How to make it so the user can't delete a dynamic array?
In writing a response, I wrote some code that challenged my assumptions on how const pointers work. I had assumed const pointers could not be deleted by the delete function, but as you'll see from the code below, that isn't the case:
#include <new>
#include <string.h>
class TestA
{
private:
char *Array;
public:
TestA(){Array = NULL; Array = new (std::nothrow) char[20]; if(Array != NULL){ strcpy(Array,"Input data"); } }
~TestA(){if(Array != NULL){ delete [] Array;} }
char * const GetArray(){ return Array; }
};
int main()
{
TestA Temp;
printf("%s\n",Temp.GetArray());
Temp.GetArray()[0] = ' '; //You can still modify the chars in th开发者_JAVA百科e array, user has access
Temp.GetArray()[1] = ' ';
printf("%s\n",Temp.GetArray());
//Temp.GetArray() = NULL //This doesn't work
delete [] Temp.GetArray(); //This works?! How do I prevent this?
}
My question is, how do I pass the user access to a pointer (so they can use it like a char array), whilst making it so that the delete function cannot delete it, by preferably throwing some sort of complaint or exception?
If your users are using delete[]
on pointers they didn't get from new[]
, hit them upside the head with a clue bat.
There are so many reasons a pointer can be dereferenced but mustn't be passed to delete:
- Someone else will delete it.
- It's not the beginning of the block.
- It came from
malloc
or some other non-new
allocator. - It has static, not dynamic lifetime.
- If has automatic lifetime.
Some of these will manifest in exceptions at runtime. Others will cause crashes at some later time. All are "undefined behavior" according to the standard.
The assumption should be that a pointer cannot be used as the argument to delete
, unless explicitly stated otherwise.
If entry-level programmers are making this mistake, educate them. If "experienced" developers are doing it, fire them for lying on their resume.
If you just want it to hurt when they do that, allocate the array one larger than necessary, and return Array + 1;
. Now everything will blow up if they try to use delete[]
.
The practical use is that it's (more) likely to make the program crash inside the bogus call to delete, with the offending function still on the call stack. Where the original will probably continue running for a while, and finally crash in innocent code. So this helps you catch stupid users.
delete [] Temp.GetArray(); //This works?! How do I prevent this?
As long as, it returns char*
or some other pointer type, you cannot prevent it; it doesn't matter if the expression in delete
statement is const
, because all of the following are perfectly valid in C++:
char *pc = f();
delete [] pc; //ok
const char *pc = g();
delete [] pc; //ok
char * const pc = h();
delete [] pc; //ok
const char * const pc = k();
delete [] pc; //ok
However, if you change this :
char *Array;
to this
std::vector<char> Array;
And then you could achieve what you want, by returning it as:
std::vector<char> & GetArray() { return Array; }
The bottomline is :
In C++, the default choice for dynamic array should be std::vector<T>
unless you've a very strong reason not to use it.
Your const is doing no effect, you are returning a const pointer, not a pointer to const char, which is what you want. Also see Nawaz recommendation on using vectors instead.
The most you can really do is to return something that is not an acceptable operand for delete
. This can be an RAII object (like std::vector or std::array) or it can be a reference (depending on your situation, either could be appropriate).
[Un]fortunately, C++ lets the programmer do all sorts of sneaky things.
You cannot block stupidity entirely, but you can stifle it a tad by using an access mechanism instead of returning the actual array pointer.
char& operator[](size_t index) { return Array[index]; }
This does not address the ability to treat it like a char array, but as has been pointed out, if you reveal that pointer, (bad) programmers a free to run delete on it all they want.
精彩评论