递归结构的向量存在记忆问题

时间:2017-11-12 20:25:59

标签: c++ memory valgrind recursive-datastructures

我完全被一段与记忆行为不当的简单代码所困扰(正如Valgrind所报告的那样)。我把它减少到这个简短的测试用例:

#include <vector>

struct el
{
    el * next = nullptr;
};

class list
{
public:
    list(): tail(nullptr) {}

    void push_back()
    {
        el nw;
        m_list.push_back(nw);

        if (tail == nullptr)
            tail = &m_list.back();
        else
        {
            tail->next = &m_list.back();
            tail = tail->next;
        }
    }

private:
    std::vector<el> m_list;
    el * tail;
};

int main()
{
    list a;
    a.push_back();
    a.push_back();
    return 0;
}

我希望它创建一个包含2个结构的数组,其中第一个具有指向第二个结构的指针。真正的源代码在破坏时崩溃了,所以我认为这个报告很重要:

==1630== Invalid write of size 8
==1630==    at 0x400A37: list::push_back() (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400969: main (in /home/ilya/Projects/algos/a.out)
==1630==  Address 0x5a86c80 is 0 bytes inside a block of size 8 free'd
==1630==    at 0x4C2A8DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1630==    by 0x4011D5: __gnu_cxx::new_allocator<el>::deallocate(el*, unsigned long) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400F79: std::_Vector_base<el, std::allocator<el> >::_M_deallocate(el*, unsigned long) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400DA3: void std::vector<el, std::allocator<el> >::_M_emplace_back_aux<el const&>(el const&) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400B42: std::vector<el, std::allocator<el> >::push_back(el const&) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x4009FF: list::push_back() (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400969: main (in /home/ilya/Projects/algos/a.out)
==1630==  Block was alloc'd at
==1630==    at 0x4C29780: operator new(unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1630==    by 0x4012BB: __gnu_cxx::new_allocator<el>::allocate(unsigned long, void const*) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x4010D2: std::_Vector_base<el, std::allocator<el> >::_M_allocate(unsigned long) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400CC1: void std::vector<el, std::allocator<el> >::_M_emplace_back_aux<el const&>(el const&) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400B42: std::vector<el, std::allocator<el> >::push_back(el const&) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x4009FF: list::push_back() (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x40095D: main (in /home/ilya/Projects/algos/a.out)
==1630==
==1630== Invalid read of size 8
==1630==    at 0x400A42: list::push_back() (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400969: main (in /home/ilya/Projects/algos/a.out)
==1630==  Address 0x5a86c80 is 0 bytes inside a block of size 8 free'd
==1630==    at 0x4C2A8DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1630==    by 0x4011D5: __gnu_cxx::new_allocator<el>::deallocate(el*, unsigned long) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400F79: std::_Vector_base<el, std::allocator<el> >::_M_deallocate(el*, unsigned long) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400DA3: void std::vector<el, std::allocator<el> >::_M_emplace_back_aux<el const&>(el const&) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400B42: std::vector<el, std::allocator<el> >::push_back(el const&) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x4009FF: list::push_back() (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400969: main (in /home/ilya/Projects/algos/a.out)
==1630==  Block was alloc'd at
==1630==    at 0x4C29780: operator new(unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1630==    by 0x4012BB: __gnu_cxx::new_allocator<el>::allocate(unsigned long, void const*) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x4010D2: std::_Vector_base<el, std::allocator<el> >::_M_allocate(unsigned long) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400CC1: void std::vector<el, std::allocator<el> >::_M_emplace_back_aux<el const&>(el const&) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x400B42: std::vector<el, std::allocator<el> >::push_back(el const&) (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x4009FF: list::push_back() (in /home/ilya/Projects/algos/a.out)
==1630==    by 0x40095D: main (in /home/ilya/Projects/algos/a.out)

1 个答案:

答案 0 :(得分:2)

一旦push_back进入向量或以其他方式改变它,所有引用和指向存储项的指针都将失效,因此所有tailnext字段都将包含悬空指针。取消引用它们将导致未定义的行为。您实际上可以使用std::list或(如果您只是为了学习目的而编写一些列表实现),您可以先填充向量,然后收集存储项的指针,知道它们将保持有效。