C ++中xmalloc的正确模拟

Question

Two simple questions: In plain C we frequently use xmalloc which is a allocate-or-abort routine. I implemented it in C++. Is this a right exception-free implementation?

template <typename T>
T *xnew(const size_t n)
{
    T *p = new (std::nothrow) T[n];
    if (p == nullptr)
    {
        cerr << "Not enough memory\n";
        abort();
    }
    return p;
}

int main()
{
    int *p = xnew<int>(5000000000LL);
}

Second question, if I remove the <int> from the xnew<int>(5000000000LL); call, compiler (g++ 4.7.2) cannot infere that [T = int] anymore although the return type int * is still there. Why is that?

Edit: Isn't there any overhead when using the new version which could throw exception even if it's not thrown? I really don't want to use any exceptions when not absolutely necessary.

Answer 1

I fail to see why this is necessary. new will throw std::bad_alloc if it fails to allocate memory. If you don't handle exceptions, this will lead to a call to std::terminate which effectively ends the program and has the same behavior as xmalloc .

Of course, this changes when your compiler does not implement exceptions.

Answer 2

Second question, if I remove the <int> from the xnew<int>(5000000000LL); call, compiler (g++ 4.7.2) cannot infere that [T = int] anymore although the return type int * is still there. Why is that?

Function template arguments are deduced only from the types of the argument expressions in the function call. Since T doesn't appear in the function parameters in any way, it cannot be deduced.

What you do with the return value of the function call doesn't affect template argument deduction in C++, ever. If you write int *p = some_function(5000000000LL); then int* is not necessarily the return type of some_function , it's a type to which the compiler will attempt to convert the return type of some_function .

So the proximal reason that the compiler can't deduce int is that the standard forbids it (at least, without a diagnostic). The ultimate reason is that the designers of C++ (probably Stroustrup originally) wanted to limit the things taken into consideration for deduction, to keep the rules if not simple then at least comprehensible to mortal minds.

There's a rule in C++ that the type of a sub-expression only depends on the sub-expression itself, not on the surrounding expression. And AFAIK there's only one exception, which is when a function pointer or member-function pointer is ambiguous:

void foo();
void foo(int);

void (*pfoo1)() = &foo; // &foo evaluates to a pointer to the void overload
void (*pfoo2)(int) = &foo; // &foo evaluates to a pointer to the int overload
void (*pfoo3)() = (void(*)(int))&foo; // &foo evaluates to the int overload, but doesn't convert to the type of pfoo3 so the line fails.

Answer 3

This code is not guaranteed to be 100% safe because operator<<() could throw . Practically it's not widespread case because to throw there shall be some rare conditions met:

1. std::cerr has badbit set in its exceptions() mask (by default it's not)
2. Exception is thrown during output

In this case exception will be rethrown and memory will leak.

About removing <int> from template function call expression - of course it will not work. Compiler could deduce template arguments type only from call expression itself, not from lvalue type that it will be assigned. So template arguments that you want to be auto-deduced shall be function arguments, not return type:

template <class T> T f1();
template <class T> T f2(T);

int a = f1();   // Will not compile, shall be f1<int>();
int b = f2(42); // OK

Exceptions overhead actually depends on implementation. I believe modern compilers are smart enough to avoid such overhead if possible, but you shall check it with your platform to be sure.

Answer 4

If you want to avoid an exception throwing new (for whatever reason - maybe you're working on a platform where exceptions aren't supported, like some embedded platforms), you can provide a new_handler to abort the program if new can't allocate memory:

#include <stdlib.h>

#include <iostream>
#include <new>

namespace {
    void new_handler_abort()
    {
        std::cerr << "Not enough memory\n";
        abort();
    }

    struct new_handler_abort_installer {

        new_handler_abort_installer() {
            std::set_new_handler(new_handler_abort);
        }

    };


    // a statically allocated object that does nothing but install the
    //  new_handler_abort() function as the new_handler

    new_handler_abort_installer install_new_handler_abort;
}

Merely including this source file as part of your program will install a new_handler that will abort the program is new has trouble allocating memory.

However:

• it's not deterministic when this init will be done (other than it'll happen before main() is called). So if you run into memory problems before main() , it might not do exactly what you want.
• the compiler may still add code to support exception handling, and for some compilers that includes code that occurs on each call to operator new so there may still be some small amount of overhead spent to deal with exceptions that will never occur (newer compilers may avoid this overhead by using a table-driven stack unwind that avoids having to run code to set up exceptions on each call).