Accessing memory after destroy

Eugene Wissner via Digitalmars-d digitalmars-d at puremagic.com
Sat Jul 29 13:53:01 PDT 2017


On Saturday, 29 July 2017 at 20:44:30 UTC, Johan Engelen wrote:
> I'd like to check a bit of info I need for Address Sanitizer 
> checking.
>
> The spec says [1]:
> Use the destroy function to finalize an object by calling its 
> destructor. The memory of the object is not immediately 
> deallocated, instead the GC will collect the memory of the 
> object at an undetermined point after finalization:
> ```
>   class Foo { int x; this() { x = 1; } }
>   Foo foo = new Foo;
>   destroy(foo);
>   assert(foo.x == int.init);  // object is still accessible
> ```
>
> This tells me 2 things that I'd like to verify:
> 1. The destroyed memory is set to the type's `.init` value. 
> (but the Ctor is not called)
> 2. It is _valid_ to access the memory after calling destroy.
>
> Point 2 is worrying: what if there is a thread switch right 
> after destroy, in which a GC collect happens?
>
> Thanks,
>   Johan
>
> [1] https://dlang.org/spec/class.html#deallocators

For 1) look at rt_finalize2 in rt/lifetime.d*. It is the function 
called by destroy. It sets the class to its init value:

auto w = (*pc).initializer;
p[0 .. w.length] = w[];

So it will memcpy Foo.initializer into foo.

For 2) I think you're right, it seems to be unsafe to access the 
object after destroying.


* 
https://github.com/dlang/druntime/blob/3485ff859a29ba44e7949bc49e62d5dd3a2a9ff0/src/rt/lifetime.d#L1402


More information about the Digitalmars-d mailing list