Date: Sat, 23 Aug 2025 05:05:05 +0100
Sent from my Galaxy
On Fri, Aug 22, 2025 at 11:04 PM organicoman via Std-Proposals<std-proposals_at_[hidden]> wrote:>> Hello,> One of the recurring bugs in c++ is use after free.> I'm wondering, why the delete operator doesn't take the pointer parameter by reference and nullify it?> So instead of> void operator delete(void* p);> It becomes> void operator delete(void* &p);> And it assigns the value nullptr to p after freeing its corresponding memory.> Look at this example:> ---------> {> int* p = new int(42);> int* const& to_p = p; // as a guideline> delete p; // if taken by reference an nullified> *p; // this will be a guaranteed runtime error> *to_p; // and all previous copies obey too> }> ---------Does the standard mandate that dereferencing the null pointer is a"guaranteed runtime error"? Because, last time I checked, it wasundefined behavior that's no different from dereferencing a pointer toan object past its lifetime.So from the perspective of the standard, this would do absolutelynothing different.Standard wise you are right, but OS wise it's a segfault, and that's more important. > On top of that, basically we need just to add a guideline that mandate:> -All duplication of a pointer should be by reference if modifying, or const reference if not.If it's a reference, then it's not a duplicate (aka, a copy). So thisrule is contradictory.I used 'copies' as comment only, but the snippet is clear that's a reference. > So it is guaranteed that if you free the memory using any of the references, all copies will be nullptr.>> So, is there any constraints to prevents this other than breaking old code?>> Regards>>>> Sent from my Galaxy>> --> Std-Proposals mailing list> Std-Proposals_at_[hidden]> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals-- Std-Proposals mailing listStd-Proposals_at_[hidden]://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
On Fri, Aug 22, 2025 at 11:04 PM organicoman via Std-Proposals<std-proposals_at_[hidden]> wrote:>> Hello,> One of the recurring bugs in c++ is use after free.> I'm wondering, why the delete operator doesn't take the pointer parameter by reference and nullify it?> So instead of> void operator delete(void* p);> It becomes> void operator delete(void* &p);> And it assigns the value nullptr to p after freeing its corresponding memory.> Look at this example:> ---------> {> int* p = new int(42);> int* const& to_p = p; // as a guideline> delete p; // if taken by reference an nullified> *p; // this will be a guaranteed runtime error> *to_p; // and all previous copies obey too> }> ---------Does the standard mandate that dereferencing the null pointer is a"guaranteed runtime error"? Because, last time I checked, it wasundefined behavior that's no different from dereferencing a pointer toan object past its lifetime.So from the perspective of the standard, this would do absolutelynothing different.Standard wise you are right, but OS wise it's a segfault, and that's more important. > On top of that, basically we need just to add a guideline that mandate:> -All duplication of a pointer should be by reference if modifying, or const reference if not.If it's a reference, then it's not a duplicate (aka, a copy). So thisrule is contradictory.I used 'copies' as comment only, but the snippet is clear that's a reference. > So it is guaranteed that if you free the memory using any of the references, all copies will be nullptr.>> So, is there any constraints to prevents this other than breaking old code?>> Regards>>>> Sent from my Galaxy>> --> Std-Proposals mailing list> Std-Proposals_at_[hidden]> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals-- Std-Proposals mailing listStd-Proposals_at_[hidden]://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
Received on 2025-08-23 04:05:12