the object |
---|
89 | CurrentContext ( const char *name, int idx ); |
---|
90 | \endcode |
---|
91 | |
---|
92 | A simpler alternative is just to pass a shared pointer: |
---|
93 | |
---|
94 | \code |
---|
95 | class mepdf : public mpdf |
---|
96 | { |
---|
97 | shared_ptr<epdf> iepdf; |
---|
98 | public: |
---|
99 | mepdf (shared_ptr<epdf> em) { |
---|
100 | iepdf = em; |
---|
101 | \endcode |
---|
102 | |
---|
103 | In the case above, passing a (constant) reference to shared_ptr<epdf> |
---|
104 | might be more efficient, but no measurements have been performed. |
---|
105 | |
---|
106 | Functions returning raw pointers should document the scope of their |
---|
107 | validity: |
---|
108 | |
---|
109 | \code |
---|
110 | //! Returns the stored pointer (which remains owned by this |
---|
111 | //! instance). |
---|
112 | T *get(); |
---|
113 | \endcode |
---|
114 | |
---|
115 | Functions gnerally shouldn't return raw pointers allocated by operator |
---|
116 | new - such pointers should be wrapped in an instance of shared_ptr, so |
---|
117 | that the pointer's unlimited life expectancy is encoded in the |
---|
118 | function signature: |
---|
119 | |
---|
120 | \code |
---|
121 | virtual shared_ptr<epdf> marginal (const RV &rv) const; |
---|
122 | \endcode |
---|
123 | |
---|
124 | */ |
---|