In C++, why is `new` needed to dynamically create an object rather just allocation?

I've got this trivial class hierarchy:

class Base {
public:
    virtual int x( ) const = 0;
};

class Derived : public Base {
    int _x;
public:
    Derived( int x ) : _x(x) { }
    int x( ) const { return _x; }
};

If I use malloc to allocate an instance of Derived, and then try to access the polymorphic function x, program crashes (I get a segmentation fault):

int main( ) {
    Derived *d;
    d = (Derived*) malloc( sizeof(Derived) );
    *d = Derived( 123 );

    std::cout << d->x() << std::endl; // crash

    return 0;
}

Of course my actual application is a lot more complex (it's a sort of memory pool).

I'm pretty sure it's because of the way I allocate d: I didn't use new.

I know of placement new operator, which must be what I need, but I've never used it and have got some questions:

• why is my application crashing, if I don't use new?

  What does new actually do?

  Why can't I just use the assignment operator to assign the value of Derived( 123 ); to the memory area pointed by d?

• Would I need to use new also for n开发者_如何学运维on-polymorphic types?

  How about POD ones?

• On the C++Faq I linked above it says that the memory region passed to placement new must be aligned for the object I'm creating.

  I know what alignment is, but I don't know how to check the alignment needed for my class.

  malloc manual says:

  The malloc() and calloc() functions return a pointer to the allocated memory that is suitably aligned for any kind of variable.

  And I hope that the alignment needed for my class is the class size as returned by sizeof, so that any address in the form address_returned_by_malloc + i * sizeof(my_class) is suitable to allocate my objects.

  Are my hopes right?

Let's go down the line

1. why is my application crashing, if I don't use new?

Virtual table is corrupted.

The virtual table is stuck right after the allocated memory. when you new a class, the generated code will properly set up the vtable. However, malloc will not properly initialize the vtable

To see the virtual table, run g++ -fdump-class-hierarchy

Vtable for Derived
Derived::_ZTV7Derived: 3u entries
0     (int (*)(...))0
8     (int (*)(...))(& _ZTI7Derived)
16    Derived::x

Class Derived
   size=16 align=8
   base size=12 base align=8
Derived (0x10209fc40) 0
    vptr=((& Derived::_ZTV7Derived) + 16u) <-- notice how this is part of the structure
  Base (0x10209fcb0) 0 nearly-empty
      primary-for Derived (0x10209fc40)

For a similar reason, without overloading operator=, the generated assembly code will only copy the data and not the vtable [again, the compiler only knows to copy the data, not the vtable]

If you want to see a pointer-based version with a valid vtable function:

Derived e(123);
d = &e;

1. Would I need to use new also for non-polymorphic types?

If you are using virtual functions, then yes, even for non-polymorphic types

1. I hope that the alignment needed for my class is the class size as returned by sizeof, so that any address in the form address_returned_by_malloc + i * sizeof(my_class) is suitable to allocate my objects.

Alignment is not an issue.

Because malloc doesn't call the class's constructor, and doesn't know anything about any particular alignment requirements it might have. If you need to use malloc (not recommended), take a look at placement new (assuming you don't want to overload the regular new for some reason).

Classes with virtual members contain a pointer to a so-called vtable - basically a table of function pointers to the implementation of these virtual members. When you use operator new, the constructor is called, which, even if it is an implicit constructor, will set up this pointer to the vtable properly.

However, malloc does not call the constructor. The vtable pointer is left uninitialized, point to some random memory. When you then attempt to call a virtual function, you dereference a bad pointer and crash (undefined behavior).

The solution is to use placement new to initialize the object before using it:

int main( ) {
    Derived *d;
    d = (Derived*) malloc( sizeof(Derived) );
    new(d) Derived(123); // invoke constructor
// You could also do:
//    new(d) Derived;
//    *d = Derived( 123 );

    std::cout << d->x() << std::endl; // crash

    // Although in your case it does not matter, it's good to clean up after yourself by
    // calling the destructor
    d->~Derived();
    return 0;
}

Some important things to note:

• Alignment is not a problem. Memory from malloc is properly aligned for any C++ type.
• Assigning with = does not help. The default implementation of = copies all member variables, but the vtable pointer is not a member and is not copied.
• Construction is not required for POD types. Non-POD types may or may not require it (it's undefined behavior if you don't). In particular, the constructor also calls member variable constructors; so if you don't construct the outer object, inner objects may be broken as well.

I don't belive that the object's constructor is called when you use malloc.

section [basic.life] of the standard says

The lifetime of an object is a runtime property of the object. An object is said to have non-trivial initialization if it is of a class or aggregate type and it or one of its members is initialized by a constructor other than a trivial default constructor. [ Note: initialization by a trivial copy/move constructor is non-trivial initialization. — end note ] The lifetime of an object of type T begins when:

• storage with the proper alignment and size for type T is obtained, and
• if the object has non-trivial initialization, its initialization is complete.

Since your class has virtual members, it requires non-trivial initialization. You can't assign an object whose lifetime hasn't started, you have to initialize it with new.