| 1 | /*! |
|---|
| 2 | \page memory_management Memory Management in BDM |
|---|
| 3 | |
|---|
| 4 | C++ memory management is notoriously flexible, allowing a wide range |
|---|
| 5 | of efficient and dangerous techniques. BDM uses conventions which |
|---|
| 6 | allow high implementation efficiency (not absolutely maximal, but |
|---|
| 7 | within a measurement error of the most efficient way) while |
|---|
| 8 | substantially reducing the danger of memory errors. These conventions |
|---|
| 9 | are described below. |
|---|
| 10 | |
|---|
| 11 | \section Constructors |
|---|
| 12 | |
|---|
| 13 | \li Each configurable class must have public default constructor (that |
|---|
| 14 | is, a constructor which takes no parameters). This is required by the |
|---|
| 15 | configuration framework. Other constructors may also be defined when |
|---|
| 16 | convenient. |
|---|
| 17 | |
|---|
| 18 | \li Each constructor must initialize all fields of the constructed |
|---|
| 19 | object, to prevent unpredictable behavior. |
|---|
| 20 | |
|---|
| 21 | One consequence of the points above is the case when a default |
|---|
| 22 | constructor doesn't have the data with which to initialize a new |
|---|
| 23 | object - in that case it can simply call the default constructors of |
|---|
| 24 | all its object fields (and base classes), but must explicitly |
|---|
| 25 | initialize all numeric fields and raw pointers to 0. Such an object |
|---|
| 26 | isn't valid as constructed and must have some additional |
|---|
| 27 | initialization methods (typically from_settings, for reading its |
|---|
| 28 | configured state), but it can at least be destroyed. |
|---|
| 29 | |
|---|
| 30 | \section Exceptions |
|---|
| 31 | |
|---|
| 32 | BDM uses exceptions to signal runtime and some logic errors. The |
|---|
| 33 | library aims to provide the minimal exception safety (that is, |
|---|
| 34 | throwing an exception doesn't crash and doesn't leak any resources) |
|---|
| 35 | for all thrown exceptions \b except memory errors - when a program |
|---|
| 36 | using BDM exhausts memory, it should be terminated as soon as possible |
|---|
| 37 | (and in most cases it has probably already terminated by |
|---|
| 38 | itself). Specific exceptions may provide stronger guarantees, as |
|---|
| 39 | documented for specific cases. All exceptions thrown out of the |
|---|
| 40 | library are descendants of std::exception. |
|---|
| 41 | |
|---|
| 42 | \section Pointers |
|---|
| 43 | |
|---|
| 44 | Pointers are used extensively (for efficiency), but usage of raw |
|---|
| 45 | pointers should be minimized. |
|---|
| 46 | |
|---|
| 47 | Objects allocated by operator new should be assigned to a smart |
|---|
| 48 | pointer instance immediately upon their construction, so that they can |
|---|
| 49 | be automatically deleted after use. BDM implements its own |
|---|
| 50 | reference-counted smart pointer template, bdm::shared_ptr, whose |
|---|
| 51 | interface and semantics are close to the proposed standard |
|---|
| 52 | std::tr1:shared_ptr (which is planned to replace bdm::shared_ptr once |
|---|
| 53 | it becomes widely available). Note that objects allocated on the stack |
|---|
| 54 | \b must \b not have their addresses passed to shared_ptr - that is a |
|---|
| 55 | bug leading to intermittent runtime errors. |
|---|
| 56 | |
|---|
| 57 | Non-null heap pointers may also be kept in instances of object_ptr, |
|---|
| 58 | which is convertible to (and from) shared_ptr. The SHAREDPTR macro (or |
|---|
| 59 | SHAREDPTR2, for templated types) defines standartized names for these |
|---|
| 60 | instances, simplifying library usage: |
|---|
| 61 | |
|---|
| 62 | \code |
|---|
| 63 | /* |
|---|
| 64 | egamma_ptr is typedef for object_ptr<egamma>, whose default |
|---|
| 65 | constructor calls new egamma() |
|---|
| 66 | */ |
|---|
| 67 | egamma_ptr eG; |
|---|
| 68 | eG->set_parameters ( a, b ); |
|---|
| 69 | |
|---|
| 70 | epdf_array Coms ( 2 ); // epdf_array is typedef for Array<shared_ptr<epdf> > |
|---|
| 71 | Coms ( 0 ) = eG; // object_ptr<T> is derived from shared_ptr<T> |
|---|
| 72 | |
|---|
| 73 | /* |
|---|
| 74 | The egamma instance doesn't leak: if the shared_ptr instance which |
|---|
| 75 | wraps it isn't assigned to anything else, the pointer is deleted by |
|---|
| 76 | the destructor of either object_ptr, or Array, whichever runs last. |
|---|
| 77 | */ |
|---|
| 78 | \endcode |
|---|
| 79 | |
|---|
| 80 | Pointers kept in object fields should be wrapped in a shared_ptr |
|---|
| 81 | instance, which will automatically keep them valid (at least) for the |
|---|
| 82 | lifetime of the containing object. When that isn't possible, it should |
|---|
| 83 | be documented why their containing class doesn't delete them and who |
|---|
| 84 | does. |
|---|
| 85 | |
|---|
| 86 | Pointers passed as arguments into functions (and methods) are |
|---|
| 87 | generally not expected to stay valid after the function returns - when |
|---|
| 88 | that is required, the parameter's documentation should specify the |
|---|
| 89 | required scope: |
|---|
| 90 | |
|---|
| 91 | \code |
|---|
| 92 | /* the pointer must stay valid for the lifetime of the object */ |
|---|
| 93 | CurrentContext ( const char *name, int idx ); |
|---|
| 94 | \endcode |
|---|
| 95 | |
|---|
| 96 | A simpler alternative is just to pass a shared pointer: |
|---|
| 97 | |
|---|
| 98 | \code |
|---|
| 99 | class mepdf : public mpdf |
|---|
| 100 | { |
|---|
| 101 | shared_ptr<epdf> iepdf; |
|---|
| 102 | public: |
|---|
| 103 | mepdf (shared_ptr<epdf> em) { |
|---|
| 104 | iepdf = em; |
|---|
| 105 | \endcode |
|---|
| 106 | |
|---|
| 107 | In the case above, passing a (constant) reference to shared_ptr<epdf> |
|---|
| 108 | might be more efficient, but no measurements have been performed. |
|---|
| 109 | |
|---|
| 110 | Functions returning raw pointers should document the scope of their |
|---|
| 111 | validity: |
|---|
| 112 | |
|---|
| 113 | \code |
|---|
| 114 | /* |
|---|
| 115 | Returns the stored pointer (which remains owned by this |
|---|
| 116 | instance). |
|---|
| 117 | */ |
|---|
| 118 | T *get(); |
|---|
| 119 | \endcode |
|---|
| 120 | |
|---|
| 121 | Functions gnerally shouldn't return raw pointers allocated by operator |
|---|
| 122 | new - such pointers should be wrapped in an instance of shared_ptr, so |
|---|
| 123 | that the pointer's unlimited life expectancy is encoded in the |
|---|
| 124 | function signature: |
|---|
| 125 | |
|---|
| 126 | \code |
|---|
| 127 | virtual shared_ptr<epdf> marginal (const RV &rv) const; |
|---|
| 128 | \endcode |
|---|
| 129 | |
|---|
| 130 | */ |
|---|
