C/C++ Pointer Question

Question

Hi,

tl;dr - Could you please expand on the 4 comments in the first code snippet below? Specifically what is meant be deref

I'm a long time Java developer looking to learn C++. I came across this website aimed at developers in my situation.

   int x, *p, *q;
   p = new int;
   cin >> x;
   if (x > 0) q = &x;
   *q = 3;                 // 1. deref of possibly uninitialized ptr q
   q = p;
   p = new int;            // 2. potential storage leak (if x != 0 this
                           //     memory will not be returned to free storage)
   *p = 5;
   delete q;
   *q = 1;                 // 3. deref of deleted ptr q
   q = p;
   if (x == 0) delete q;
   (*p)++;                 // 4. deref of possibly dangling ptr p (if x is zero)

Although I thought I understood how pointers work, I am finding the comments difficult to understand.

My take;

1. We are either assigning x (& *q of course) to be 3 OR if q != &x then q has a just value as it was uninitialized and we have just assigned a random piece of memory to the value 3. I'm not sure how you can dereference something that isn't initialized?
2. This is fine
3. What's wrong with dereferencing a deleted pointer? After 'delete q' is *q meaningless?
4. What's wrong with dangling pointers? Is the memory viable for reallocation now that we have deleted it even though we still have a pointer to it?

I think my basic misunderstanding is about just declaring an int pointer, does this allocate memory too? Is it on the stack or the heap?

Also does dereference just mean 'read the value at the address of the pointer'? I think my confusion is that I interpret it as loosing a reference to some data as in;

int *x;
x = new int;
*x = 5;
x = new int; // Dereferencing the first bit of memory allocated.

Thanks for you patience I hope that this makes some sense as a question,

Gav

Answer 1

Responses to your takes:

1. The value of x is read from a stream. This could fail, leaving x uninitialised (storing a junk value). So the behaviour of the if is not reliable, and hence it may not assign an address to q. So the assignment *q = 3 would be writing to a random memory address.

2. This is not fine! There's no garbage collection. The first object was allocated on the heap and its address was assigned to p. Now you allocate a second one and overwrite the pointer to hold the new address. The old address is lost, so no one can delete it via p. Later on there's a delete q, which is a copy of the address from p, but that statement is dependent on the value of x (which is unreliable).

3. It's not the pointer that's been deleted. It's the object pointed to. The pointer still holds a value that points to what used to be a valid object, but is now junk. If you dereference it, your program will have "undefined behaviour".

4. Yes. The runtime system (such as it is) has no tracking of pointers to objects.

Answer 2

Simply put: A pointer is an address of a variable whose values you may be interested in.

Dereferencing is the act of accessing that value -- by prepending the * (dereferencing operator) to the pointer variable. The access may be for reading, writing or both.

1. If you do not initialize a pointer to a valid address (or the special value NULL) -- you do not know what that variable contains. Dereferencing will try to take whatever is there and treat it as an address. This is undefined behavior -- all bets are off, anything might happen, though if you are lucky you'll end up with a trap/hardware exception.

2. Exactly. Because, p was holding the address of some memory you allocated. Not freeing up system resources causes a leak. Dereferencing a deleted pointer is the same as dereferencing an uninitialized pointer -- you don't know what value it may contain.

3. Again, UB.

4. True. You have UB for x == 0. Dangling pointers are dangerous because they creep up at the most inopportune time, format your hard disk and are never seen again. It becomes impossible to reasonably justify how your program will behave.

Answer 3

At:

1. You assign a value to q pointer by dereferencing it from address to concrete memory see Pointer dereference doc.. However due to an if condition setting it to address of x it can point to a random memory cell (is uninitialized) if x <= 0.
2. In line above you set q to point to the same memory address as p. Then for p you allocate new memory. And then you allocate new memory that p points to.
3. Line above you removed allocation for memory pointed by q. This memory address is now available for system to use. And after that you assign a value to memory that does not "belong" to you.
4. If x == 0 then you return back to the system memory pointed by both q and p. And again trying to use memory that does not "belong" to you. Also there's no delete p if x != 0 - thus memory is not returned to system.

Answer 4

Added more comments in-line below:

   int x, *p, *q;
   p = new int;
   cin >> x;
   if (x > 0) q = &x;
   *q = 3;                 // <--- 1. deref of possibly uninitialized ptr q
                           // M.York
                           // q has never been set or is set to point at a non
                           // allocated memory location (if x > 0)
                           //
                           // If x is zero q is uninitialized (has random value).
                           // Therefore de-referencing it to set what it points at 
                           // to 3 has undefined behavior.

   q = p;
   p = new int;            // <--- 2. potential storage leak (if x != 0 this
                           //     memory will not be returned to free storage)
                           // M.York
                           // This comment is not true. The value pointed at by p
                           // was transferred to q before p was re-assigned. Thus 
                           // there is no potential memory leak. Both p and q are 
                           // now valid pointers.
   *p = 5;
   delete q;
   *q = 1;                 // <--- 3. deref of deleted ptr q
                           // M.York
                           // In the line above you returned the memory pointed at 
                           // by q back to memory management routines (via delete). 
                           // Technically q still points at the memory but you no 
                           // longer own that memory and thus writing to it has
                           // undefined behavior (because the memory management 
                           // system could have unloaded that chunk from virtual 
                           // memory or re-used it some other way).
   q = p;
   if (x == 0) delete q;
   (*p)++;                 // <--- 4. deref of possibly dangling ptr p (if x is zero)
                           // M.York
                           // q is reassinged to have the same pointer value as p.
                           // Then If x is zero we delete the pointer q (thus 
                           // returning it to the memory management pool). Since p 
                           // and q are the same pointer they both become invalid at
                           // point. Thus de-referencing p is undefined behavior if
                           // x is zero (because the memory was returned (via delete)

1 We are either assigning x (& *q of course) to be 3 OR if q != &x then q has a just value as it was uninitialized and we have just assigned a random piece of memory to the value 3. I'm not sure how you can dereference something that isn't initialized?

See below:

3 What's wrong with dereferencing a deleted pointer? After 'delete q' is *q meaningless?

The memory belongs to somebody else (memory management (or in a threaded application it may already have been reallocated to another thread). Writing to memory that does not belong to you has undefined behavior.

4 What's wrong with dangling pointers? Is the memory viable for reallocation now that we have deleted it even though we still have a pointer to it?

Same comment as 3. (just because you retain an invalid pointer does not mean anything)

Also does dereference just mean 'read the value at the address of the pointer'? I think my confusion is that I interpret it as loosing a reference to some data as in;

Yes: That is all it means.
But if you do not own that memory nasty things can happen.

• If a pointer points at a location in memory that is not mapped to physical memory then you will get some form of segmentation fault.
• If the memory belongs to the memory management routines and you start writing random values (like 3 above) into it then you can corrupt the memory management structures thus causing the program to crash when any memory management happens.
• If the memory belongs to the stack and you start writing random values (like 3 above) then you can potentially overwrite another random variable or the return address used when a function exits.

Answer 5

This is a difficult subject if you aren't aware of what is happening 'under the hood'. C++ is rather a 'bare-metal' programming language and rarely makes anything safe.

Looking at the code you supply and the marked points of interest:

The first line has: int x, *p, *q; which declares and defines some variables on the stack, but doesn't initialise them. Nor does C++ remember, at run-time, that this has happened. You may get some warnings at compile-time, but otherwise you have to keep track of things in your head.

So, at line 1. we don't know whether q is &x or not. If q has not been initialised, then it could point anywhere, but C++ doesn't know that and will try to write the value 3 to some piece of memory somewhere. The answer to this point is that C++ doesn't keep track of pointer values.

At line 3., again C++ is trying to write an integer value to some piece of memory, but this time its on the heap and in a multithreaded program may have been re-allocated by the time this line executes. So, unfortunately q and *q retain meaning, but its unlikely to mean what we want.

At line 4. its the same problem as 3., but only if (x==0), and yes as you say, the memory could have been re-allocated even though we have deleted it.

Declaring an int pointer only allocates memory for the pointer alone and on the stack.

Dereferencing a pointer means accessing the memory, for read or write, where the pointer points to.

With regard to your second piece of code:

int *x;         <-- Declares a pointer and allocates it on the stack
x = new int;    <-- Allocate a new int on the heap and remember its address in x
*x = 5;         <-- Overwrite the new int on the heap.
x = new int;    <-- Another allocation and remember its address in x
                    Now we have forgotten where the first allocation was

Dereference means read or write to the memory that the pointer points to. If you just read or write to the pointer itself, then its always safe. This is why you can pass around a null pointer and only get into trouble when its dereferenced for the first time.