resource management in c++

Problem DefinitionSolution

Practical Advices

Resource Management in C++

Kirill Mendelev

April 2, 2006

Kirill Mendelev Resource Management in C++


Practical Advices

Outline

1 Problem Definition

2 SolutionManual ManagementAutomatic Management

3 Practical Advices



Practical Advices

Formal definition of resource

The Pocket Oxford Dictionary

resource, n. Means of supplying what is needed, stock that can bedrawn on.

Wikipedia

A resource, also referred to as system resource, is any physical orvirtual system component of a computer system with limitedavailability.



Practical Advices

Examples

Memory

File descriptor

Thread, process

Entity of application domain (e.g. events, messages, models)



Practical Advices

Common treats

Limited availability

There’s only as much resources as our virtual world supplies us.

Waste management; recycling

For the virtual world to live happily every after, no garbage shouldaccumulate, non-replenishable resources should be recycled.

We take memory resource management as an object for this study,yet recommendations may be applied to any type of resource.



Practical Advices

What can go wrong

Leakage

Exhaustion

Dangling



Practical Advices

Leak example

int triple(int val) {int* res = new int(val*3);return *res;

}

Resource is said to be leaked when it can not be accessed by anystandard mean.



Practical Advices

Exhaustion example

int triple(int val) {static int* res = new int(val*3);return *res;

}

Exhausting algorithms never bother to dispose of their resources,while keeping references to them. Leaking and exhaustingprocesses are often mixed, for they both lead to resource depletion.



Practical Advices

Dangling example

{...int* i = new int(2);int* j = i; // i,j are danglingdelete i; // woe to j’s users...

}

Dangling pointers reference the same place in memory, which maybe disposed of concurrently.



Practical Advices

Another dangling example

class A {public:

void save_data(CData* a) {v.push_back(a);

}CData& operator[](int idx) {

assert(idx>=0 && idx<v.size());return *(v[idx]);

}private:

vector<CData*> v;};



Practical Advices

Ultimate question

Ownership

Who is owner of a resource? Who creates it, who destroys it, andwhen?

Easy to ask, hard to answer. Usually, resource creator knowsnothing about resource disposer. Good old custom of passingpointers to expensive resources provides an easy way to get rid ofresource whenever we want, anyplace, anytime.



Practical Advices

Sinful owners

Forgetful owner does not keep records of the resource

Greedy owner keeps resources forever

Egoistic owner disposes resource regardless of other customers

Spoiled owner assumes responsibility without reason



Practical Advices

Manual ManagementAutomatic Management

1 Problem Definition

2 SolutionManual ManagementAutomatic Management

3 Practical Advices



Practical Advices


Behave!

Law and order

Coding guidelines and design techniques may reduce amount offaulty places, if followed strictly and frequent review sessions areapplied, so to enforce the rules.

Example of such rule

Every resource should be allocated in object’s constructor,deallocated in object’s destructor. No reference to resource may bereturned from object.

Programmers, being artists, hate rules and love to break themwhenever policemen are not around there.



Practical Advices


Common sense

Do it accurately

Chose owners thoughtfully, do not pass ownership, keep the wholesystem in mind, so no pointer gets left behind. Or forgotten.

This works well for small systems, which are rarely extended.Expect newly added parts to wreak havoc, for this approach doesnot constrain the developer to follow the original resourcemanagement policy.



Practical Advices


Where common sense does not help

int f() {int* i = new int(-2);int j = sqrt(*i); // exception throwndelete i;return j;

}

“throw” clauses are optional in C++, so we have no guaranteedway to protect ourselves from exceptions thrown by third parties.



Practical Advices


Management decision

Centralize everything

Create a number of “manager” classes, which will be the only wayof accessing a resource. Manager is the only owner of the object.

This way, no resource will ever be leaked, yet exhaustion ispossible. Dangling is possible, but not likely. Biggest problem israces between thread-users, which create a different class ofproblems. Besides, resource-management classes lead to tightcoupling in designs.



Practical Advices


Only cowards are afraid of leaks

Let it leak

Fortunately, major operation systems take care of resourcecollection in a per-process basis. It is, all the system-wide resourcesallocated by process are properly disposed of upon processtermination. If the task is known to live a short, yet bright life, itmay just accept resource leakage.

Well suited for small utilities, which should be used every once in awhile. OTOH, “Apache” web server kills its children from time totime, when the memory consumption seem to grow beyond control.



Practical Advices


Failure is not an option

Think totalitarian. “1984”, George Orwell.

The purpose of Newspeak was not only to provide amedium of expression for the world-view and mentalhabits proper to the devotees of Ingsoc, but to make allother modes of thought impossible.

C++ is a language flexible enough to be modified to make theresource mismanagement hard, if not impossible.



Practical Advices


Smart Pointers

Overloading certain operators, we can mimic pointer.

struct Nat {int n;string what() { stringstream s; s << n; return s.str() }

};class NatP {public:

NatP() { num.n = 1; }Nat& operator*() { return num; }NatP* operator->() { return &num; }NatP& operator++() { ++num.n; return *this; }

private:Nat num;

};



Practical Advices


Smart Pointers – contd.

void show_all() {NatP n;while(1) {

cout << n->what() << endl;++n;

}}

It’s easy to add a null-pointer semantics to these pseudo-pointers,so ultimately and seamlessly, we can replace native pointers bysophisticated classes.



Practical Advices


RAII

Resource Acquisition is Initialization

Resource is acquired in constructor and is destroyed in destructor.

struct StrongInt {StrongInt(int n) { num_ptr = new int(n); }~StrongInt() { delete num_ptr; }int& operator*() { return *num_ptr; }int* num_ptr;

};int thrice(int n) {

StrongInt strong_ptr(n*3);return *strong_ptr;

}



Practical Advices


Value semantics

C++ employs call-by-value semantics to pass arguments inside offunctions, unless references are used. RAII-oriented classes will becreated and destroyed when passing scopes.

StrongInt thrice(StrongInt strong_ptr) {StrongInt result((*strong_ptr) * 3);return result;

}

Obviously, a disaster. Solution will add a “ownership” flag,redefine copy-constructor, assignment operator and check this flagin destructor. Quite a work.



Practical Advices


STL and auto ptr

auto_ptr template provided by STL is a simplest strong pointerwith RAII semantics and primitive ownership control.

auto_ptr<int> thrice(auto_ptr<int> auto_int) {auto_ptr<int> ap(new int(*auto_int*3));return ap;

}



Practical Advices


Deficiencies of auto ptr

Only one owner, so no sharing of resources

BigData* data = new BigData;auto_ptr<BigData> ap1(data);auto_ptr<BigData> ap2(data);

Ignores OO, denying “is a” relationship

auto ptr<Base> f(){return auto_ptr<Derived>(new Derived);

}

Copies are not equivalent, so forget about containers

vector<auto_ptr<int> > v;



Practical Advices


Reference counting

Auto ptr is a simplest RC

auto_ptr is an example of so-called “reference counting” garbagecollection. We wrap the shared resource in a class, which countsnumber of times anyone from outside required reference to innerobject. Once this counter reaches zero, nobody uses us anymoreand the inner object has to be reclaimed.

Patented extensions

Simple extension to auto_ptr, adding multiple owners, solves firstand last problems, yet the OO issue is yet to be addressed.



Practical Advices


Private inheritance and reference counting

C++ as multi-paradigm language

C++ is not strictly object-oriented language, and the templateswe’ve used to create reference counters belong to “generic”paradigm whatsoever.

“Bridge” between generic and OO paradigms

C++ provides “private” inheritance to answer “implemented interms of” kind of relationship. Privately inherited class, then, maytake advantage of outer inheritance to store in itself polymorphicdata.



Practical Advices


Inherit a template

struct Human_I {virtual void play() = 0;

};class Boy : public Human_I {virtual void play();

};class Girl : public Human_I {virtual void play();

};

template<class T, class I>class RefCounted {public:

// RC operatorsT* ptr() { return rep; }

private:T* rep;I* count;static RefCounted nil;

};



Practical Advices


Polymorphism by value

class Human : private RefCounted<Human_I,int> {public:

Human(Human_I* inst) : base(inst) {}Human() {}void play() {

ptr()->play(); // ptr defined in RefCounted}

}



Practical Advices


Polymorphism by value – contd.

void perform(Human person) {person.play();

}int main(int, char**) {

Human adam = new Boy;Human eve = new Girl;perform(adam);perform(eve);

}



Practical Advices


Transition from RC to GC

This page is intentionally left blank.



Practical Advices


Garbage collectors

Aim

Garbage collecting languages save developers from the task ofmemory deallocation, so solving both memory leaking and danglingpointers problems. Memory exhaustion still may happen.

Strategy

Garbage collecting (GC) algorithms produce a transitive closure ofmemory blocks accessible from stack memory. Unneeded memoryis then reclaimed and reused. Most GCs can not be adapted tomanagement of resources other than memory.



Practical Advices


GC efficiency

GCs have a long history of claimed and proved inefficiency.Though recent development in GC theory and practice renderedthem to be efficient enough to be used in real-time applications.Now, application should prove that its performance requirementsare high enough to forfeit usage of GC.



Practical Advices


GC and C++

Why no standard GC in C++

There’s no firm understanding of the proper GC technique, whichshould be implemented by all vendors of C++.

Is it possible to use GC with C++

Yes, Boehm GC is a conservative, “internal pointers”, non-movingmark-and-sweep collector, which can be easily plugged into existingC++ program.

How it came, Holmes?

Elementary, my dear Watson. They overrode malloc and free.



Practical Advices


Boehm GC algorithm

1 Mark all the objects on stack as “reachable”

2 Mark all the objects reachable from “reachables” as also“reachable”

3 Repeat step 2 until no more objects found

4 Reuse unmarked objects (sweep)

How do we know one object is reachable from another? If oneobject contains something that looks like a pointer, it is treated asa pointer. So, we’ve got small chance we’ll be confused by somecomplex integers, and some memory will be marked as “reachable”even though it is not.



Practical Advices


Boehm GC and C++

int main(int, char**) {for(int i=0;;++i)

int* j = new int(i % 2);}

Leaks if compiled as

> gcc -o leak leak.cc

Does not leak if GC substitutes standard system “malloc”

> gcc -o leak leak.cc /usr/local/lib/libgc.a



Practical Advices


Threads, system allocators, proprietary allocators

Boehm GC is thread-safe

Boehm GC can be used selectively, yet care should be takennot to store pointers to gc-allocated memory within objectsproduced by non-gc allocators

Boehm GC is cross-platform



Practical Advices

Plan your dive, dive your plan

Resource management is a design decision

Decision on resource management should be taken along withother design decisions. It is as hard to change the managementscheme from “accurately delete unneeded objects” to “useauto_ptr when needed” as to switch from data-driven design toevent-driven design.

Find resources early

Ask yourself: “what happens if this stuff is not finalized? Am Igoing to get out of stock of these eventually”? Major logic entitiesof design are usually resources.



Practical Advices

Checklist

1 Does your application live long enough to exhaust resource?

No: use “allocate once, never deallocate” scheme

2 Can you promise a solitary ownership at any moment?Yes: use auto ptr

3 Can you sacrifice simple OO for value-semantics?Yes: use reference countersNo: think again

4 Is it memory you’re worrying about?Yes: seriously consider using Boehm GC

5 If nothing else helps, split task to subtasks and start from thebeginning



Practical Advices

Checklist

1 Does your application live long enough to exhaust resource?No: use “allocate once, never deallocate” scheme







Practical Advices

Checklist


2 Can you promise a solitary ownership at any moment?

Yes: use auto ptr






Practical Advices

Checklist








Practical Advices

Checklist



3 Can you sacrifice simple OO for value-semantics?

Yes: use reference countersNo: think again





Practical Advices

Checklist



3 Can you sacrifice simple OO for value-semantics?Yes: use reference counters

No: think again





Practical Advices

Checklist








Practical Advices

Checklist




4 Is it memory you’re worrying about?

Yes: seriously consider using Boehm GC




Practical Advices

Checklist








Practical Advices

Further reading

“The Design and Evolution of C++”, Bjarne Stroustrup

“The C++ Programming Language”, Bjarne Stroustrup

http://www.hpl.hp.com/personal/Hans Boehm/gc/

http://www.research.att.com/˜bs/JSF-AV-rules.pdf


resource management in c++

Technology

c kirill mendelev