Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deleting a pointer when the static type and dynamic types are similar is potentially UB CWG2474 #4305

Closed
leni536 opened this issue Oct 29, 2020 · 3 comments
Closed

deleting a pointer when the static type and dynamic types are similar is potentially UB CWG2474 #4305

leni536 opened this issue Oct 29, 2020 · 3 comments
Labels
cwg Issue must be reviewed by CWG. not-editorial Issue is not deemed editorial; the editorial issue is kept open for tracking.

Comments

@leni536
Copy link

leni536 commented Oct 29, 2020

http://eel.is/c++draft/expr.delete#3

In a single-object delete expression, if the static type of the object to be deleted is different from its dynamic type and the selected deallocation function (see below) is not a destroying operator delete, the static type shall be a base class of the dynamic type of the object to be deleted and the static type shall have a virtual destructor or the behavior is undefined.
In an array delete expression, if the dynamic type of the object to be deleted differs from its static type, the behavior is undefined.

"static type" and "dynamic type" includes cv qualification. By the standard wording invoking foo and bar is undefined behavior in the following code:

struct A {};
void foo() {
    A* ptr = new A{};
    const A* cptr = ptr;
    delete cptr;
}

void bar() {
    int i = 42;
    int ** ptr1 = new int*(&i);
    int const * const* ptr2 = ptr1;
    delete ptr2; 
}

Proposed changes:

In a single-object delete expression, if the static type of the object to be deleted is different from not similar to its dynamic type and the selected deallocation function (see below) is not a destroying operator delete, the static type shall be a base class of the dynamic type of the object to be deleted and the static type shall have a virtual destructor or the behavior is undefined.
In an array delete expression, if the dynamic type of the object to be deleted differs from is not similar to its static type, the behavior is undefined.
@jensmaurer
Copy link
Member

This does not seem editorial to me.

@jensmaurer jensmaurer added cwg Issue must be reviewed by CWG. not-editorial Issue is not deemed editorial; the editorial issue is kept open for tracking. labels Dec 6, 2020
@jensmaurer
Copy link
Member

CWG 2020-12-07: Differences in cv-qualifiers should not cause UB, but missing array bounds are problematic. Thus, "similar" is not the right property to apply. This will be addressed in a core issue.

@leni536
Copy link
Author

leni536 commented Jul 10, 2021

I see that this become CWG2474, and the change is already applied to the current draft. As this wasn't an editorial issue anyway, I feel it is appropriate to close this.

My thoughts on arrays of unknown bound:

I think they only cause an issue when the operand of the delete expression is a pointer to an array of unknown bound, they don't cause a problem when they are deeper in the type (like int (**)[]).

In general the problem is when the operand of the delete expression is a pointer to an incomplete type, however the standard only discusses deleting an object of incomplete class type.

If the object being deleted has incomplete class type at the point of deletion and the complete class has a non-trivial destructor or a deallocation function, the behavior is undefined.

I think an array delete expression with an operand of type T (*)[N] is similarly problematic, if T is an incomplete class type.

I think the following wording would resolve this:

If the operand is a pointer to an incomplete type and the type of the deleted object is not trivially destructible, or it has a deallocation function, the behavior is undefined.

@leni536 leni536 closed this as completed Jul 10, 2021
@jensmaurer jensmaurer changed the title deleting a pointer when the static type and dynamic types are similar is potentially UB deleting a pointer when the static type and dynamic types are similar is potentially UB CWG2474 Jul 10, 2021
@jensmaurer jensmaurer mentioned this issue Jul 10, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cwg Issue must be reviewed by CWG. not-editorial Issue is not deemed editorial; the editorial issue is kept open for tracking.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leni536 @jensmaurer