{"id":5787,"date":"2019-10-01T04:40:36","date_gmt":"2019-10-01T04:40:36","guid":{"rendered":"https:\/\/www.modernescpp.com\/index.php\/c-core-guidelines-lifetime-safety\/"},"modified":"2023-06-26T10:00:30","modified_gmt":"2023-06-26T10:00:30","slug":"c-core-guidelines-lifetime-safety","status":"publish","type":"post","link":"https:\/\/www.modernescpp.com\/index.php\/c-core-guidelines-lifetime-safety\/","title":{"rendered":"C++ Core Guidelines: Lifetime Safety And Checking the Rules"},"content":{"rendered":"<p>The lifetime safety profile in the C++ core guidelines boils down to one issue: don&#8217;t dereference a possible invalid pointer. A pointer may be invalid because it is not initialized or the <code class=\"highlighter-rouge no-highlight\"><span style=\"font-family: courier new, courier;\">nullptr<\/span>. <\/code>A pointer may also point beyond its rage or to a deleted object.<\/p>\n<p><!--more--><\/p>\n<div id=\"simple-translate\">&nbsp;<img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-5782\" src=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/cemetery.jpg\" alt=\"cemetery\" width=\"600\" height=\"307\" style=\"display: block; margin-left: auto; margin-right: auto;\" srcset=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/cemetery.jpg 1280w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/cemetery-300x153.jpg 300w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/cemetery-1024x523.jpg 1024w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/cemetery-768x392.jpg 768w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/div>\n<div>&nbsp;<\/div>\n<h3><span class=\"ez-toc-section\" id=\"i\"><\/span>&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h2><span class=\"ez-toc-section\" id=\"Lifetime_Safety\"><\/span>Lifetime Safety<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h5 id=\"impact-2\">When you don&#8217;t dereference a possible invalid pointer, the impact on your program is, according to the C++ core guidelines manifold:<\/h5>\n<ul>\n<li>eliminates one of the significant sources of nasty errors in C++<\/li>\n<li>eliminates a significant source of potential security violations<\/li>\n<li>improves performance by eliminating redundant \u201cparanoia\u201d checks<\/li>\n<li>increases confidence in the correctness of code<\/li>\n<li>avoids undefined behavior by enforcing an essential C++ language rule<\/li>\n<\/ul>\n<p>Honestly, dealing with pointers is part of a bigger story: ownership. Ownership means that at each point in time, it must be evident who is responsible for managing the lifetime of an object. Roughly speaking, C++11 supports six kinds of ownership:<\/p>\n<ul>\n<li><strong>Local objects<\/strong>. The C++ runtime, as the owner, automatically manages the lifetime of these resources. The same holds for global objects or members of a class. The guidelines call them scoped objects.<\/li>\n<li><strong>References<\/strong>: I&#8217;m not the owner. I only borrowed the resource that cannot be empty.<\/li>\n<li><strong>Raw pointers<\/strong>: I&#8217;m not the owner. I only borrowed the resource that can be can be empty. I must not delete the resource.<\/li>\n<li><strong><span style=\"font-family: courier new, courier;\">std::unique_ptr<\/span><\/strong>: I&#8217;m the exclusive owner of the resource. I may explicitly release the resource.<\/li>\n<li><strong><span style=\"font-family: courier new, courier;\">std::shared_ptr<\/span><\/strong>: I share the resource with another shared pointer. I may explicitly release my shared ownership.<\/li>\n<li><strong><span style=\"font-family: courier new, courier;\">std::weak_ptr<\/span><\/strong>: I&#8217;m not the owner of the resource, but I may become temporary the shared owner of the resource by using the method <a href=\"http:\/\/en.cppreference.com\/w\/cpp\/memory\/weak_ptr\/lock\"><span style=\"font-family: courier new, courier;\">std::weak_ptr::lock<\/span><\/a>.<\/li>\n<\/ul>\n<p>Compare this fine-grained ownership semantic with a raw pointer. Now you know what I like about modern C++.<\/p>\n<p>You may ask yourself: Having rules is fine, but how can I check that my code follows these rules? Thanks to the Guidelines Support Library (GSL), the rules of the C++ core guidelines can automatically be checked.&nbsp;<\/p>\n<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Checking_the_Rules_of_the_Guidelines\"><\/span>Checking the Rules of the Guidelines<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The GSL is a small library for supporting the C++ core guidelines. They are already a few implementations of the GSL available.<\/p>\n<p>The GSL is a header-only library. Hence, you can use the functions and types of the library quite easily. The best-known implementation is the one from Microsoft, hosted at GitHub: <a href=\"https:\/\/github.com\/Microsoft\/GSL\">Microsoft\/GSL<\/a>. The Microsoft version requires C++14 support and runs on various platforms. Here are a few quite popular platforms:<\/p>\n<ul>\n<li>Windows using Visual Studio 2015<\/li>\n<li>Windows using Visual Studio 2017<\/li>\n<li>Windows using Visual Studio 2019<\/li>\n<li>Windows using Clang\/LLVM 3.6<\/li>\n<li>Windows using Clang\/LLVM 7.0.0<\/li>\n<li>Windows using GCC 5.1<\/li>\n<li>Windows using Intel C++ Compiler 18.0<\/li>\n<li>GNU\/Linux using Clang\/LLVM 3.6-3.9<\/li>\n<li>GNU\/Linux using Clang\/LLVM 4.0<\/li>\n<li>GNU\/Linux using Clang\/LLVM 5.0<\/li>\n<li>GNU\/Linux using Clang\/LLVM 6.0<\/li>\n<li>GNU\/Linux using Clang\/LLVM 7.0<\/li>\n<li>GNU\/Linux using GCC 5.1<\/li>\n<\/ul>\n<p>Let&#8217;s see what I can achieve with the GSL. Here is a program that breaks <a href=\"https:\/\/www.modernescpp.com\/index.php\/c-core-guidelines-the-profiles-type-safety-bounds-safety-and-lifetime-safety\">Type Safety<\/a>, <a href=\"https:\/\/www.modernescpp.com\/index.php\/c-core-guidelines-bounds-safety\">Bounds Safey<\/a>, and Lifetime Safety.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Break_of_Type_Safety_Bounds_Safety_and_Lifetime_Safety\"><\/span>Break of Type Safety, Bounds Safety, and Lifetime Safety<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div style=\"background: #f0f3f3; overflow: auto; width: auto; gray;border-width: .1em .1em .1em .8em;\">\n<pre style=\"margin: 0; line-height: 125%;\"><span style=\"color: #0099ff; font-style: italic;\">\/\/ gslCheck.cpp<\/span>\r\n\r\n<span style=\"color: #009999;\">#include &lt;iostream&gt;<\/span>\r\n\r\n<span style=\"color: #007788; font-weight: bold;\">void<\/span> <span style=\"color: #cc00ff;\">f<\/span>(<span style=\"color: #007788; font-weight: bold;\">int<\/span><span style=\"color: #555555;\">*<\/span> p, <span style=\"color: #007788; font-weight: bold;\">int<\/span> count) {\r\n}\r\n\r\n<span style=\"color: #007788; font-weight: bold;\">void<\/span> <span style=\"color: #cc00ff;\">f2<\/span>(<span style=\"color: #007788; font-weight: bold;\">int<\/span><span style=\"color: #555555;\">*<\/span> p) {\r\n    <span style=\"color: #007788; font-weight: bold;\">int<\/span> x <span style=\"color: #555555;\">=<\/span> <span style=\"color: #555555;\">*<\/span>p;\r\n}\r\n\r\n<span style=\"color: #007788; font-weight: bold;\">int<\/span> <span style=\"color: #cc00ff;\">main<\/span>() {\r\n\r\n    <span style=\"color: #0099ff; font-style: italic;\">\/\/ Break of type safety<\/span>\r\n    <span style=\"color: #0099ff; font-style: italic;\">\/\/ use of a c-cast<\/span>\r\n    <span style=\"color: #007788; font-weight: bold;\">double<\/span> d <span style=\"color: #555555;\">=<\/span> <span style=\"color: #ff6600;\">2<\/span>;\r\n    <span style=\"color: #006699; font-weight: bold;\">auto<\/span> p <span style=\"color: #555555;\">=<\/span> (<span style=\"color: #007788; font-weight: bold;\">long<\/span><span style=\"color: #555555;\">*<\/span>)<span style=\"color: #555555;\">&amp;<\/span>d;\r\n    <span style=\"color: #006699; font-weight: bold;\">auto<\/span> q <span style=\"color: #555555;\">=<\/span> (<span style=\"color: #007788; font-weight: bold;\">long<\/span> <span style=\"color: #007788; font-weight: bold;\">long<\/span><span style=\"color: #555555;\">*<\/span>)<span style=\"color: #555555;\">&amp;<\/span>d;\r\n\r\n    <span style=\"color: #0099ff; font-style: italic;\">\/\/ Break of bounds safety<\/span>\r\n    <span style=\"color: #0099ff; font-style: italic;\">\/\/ array to pointer decay<\/span>\r\n    <span style=\"color: #007788; font-weight: bold;\">int<\/span> myArray[<span style=\"color: #ff6600;\">100<\/span>];\r\n    f(myArray, <span style=\"color: #ff6600;\">100<\/span>);\r\n\r\n    <span style=\"color: #0099ff; font-style: italic;\">\/\/ Break of Lifetime Safety<\/span>\r\n    <span style=\"color: #0099ff; font-style: italic;\">\/\/ a is not valid<\/span>\r\n    <span style=\"color: #007788; font-weight: bold;\">int<\/span><span style=\"color: #555555;\">*<\/span> a <span style=\"color: #555555;\">=<\/span> <span style=\"color: #006699; font-weight: bold;\">new<\/span> <span style=\"color: #007788; font-weight: bold;\">int<\/span>;\r\n    <span style=\"color: #006699; font-weight: bold;\">delete<\/span> a;\r\n    f2(a);\r\n\r\n}\r\n<\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>The comments in the source code document my issues. Let me start Visual Studio 2019 and show my steps to visualize the issues.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Enable_Code_Analysis_on_Build\"><\/span>Enable Code Analysis on Build<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-5783\" src=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/EnableCodeAnalysis.PNG\" alt=\"EnableCodeAnalysis\" width=\"600\" height=\"401\" style=\"display: block; margin-left: auto; margin-right: auto;\" srcset=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/EnableCodeAnalysis.PNG 2100w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/EnableCodeAnalysis-300x201.png 300w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/EnableCodeAnalysis-1024x685.png 1024w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/EnableCodeAnalysis-768x514.png 768w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/EnableCodeAnalysis-1536x1028.png 1536w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/EnableCodeAnalysis-2048x1370.png 2048w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>You have to enable the Checkbox. Per default, the three <a href=\"https:\/\/www.modernescpp.com\/index.php\/c-core-guidelines-the-profiles-type-safety-bounds-safety-and-lifetime-safety\">Type Safety<\/a>, <a href=\"https:\/\/www.modernescpp.com\/index.php\/c-core-guidelines-bounds-safety\">Bounds Safety<\/a>, and Lifetime Safety rules are not part of the Microsoft Native Recommended Rules.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Configure_your_Active_Rules\"><\/span>Configure your Active Rules<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>As you can see from the screenshot, I create my ruleset <span style=\"font-family: courier new, courier;\">CheckProfile<\/span>, consisting of the C++ Core Guidelines Bounds Rules, C++ Core Guidelines Type Rules, and C++ Core Guidelines Lifetime Rules.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"i-2\"><\/span>&nbsp;<img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-5784\" src=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/gsl.PNG\" alt=\"gsl\" width=\"600\" height=\"401\" style=\"display: block; margin-left: auto; margin-right: auto;\" srcset=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/gsl.PNG 2100w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/gsl-300x201.png 300w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/gsl-1024x685.png 1024w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/gsl-768x514.png 768w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/gsl-1536x1028.png 1536w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/gsl-2048x1370.png 2048w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"Run_Code_Analysis_on_Solution\"><\/span>Run Code Analysis on Solution<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Applying my set of rules to the code example was quite promising.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-5785\" src=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/check.PNG\" alt=\"check\" width=\"700\" height=\"86\" style=\"display: block; margin-left: auto; margin-right: auto;\" srcset=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/check.PNG 3010w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/check-300x37.png 300w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/check-1024x126.png 1024w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/check-768x94.png 768w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/check-1536x189.png 1536w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/check-2048x252.png 2048w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/p>\n<p>All issues are found. For each issue, such as the first one, I get the line number (17) and the rule of the affected profile (type.4).<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Suppress_Warnings\"><\/span>Suppress Warnings<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sometimes, you want to suppress specific warnings. You can achieve this with attributes. My following example applies two times an array to pointer decay. Only the second call should give a warning.<\/p>\n<div style=\"background: #f0f3f3; overflow: auto; width: auto; gray;border-width: .1em .1em .1em .8em;\">\n<pre style=\"margin: 0; line-height: 125%;\"><span style=\"color: #0099ff; font-style: italic;\">\/\/ gslCheckSuppress.cpp<\/span>\r\n\r\n<span style=\"color: #009999;\">#include &lt;iostream&gt;<\/span>\r\n\r\n<span style=\"color: #007788; font-weight: bold;\">void<\/span> <span style=\"color: #cc00ff;\">f<\/span>(<span style=\"color: #007788; font-weight: bold;\">int<\/span><span style=\"color: #555555;\">*<\/span> p, <span style=\"color: #007788; font-weight: bold;\">int<\/span> count) {\r\n}\r\n\r\n<span style=\"color: #007788; font-weight: bold;\">int<\/span> <span style=\"color: #cc00ff;\">main<\/span>() {\r\n\r\n    <span style=\"color: #007788; font-weight: bold;\">int<\/span> myArray[<span style=\"color: #ff6600;\">100<\/span>];\r\n    \r\n    <span style=\"color: #0099ff; font-style: italic;\">\/\/ Break of bounds safety<\/span>\r\n    [[gsl<span style=\"color: #555555;\">::<\/span>suppress(bounds<span style=\"color: #ff6600;\">.3<\/span>)]] {   <span style=\"color: #0099ff; font-style: italic;\">\/\/ suppress warning<\/span>\r\n        f(myArray, <span style=\"color: #ff6600;\">100<\/span>);\r\n    }\r\n\r\n    f(myArray, <span style=\"color: #ff6600;\">100<\/span>);                <span style=\"color: #0099ff; font-style: italic;\">\/\/ warning           <\/span>\r\n\r\n}\r\n<\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>The attribute <span style=\"font-family: courier new, courier;\">gsl::suppress(bounds.3)<\/span> behaves as expected. It&#8217;s only valid in its scope. The second break of bounds safety is displayed.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-5786\" src=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/checkSuppress.PNG\" alt=\"checkSuppress\" width=\"600\" height=\"72\" style=\"display: block; margin-left: auto; margin-right: auto;\" srcset=\"https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/checkSuppress.PNG 2066w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/checkSuppress-300x36.png 300w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/checkSuppress-1024x122.png 1024w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/checkSuppress-768x92.png 768w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/checkSuppress-1536x184.png 1536w, https:\/\/www.modernescpp.com\/wp-content\/uploads\/2019\/10\/checkSuppress-2048x245.png 2048w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Whats_next\"><\/span>What&#8217;s next?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>I skipped the next section of the C++ core guidelines because I already wrote a post to the <a href=\"https:\/\/www.modernescpp.com\/index.php\/c-core-guideline-the-guidelines-support-library\">Guidelines Support Library<\/a>. The <a href=\"https:\/\/www.modernescpp.com\/index.php\/c-core-guidelines-naming-and-layout-rules\">next chapter<\/a> will be quite controversial: naming and layout rules.<\/p>\n<p>&nbsp;<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The lifetime safety profile in the C++ core guidelines boils down to one issue: don&#8217;t dereference a possible invalid pointer. A pointer may be invalid because it is not initialized or the nullptr. A pointer may also point beyond its rage or to a deleted object.<\/p>\n","protected":false},"author":21,"featured_media":5782,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[372],"tags":[465,466],"class_list":["post-5787","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-modern-c","tag-gsl","tag-safety"],"_links":{"self":[{"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/posts\/5787","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/comments?post=5787"}],"version-history":[{"count":1,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/posts\/5787\/revisions"}],"predecessor-version":[{"id":6771,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/posts\/5787\/revisions\/6771"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/media\/5782"}],"wp:attachment":[{"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/media?parent=5787"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/categories?post=5787"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.modernescpp.com\/index.php\/wp-json\/wp\/v2\/tags?post=5787"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}