Main Content

CERT C++: MEM55-CPP

Honor replacement dynamic storage management requirements

Since R2020b

expand all in page

Description

Rule Definition

Honor replacement dynamic storage management requirements1 .

Polyspace Implementation

The rule checker checks for Replacement allocation/deallocation functions that do not meet requirements of the Standard.

Examples

expand all

Issue

The issue occurs when you provide these replacement implementations of dynamic allocation and deallocation functions in the global namespace:

  • Replacement operator new that returns nullptr.

    The expected behavior is to throw a bad_alloc exception on failure.

  • Replacement operator new or operator delete that throws directly or indirectly on failure.

    The expected behavior is that dynamic allocation or deallocation functions must not throw. Polyspace® also highlights the location of the throw in your code.

Risk

The C++ Standard ([new.delete]) specifies certain required behaviors for the dynamic allocation and deallocation functions. If you implement a global replacement allocation or deallocation function that does not meet these semantic requirements, other functions that rely on the required behaviors might behave in an undefined manner.

For instance, void* operator new ( std::size_t count ) is expected to throw a bad_alloc exception if it fails to allocate the requested amount of memory. If you implement a replacement allocation function that returns nullptr instead of throwing, a function that expect the memory allocation to throw on failure might try to dereference a null pointer instead.

Fix

If you provide global replacements for dynamic allocation/deallocation functions, implement the semantic requirements specified by the standard in the corresponding required behavior paragraphs.

Non-Throwing operator new That Throws

#include<cstdlib>
#include<new>

extern void* custom_alloc(std::size_t);

void* operator new (std::size_t count, const std::nothrow_t& tag) //Non-compliant
{
    if (void* ret = custom_alloc(count)) {
        return ret;
    }
    throw std::bad_alloc();
}

void func()
{
    int* ptr1 = new int;
    if (ptr1) {
        //Use ptr1
    }

}
In this example, the replacement dynamic allocation function is specified as non-throwing (std::nothrow_t) but throws a bad_alloc exception on failure. Function func, which expects operator new to return a null pointer on failure, does not handle the exception and this might result in an abrupt program termination.

Correction

One possible correction is to provide a replacement operator new function that does not throw.

#include<cstdlib>
#include<new>

extern void* custom_alloc(std::size_t);

void* operator new (std::size_t count, const std::nothrow_t& tag)
{
    return custom_alloc(count);
}

void func()
{
    int* ptr1 = new int;
    if (ptr1) {
        //Use ptr1
    }

}

Check Information

Group: 06. Memory Management (MEM)

Version History

Introduced in R2020b

See Also

Topics

External Websites

1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.