[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]

Re: The new Constructor Bomb stuff

> From: vlad!mark (Mark S. Miller)

Looks good on a skim, with one caveat:  I don't see anything that would
prevent or detect usage of the default operator new.  Since such a usage
leaves the code vulnerable to garbage-collector heisenbugs and constructor
failure problems, it should be a compile- or link-time error if we can
arrange it, a run-time and xlint error if that can't be arranged.

(Unfortunately, a private declaration on operator new(size_t) doesn't work.)

> P.S. To probably be considered obsolete (but not immediately
> retired?):
> 	NEW

Yes.  (But at this point in your letter it would have been good to
describe exactly how to retire each one when it is encountered in old
code.  Check me on this:)

		b = NEW(Whatever(agruments));
becomes:	CONSTRUCT(b,Whatever,(arguments));

		return NEW(Whatever(agruments));
becomes:	RETURN_CONSTRUCT(b,Whatever,(arguments));

If NEW() is used in a more complex expression, it must be divided into
components, one of which uses one of the above cases.

PLANT_CONSTRUCTOR_BOMB_NORMAL_NEW() are simply removed, >WHEN< you
replace all occurrences of:

	new Whatever(...)
	new(...) Whatever(...)

with CONSTRUCT(...) or RETURN_CONSTRUCT(...).  (If you have any instances
of the third case we've got a minor problem...)

(If you're wondering what "PLANT_CONSTRUCTOR_BOMB_NORMAL_NEW()" was
about:  At one point CONSTRUCTOR_BOMB()s had to be upgraded to use
 "MYCLASS::operator new(sizeof(MYCLASS))" in some cases, and
 "       ::operator new(sizeof(MYCLASS))" in others.  Because the
case using the class-specific operator was the more common one in the
existing code, Mr Hill elected to change the name of the rarer case.)