Section: 99 [util.dynamic.safety] Status: CD1 Submitter: Pete Becker Opened: 2008-06-21 Last modified: 2016-01-28
Priority: Not Prioritized
View all other issues in [util.dynamic.safety].
View all issues with CD1 status.
Discussion:
The first sentence of the Effects clause for undeclare_reachable
seems
to be missing some words. I can't parse
... for all non-null
p
referencing the argument is no longer declared reachable...
I take it the intent is that undeclare_reachable
should be called only
when there has been a corresponding call to declare_reachable
. In
particular, although the wording seems to allow it, I assume that code
shouldn't call declare_reachable
once then call undeclare_reachable
twice.
I don't know what "shall be live" in the Requires clause means.
In the final Note for undeclare_reachable
, what does "cannot be
deallocated" mean? Is this different from "will not be able to collect"?
For the wording on nesting of declare_reachable
and
undeclare_reachable
, the words for locking and unlocking recursive
mutexes probably are a good model.
[ San Francisco: ]
Nick: what does "shall be live" mean?
Hans: I can provide an appropriate cross-reference to the Project Editor to clarify the intent.
Proposed resolution:
In 99 [util.dynamic.safety] (N2670, Minimal Support for Garbage Collection)
Add at the beginning, before paragraph 39
A complete object is declared reachable while the number of calls to
declare_reachable
with an argument referencing the object exceeds the number ofundeclare_reachable
calls with pointers to the same complete object.
Change paragraph 42 (Requires clause for undeclare_reachable
)
If
p
is not null,the complete object referenced bydeclare_reachable(p)
was previously calledp
shall have been previously declared reachable, and shall be live (6.7.3 [basic.life]) from the time of the call until the lastundeclare_reachable(p)
call on the object.
Change the first sentence in paragraph 44 (Effects clause for
undeclare_reachable
):
Effects:
Once the number of calls toAfter a call toundeclare_reachable(p)
equals the number of calls todeclare_reachable(p)
for all non-nullp
referencing the argument is no longer declared reachable. When this happens, pointers to the object referenced by p may not be subsequently dereferenced.undeclare_reachable(p)
, ifp
is not null and the objectq
referenced byp
is no longer declared reachable, then dereferencing any pointer toq
that is not safely derived results in undefined behavior. ...
Change the final note:
[Note: It is expected that calls to declare_reachable(p)
will consume a small amount of memory, in addition to that occupied
by the referenced object, until the matching call to
undeclare_reachable(p)
is encountered. In addition, the
referenced object cannot be deallocated during this period, and garbage
collecting implementations will not be able to collect the object while
it is declared reachable. Long running programs should arrange
that calls for short-lived objects are matched. --end
note]