Exception not being destroyed

Question

I am trying to implement my version of __cxa_allocate_exception and __cxa_free_exception to avoid memory allocation on throw.

So I implemented a memory pool which seems to work fine. But when testing with nested exceptions, the destructor of the exceptions was not called in all cases, and therefore __cxa_free_exception was not called either, causing the memory pool to fill up over time.

See the following example code:

class MyException {
public:
  MyException() {
    std::cout << "MyException constructed." << std::endl;
  }
  ~MyException() {
    std::cout << "MyException destroyed." << std::endl;
  }
};

void * __cxa_allocate_exception(size_t thrown_size)
{
  const auto mem = malloc(thrown_size); //Not part of the example
  std::cout << "allocate: " << mem <<  std::endl;
  return mem;
}

void __cxa_free_exception(void *thrown_object)
{
  std::cout << "free: " << thrown_object << std::endl;

  free(thrown_object); //Not part of the example.
}

void non_rec() {
  try {
    throw MyException();
  } catch(...) {
    try {
      throw MyException();
    } catch(...) {
      //...
    }
  }
}

int main() {
  while(true) {
    non_rec();
    std::cout << "-----------" << std::endl;
  }
}

The output of this program is:

allocate: 0x8cbc20
MyException constructed.
allocate: 0x8cc030
MyException constructed.
MyException destroyed.
free: 0x8cc030
MyException destroyed.
free: 0x8cbc20
-----------
allocate: 0x8cbc20
MyException constructed.
allocate: 0x8cc030
MyException constructed.
MyException destroyed.
free: 0x8cc030
-----------
allocate: 0x8cc030
MyException constructed.
allocate: 0x8cc440
MyException constructed.
MyException destroyed.
free: 0x8cc440
-----------
allocate: 0x8cc440
MyException constructed.
allocate: 0x8cc850
MyException constructed.
MyException destroyed.
free: 0x8cc850

It works correctly the first time. But after that the two exceptions are constructed and allocated in every loop iteration but only one is freed and destroyed.

I am using g++ 5.4.0 on Ubuntu 16.04.

Answer 1

I think the short answer to this is that it's unspecified. Section 18.1.4 of the C++ standard has this to say:

The memory for the exception object is allocated in an unspecified way...

MSVC, for example, allocates it on the stack. Good luck freeing that.

However, it's interesting to look into why the code as written fails (as for other commentators, gcc reports memory corruption when I try to run it) and, as @AlanBirtles says, the answer lies here:

https://code.woboq.org/gcc/libstdc++-v3/libsupc++/eh_alloc.cc.html

If you look at the implementation of __cxa_allocate_exception (line 279), you will see that it does three things that you don't do:

• it allocates extra space for a header of (private) type __cxa_refcounted_exception
• it zeroes that header
• it returns a pointer to the first byte after that header

Then, in __cxa_free_exception, it allows for that pointer adjustment before freeing it.

So it's easy enough to get it to work, just do something like this (or maybe you can tunnel your way through to the declaration of __cxa_refcounted_exception, I think it's on that site somewhere):

#define EXTRA 1024

extern "C" void * __cxa_allocate_exception(size_t thrown_size)
{
  void *mem = malloc (thrown_size + EXTRA);
  std::cout << "allocate: " << mem <<  " (" << thrown_size << ") " << std::endl;
  memset (mem, 0, EXTRA);
  return (char *) mem + EXTRA;
}

extern "C" void __cxa_free_exception(void *thrown_object)
{
  std::cout << "free: " << thrown_object << std::endl;
  char *mem = (char *) thrown_object;
  mem -= EXTRA;
  free (mem);
}

And when I run this at Wandbox, I get:

allocate: 0x1e4c990 (1) 
MyException constructed.
allocate: 0x1e4ddb0 (1) 
MyException constructed.
MyException destroyed.
free: 0x1e4e1b0
MyException destroyed.
free: 0x1e4cd90
-----------
allocate: 0x1e4c990 (1) 
MyException constructed.
allocate: 0x1e4ddb0 (1) 
MyException constructed.
MyException destroyed.
free: 0x1e4e1b0
MyException destroyed.
free: 0x1e4cd90
-----------
allocate: 0x1e4c990 (1) 
MyException constructed.
allocate: 0x1e4ddb0 (1) 
MyException constructed.
MyException destroyed.
free: 0x1e4e1b0
MyException destroyed.
free: 0x1e4cd90
-----------

This doesn't work with clang though, so they must be doing things a different way. Like I say, it's UB, so be careful.

Answer 2

Allocating the correct amount of memory in a similar way to libstdc++ fixes the crashes for me:

#include <iostream>
#include <cstdlib>
#include <exception>
#include <cstring>

class MyException {
public:
  MyException() {
    std::cout << "MyException constructed." << std::hex << (size_t)this << std::endl;
  }
  ~MyException() {
    std::cout << "MyException destroyed." << std::hex << (size_t)this << std::endl;
  }
};

const size_t __cxa_refcounted_exception_size = 16 * sizeof(size_t); // approx sizeof(__cxa_refcounted_exception)

void * __cxa_allocate_exception(size_t thrown_size)
{
  thrown_size += __cxa_refcounted_exception_size;
  const auto mem = malloc(thrown_size);
  std::cout << "allocate: " << mem <<  std::endl;
  memset (mem, 0, __cxa_refcounted_exception_size);
  return (void *)((char *)mem + __cxa_refcounted_exception_size);
}

void __cxa_free_exception(void *thrown_object)
{
  std::cout << "free: " << thrown_object << std::endl;
  char *ptr = (char *) thrown_object - __cxa_refcounted_exception_size;

  free(ptr);
}

void non_rec() {
  try {
    throw MyException();
  } catch(...) {
    try {
      throw MyException();
    } catch(...) {
      //...
    }
  }
}

int main() {
  for (int i=0;i<4;i++) {
    non_rec();
    std::cout << "-----------" << std::endl;
  }
}

You should find the actual value of sizeof(__cxa_refcounted_exception_size) for your platform by including unwind-cxx.h.