The C programming language provides several ways to allocate memory, such as std::malloc(), std::calloc(), and std::realloc(), which can be used by a C++ program. However, it the C programming language defines only a single way to free the allocated memory: std::free(). See MEM31-C. Free dynamically allocated memory when no longer needed and MEM34-C. Only free memory allocated dynamically for rules specifically regarding C allocation and deallocation requirements.
The C++ programming language adds additional ways to allocate memory, such as the operators new, new[], and placement new, and allocator objects. Unlike C, C++ provides multiple ways to free dynamically allocated memory, such as the operators delete, delete[](), and deallocation functions on allocator objects.
Do not call a deallocation function on anything other than nullptr, or a pointer returned by the corresponding allocation function described by the following:
| Allocator | Deallocator |
|---|---|
global operator new()/new | global operator delete()/delete |
global operator new[]()/new[] | global operator delete[]()/delete[] |
class-specific operator new()/new | class-specific operator delete()/delete |
class-specific operator new[]()/new[] | class-specific operator delete[]()/delete[] |
placement operator new() | N/A |
allocator<T>::allocate() |
|
std::malloc(), std::calloc(),std::realloc() | std::free() |
std::get_temporary_buffer() | std::return_temporary_buffer() |
...
The C++ Standard, [expr.delete], paragraph 2 [ISO/IEC 14882-2014], states in part, states the following:
In the first alternative (delete object), the value of the operand of
deletemay be a null pointer value, a pointer to a non-array object created by a previous new-expression, or a pointer to a subobject (1.8) representing a base class of such an object (Clause 10). If not, the behavior is undefined. In the second alternative (delete array), the value of the operand ofdeletemay be a null pointer value or a pointer value that resulted from a previous array new-expression. If not, the behavior is undefined.
Deallocating a pointer that is not allocated dynamically (including non-dynamic pointers returned from calls to placement new()) is undefined behavior because the pointer value was not obtained by an allocation function. Deallocating a pointer that has already been passed to a deallocation function is undefined behavior because the pointer value no longer points to memory that has been dynamically allocated.
Note that when When an operator such as new is called, it results in a call to an overloadable operator of the same name, such as operator new(). These overloadable functions can be called directly but carry the same restrictions as their operator counterparts. That is, calling operator delete() and passing a pointer parameter has the same constraints as calling the delete operator on that pointer. Further note that , the overloads are subject to scope resolution, so it is possible (but not permissible) to call a class-specific operator to allocate an object but a global operator to deallocate the object.
...
This compliant solution removes the call to ::operator delete(), allowing s1 to be destroyed as a result of its normal object lifetime termination:.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <iostream>
struct S {
S() { std::cout << "S::S()" << std::endl; }
~S() { std::cout << "S::~S()" << std::endl; }
};
void f() {
S s1;
S *s2 = new (&s1) S;
// ...
} |
...
This compliant solution initializes both pointer values to nullptr, which is a valid value to pass to ::operator delete():.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <new>
void f() {
int *i1 = nullptr, *i2 = nullptr;
try {
i1 = new int;
i2 = new int;
} catch (std::bad_alloc &) {
delete i1;
delete i2;
}
} |
...
In this noncompliant code example, the class C is given ownership of a P *, which is subsequently deleted by the class destructor. The C++ Standard, [class.copy], paragraph 7 , states [ISO/IEC 14882-2014], states the following:
If the class definition does not explicitly declare a copy constructor, one is declared implicitly. If the class definition declares a move constructor or move assignment operator, the implicitly declared copy constructor is defined as deleted; otherwise, it is defined as defaulted (8.4). The latter case is deprecated if the class has a user-declared copy assignment operator or a user-declared destructor.
Despite the presence of a user-declared destructor, C will have an implicitly defaulted copy constructor defined for it, and this defaulted copy constructor will copy the pointer value stored in p, resulting in a double-free: the first free happens when g() exits , and the second free happens when h() exits.
...
In the following noncompliant code example, an array is allocated with array new[] but is deallocated with a scalar delete call instead of an array delete[] call, resulting in undefined behavior:.
| Code Block | ||||
|---|---|---|---|---|
| ||||
void f() {
int *array = new int[10];
// ...
delete array;
} |
...
In the compliant solution, the code is fixed by replacing the call to delete with a call to delete [] to adhere to the correct pairing of memory allocation and deallocation functions:.
| Code Block | ||||
|---|---|---|---|---|
| ||||
void f() {
int *array = new int[10];
// ...
delete[] array;
}
|
...
In this compliant solution, the pointer allocated by std::malloc() is deallocated by a call to std::free() instead of delete:.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <cstdlib>
void f() {
int *i = static_cast<int *>(std::malloc(sizeof(int)));
// ...
std::free(i);
} |
...
In this noncompliant code example, std::free() is called to deallocate memory that was allocated by new. A common side effect of the undefined behavior caused by using the incorrect deallocation function is that destructors will not be called for the object being deallocated by std::free().
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <cstdlib>
struct S {
~S();
};
void f() {
S *s = new S();
// ...
std::free(s);
} |
...
In this compliant solution, the pointer allocated by new is deallocated by calling delete instead of std::free():.
| Code Block | ||||
|---|---|---|---|---|
| ||||
struct S {
~S();
};
void f() {
S *s = new S();
// ...
delete s;
} |
...
In this noncompliant code example, the global new operator is overridden by a class-specific implementation of operator new(). When new is called, the class-specific override is selected, and so S::operator new() is called. However, because the object is destroyed with a scoped ::delete operator, the global operator delete() function is called instead of the class-specific implementation S::operator delete(), resulting in undefined behavior.
...
In this compliant solution, the scoped ::delete call is replaced by a nonscoped delete call, resulting in S::operator delete() being called:.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <cstdlib>
#include <new>
struct S {
static void *operator new(std::size_t size) noexcept(true) {
return std::malloc(size);
}
static void operator delete(void *ptr) noexcept(true) {
std::free(ptr);
}
};
void f() {
S *s = new S;
delete s;
} |
...
| [Dowd 2007] | "Attacking delete and delete [] in C++" | ||
| [Henricson 1997] | Rule 8.1, "delete should only be used with new"Rule 8.2, " delete [] should only be used with new []" | ||
| [ISO/IEC 14882-2014] | Subclause 5.3.5, "Delete" | ||
| [Meyers 2005] | Item 16, "Use the Same Form in Corresponding Uses of new and delete" | ||
| [Seacord 2013] | Chapter 4, "Dynamic Memory Management" | ||
| [Viega 05] | "Doubly Freeing Memory" | ||
...