Double delete in initializer_list vs 2013

2019-01-06 23:27发布

Today in run into a memory problem in my project, with a class using c++ 11 initializer_list. The system signals a memory problem: "Expression _BLOCK_TYPE_IS_VALID(pHead->nBlockUse) in dbgdel.cpp. I simplified the code to a simple example, it no longer throws an expression but the problem becomes apparent from the debug output. In my eyes this code is correct, also it seems to work with g++.

#include <functional>
#include <memory>
#include <string>
#include <iostream>
#include <vector>
#include <map>
#include <sstream>

#include <initializer_list>

using namespace std;

class B {
public:
    char data[256];
    B(const string& x) {
        cout << "Init " << this << endl;
    }
    B(const B& b) {
        cout << "Copy " << this << endl;
    }
    ~B() {
        cout << "Deleting b " << this << endl;
    }
};

class C {
public:
    vector<B> bs;

    C(initializer_list<B> bb) {
        for(auto& b : bb) {
            bs.push_back(b);
        }
    }
};

int main(int argc, char** argv) {
    C bb { B("foo"), B("bar") };
    return 0;
}

The output is:

Init 00B7FAE8
Init 00B7FBE8
Copy 00E108A0
Copy 00E10AE8 (?????)
Deleting b 00E108A0
Copy 00E10BE8
Deleting b 00B7FBE8
Deleting b 00B7FAE8
Deleting b 00B7FAE8  (Deleted twice!)

What mistake I make here or is this not supposed to work?

1条回答
乱世女痞
2楼-- · 2019-01-06 23:40

The initializer_list behavior is buggy. In its destructor it calls a vector delete (a delete[]) of the entire range and then deletes the first entry in the array again. This behavior is not part of the initializer_list class and looks like a compiler bug. initializer_list doesn't have a destructor and doesn't allocate the array used for the list. It just looks like a wrapper for a C array.

As for using the extra copy you see, it's caused by the vector resizing from during its initialization. Here's your flow:

Init 00B7FAE8       // construct "foo"
Init 00B7FBE8       // construct "bar"
Copy 00E108A0       // copy "foo" to vector (capacity=1)
Copy 00E10AE8 (?????) // copy the above object to the resized vector (capacity = 2)
Deleting b 00E108A0   // delete the smaller vector buffer
Copy 00E10BE8         // copy "bar" from initialization_list to vector

Deleting b 00B7FBE8   // delete initialization_list in reverse order. this is "bar"
Deleting b 00B7FAE8   // last to delete. this is "foo"

Deleting b 00B7FAE8  (bug)

// later C::bs is destroyed

What you can see here is the initializing a vector via push_back is quite slow due to copying. This would be happen even if you've used the more elegant way:

C(initializer_list<B> bb) : bs(bb) {}

A faster (no extra copies) method is:

C(initializer_list<B> bb) {
    bs.reserve(bb.size());
    bs.insert(bs.end(), bb.begin(), bb.end());
}
查看更多
登录 后发表回答