C++ Core Guidelines: Lifetime Safety And Checking the Rules

Contents[Show]

The lifetime safety profile in the C++ core guidelines boils down to one issue: don't dereference a possible invalid pointer. A pointer may be invalid because it is not initialised or the nullptr. A pointer may also point beyond its rage or to a deleted object.

 cemetery
 

 

Lifetime Safety

When you don't dereference a possible invalid pointer, the impact to your program is according to the C++ core guidelines manifold:
  • eliminates one of the major sources of nasty errors in C++
  • eliminates a major source of potential security violations
  • improves performance by eliminating redundant “paranoia” checks
  • increases confidence in the correctness of code
  • avoids undefined behaviour by enforcing a key C++ language rule

Honestly, dealing with pointers is part of a bigger story: ownership. Ownership means that at each point in time, it must be obvious, who is responsible for managing the lifetime of an object. Roughly speaking, C++11 support six kinds of ownership:

  • Local objects. The C++ runtime, as the owner automatically manages the lifetime of these resources. The same holds for global objects or members of a class. The guidelines call them scoped objects.
  • References: I'm not the owner. I only borrowed the resource that cannot be empty.
  • Raw pointers: I'm not the owner. I only borrowed the resource that can be can be empty. I must not delete the resource.
  • std::unique_ptr: I'm the exclusive owner of the resource. I may explicitly release the resource.
  • std::shared_ptr: I share the resource with other shared pointer. I may explicitly release my shared ownership.
  • std::weak_ptr: I'm not the owner of the resource, but I may become temporary the shared owner of the resource by using the method std::weak_ptr::lock.

Compare this fine-grained ownership semantic with a raw pointer. Now you know, what I like about modern C++.

Now, you may ask yourself: Having rules is fine but how can I check that my code follows these rules? Thanks to the Guidelines Support Library (GSL) the rules of the C++ core guidelines can automatically be checked. 

Checking the Rules of the Guidelines

The GSL is a small library for supporting the guidelines of the C++ core guidelines. They are already a few implementations of the GSL available.

The GSL is a header-only library, hence, you can use the functions and types of the library quite easily. The best-known implementation is the one from Microsoft, hosted at Github: Microsoft/GSL. The Microsoft version requires C++14 support and runs on various platforms. Here are a few quite popular platforms:

  • Windows using Visual Studio 2015
  • Windows using Visual Studio 2017
  • Windows using Visual Studio 2019
  • Windows using Clang/LLVM 3.6
  • Windows using Clang/LLVM 7.0.0
  • Windows using GCC 5.1
  • Windows using Intel C++ Compiler 18.0
  • GNU/Linux using Clang/LLVM 3.6-3.9
  • GNU/Linux using Clang/LLVM 4.0
  • GNU/Linux using Clang/LLVM 5.0
  • GNU/Linux using Clang/LLVM 6.0
  • GNU/Linux using Clang/LLVM 7.0
  • GNU/Linux using GCC 5.1

Let's see what I can achieve with the GSL. Here is a program, which breaks Type Safety, Bounds Safey, and Lifetime Safety.

Break of Type Safety, Bounds Safety, and Lifetime Safety

// gslCheck.cpp

#include <iostream>

void f(int* p, int count) {
}

void f2(int* p) {
    int x = *p;
}

int main() {

    // Break of type safety
    // use of a c-cast
    double d = 2;
    auto p = (long*)&d;
    auto q = (long long*)&d;

    // Break of bounds safety
    // array to pointer decay
    int myArray[100];
    f(myArray, 100);

    // Break of Lifetime Safety
    // a is not valid
    int* a = new int;
    delete a;
    f2(a);

}

 

The comments in the source code document my issues. Now, let me start Visual Studio 2019 and show my steps to visualise the issues.

Enable Code Analysis on Build

EnableCodeAnalysis

You have to enable the Checkbox. Per default, the three Type Safety, Bounds Safety, and Lifetime Safety rules are not part of the Microsoft Native Recommended Rules.

Configure your Active Rules

As you can see from the screenshot, I create my ruleset CheckProfile, which consisted of the rules C++ Core Guidelines Bounds Rules, C++ Core Guidelines Type Rules, and C++ Core Guidelines Lifetime Rules.

 gsl

Run Code Analysis on Solution

Applying my set of rules to the code example was quite promising.

check

All issues are found. For each issue such as the first one, I get the line number (17), and the rule of the affected profile (type.4).

Suppress Warnings

Sometimes, you want to suppress specific warnings. You can achieve this with attributes. My next example applies two times an array to pointer decay. Only the second call should give a warning.

// gslCheckSuppress.cpp

#include <iostream>

void f(int* p, int count) {
}

int main() {

    int myArray[100];
    
    // Break of bounds safety
    [[gsl::suppress(bounds.3)]] {   // suppress warning
        f(myArray, 100);
    }

    f(myArray, 100);                // warning           

}

 

The attribute gsl::suppress(bounds.3) behaves as expected. It's only valid in its scope. The second break of bounds safety is displayed.

checkSuppress

What's next?

I skip the next section of the C++ core guidelines because I already wrote a post to the Guidelines Support Library. I assume the next chapter will be quite controversial: naming and layout rules.

 

Thanks a lot to my Patreon Supporters: Matt Braun, Roman Postanciuc, Tobias Zindl, Marko, G Prvulovic, Reinhold Dröge, Abernitzke, Frank Grimm, Sakib, Broeserl, António Pina, Sergey Agafyin, Андрей Бурмистров, Jake, GS, Lawton Shoemake, Animus24, Jozo Leko, John Breland, espkk, Louis St-Amour, Venkat Nandam, Jose Francisco, Douglas Tinkham, Kuchlong Kuchlong, Robert Blanch, Truels Wissneth, Kris Kafka, Mario Luoni, Neil Wang, Friedrich Huber, lennonli, Pramod Tikare Muralidhara, Peter Ware, Tobi Heideman, Daniel Hufschläger, Red Trip, Alexander Schwarz, Tornike Porchxidze, Alessandro Pezzato, Evangelos Denaxas, Bob Perry, Satish Vangipuram, Andi Ireland, Richard Ohnemus, Satish Vangipuram, and Michael Dunsky.

 

Thanks in particular to Jon Hess, Lakshman, Christian Wittenhorst, Sherhy Pyton, Dendi Suhubdy, Sudhakar Belagurusamy, Richard Sargeant, Rusty Fleming, and Said Mert Turkal.

 

 

My special thanks to Embarcadero CBUIDER STUDIO FINAL ICONS 1024 Small

 

Seminars

I'm happy to give online seminars or face-to-face seminars worldwide. Please call me if you have any questions.

Bookable (Online)

German

Standard Seminars (English/German)

Here is a compilation of my standard seminars. These seminars are only meant to give you a first orientation.

New

Contact Me

Modernes C++,

RainerGrimmSmall

My Newest E-Books

Course: Modern C++ Concurrency in Practice

Course: C++ Standard Library including C++14 & C++17

Course: Embedded Programming with Modern C++

Course: Generic Programming (Templates)

Course: C++ Fundamentals for Professionals

Interactive Course: The All-in-One Guide to C++20

Subscribe to the newsletter (+ pdf bundle)

Blog archive

Source Code

Visitors

Today 4418

Yesterday 7071

Week 41394

Month 202068

All 6850760

Currently are 191 guests and no members online

Kubik-Rubik Joomla! Extensions

Latest comments