CERT C++: MEM53-CPP

Explicitly construct and destruct objects when manually managing object lifetime

Since R2022b

Description

Rule Definition

Explicitly construct and destruct objects when manually managing object lifetime.¹

Polyspace Implementation

The rule checker checks for Object allocated but not initialized. Polyspace^® does not look for explicit destruction of manually managed objects.

Examples

expand all

Object Allocated But Not Initialized

Issue

This issue occurs when a nontrivially constructible object is created by calling functions such as std::malloc() or std::allocator<T>::allocate(). These functions allocate memory for objects but do not initialize them. To check if a class is trivially constructible, use the function std::is_trivially_constructible. See https://en.cppreference.com/w/cpp/types/is_constructible.

Polyspace checks for this issue in classes that has a defined constructor. If a class lacks a defined constructor, Polyspace does not report violations of this rule.

Risk

Calling the function malloc() or std::allocator<T>::allocate() allocates the memory necessary for an object, but does not start the lifetime of the allocated object. Using these functions to construct an object might cause you to access class members before their lifetime starts. Accessing objects before their lifetime is an undefined behavior. For instance:

class myObj {
	myObj();

	void myFunc();
};

void foo() {
	//Allocating sufficient memory
	myObj* obj = static_cast<myObj*>(std::malloc(sizeof(myObj)));
	// Accessing myObj::myFunc
	obj->myFunc();


}

The code allocates sufficient memory for the object obj by calling the function std::malloc(). The function malloc() does not initiate the lifetime of obj and its members. In obj->myFunc, you access muFunc() before its lifetime, which is an undefined behavior.

Fix

When using the function std::malloc() or std::allocator<T>::allocate() to construct an object, explicitly complete the construction by using the placement-new operator. This step starts the lifetime of the object and prevent the undefined behavior resulting from accessing objects before their lifetime.

Example — Accessing Objects Before Lifetime

#include <memory>
template <typename T, typename Allocator = std::allocator<T>>
class customManager{
	T* memChunk;
public:
	void Allocate(){
		Allocator alloc;
		T* p = alloc.allocate(1);
		memChunk = p;
	}
	
	void Deallocate(){
		//...
	}
	T* access(){
		//..
		return memChunk;
	}
};

class myClass{
public:
	myClass(){}
	int num;
	void getNum(){};//Noncompliant

};
void foo(){
	customManager<myClass> managedObj;
	managedObj.Allocate();
	(managedObj.access())->getNum();}

In this example, the template customManager manages memory for a class. In the function foo, this template is used to manage a myClass object. The function CustomManager::Allocate allocates memory but does not initiate the lifetime of its client objects. Accessing myClass::getnum() after allocating managedObj results in accessing an object before its lifetime, which is undefined behavior. Polyspace reports a violation of this rule.

Correction — Explicitly Initiate Object Lifetime

Explicitly start the lifetime of the objects after allocating memory for them. For instance, after calling alloc.allocate(), initiate the lifetime of the client objects by calling the placement new operator.

#include <memory>
template <typename T, typename Allocator = std::allocator<T>>
class customManager{
	T* memChunk;
public:
	void Allocate(){
		Allocator alloc;
		T* p = alloc.allocate(1);
		memChunk = new (p) T;//Lifetime of the object starts
	}
	
	void Deallocate(){
		//...
	}
	T* access(){
		//..
		return memChunk;
	}
};

class myClass{
public:
	myClass(){}
	int num;
	void getNum(){};
};
void foo(){
	customManager<myClass> managedObj;
	managedObj.Allocate();
	(managedObj.access())->getNum();
}

Check Information

Group: 06. Memory Management (MEM)

Version History

Introduced in R2022b

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.