Exceptional Safety

-
Delphi is exception safe language. That means well written code can recover from the most horrible exceptions, including the dreaded out of memory error, and continue running in a perfectly operational state - as if nothing bad happened. Of course, that is a feature that Delphi provides, but your code and application eventually must determine logic at which point raised exception is recoverable and at which point it is not.

For instance, if you allow user to open some external file for further processing and your code trips on out of memory exception because the file is too large to process, you can fully recover from such event, show error message to the user "Sorry, selected file is too big" and application can merrily continue working. On the other hand if you trigger out of memory error during some operation your application absolutely must be able to perform, you can decide that the best course of action is terminating the application - after you show appropriate error message and perform whatever shutdown procedure is required.

One little thingy

Focus of this post is not teaching you how to write exception cleaning and handling code and how and when to use try...finally and try...except blocks.

It is about pointing to one often forgotten and ignored fact that can crush all your exception handling efforts: object destruction process must not cause or raise any unhandled exceptions or you will have memory leaks beyond your ability to fix them.

Particulary, that means the BeforeDestruction method - and destructors themselves - must never ever allow exceptions to escape them. Any escaping exception there will always cause memory leak. Period.

Where does it leak?

Unhandled exception in any destructor will not only break calling inherited destructors chain (if there are any), but more importantly it will skip calling FreeInstance method that is automatically called after the destructor chain and is responsible for cleaning up instance managed fields and releasing its memory allocated on the heap. If FreeInstance does not run, your code will leak that object instance's memory.

Same applies to the BeforeDestruction method - unhandled exception there will skip calling the whole destructor chain as well as FreeInstance.

Proper handling of any exceptions inside BeforeDestruction method or destructors implies that you must make sure that all code that is responsible for any kind of cleanup, including calling inherited methods, that absolutely must be executed is executed during that exception handling process.

But, I have try...finally

No amount of dancing around broken destructors (or BeforeDestruction) will fix the memory leak. That is just wishfull thinking. The only way to fully and properly solve such leaks is to fix broken destructors (or BeforeDestruction) from within.

Even code using interfaces and automatic memory management will cause memory leaks if exceptions break destruction process.

Assuming that following classes cause unhandled exceptions in BeforeDestruction or in any of the destructors all following code will result with memory leaks.

var
  Broken: TBroken;
begin
  Broken := TBroken.Create;
  try
  finally
    Broken.Free;
  end;
end;




var
  Broken: IBroken;
begin
  Broken := TBrokenAutomatic.Create;
end;

Please, don't

If you are tempted to go around your code eating up all exceptions with try...except blocks in every destructor you have ever written, then please don't.

Not every single line of code is exception prone. You just have to protect code that really can cause an exception and not all of it.

Following destructor code is perfectly fine. No need to handle any exceptions there.

destructor TFoo.Destroy;
begin
  FBar.Free;
  inherited;
end;

Of course, if FBar destructor is broken then TFoo destructor will also be broken, but the proper place to handle potential exception is in TBar destructor itself. Adding try...except code around FBar.Free will accomplish absolutely nothing because if TBar destructor is broken, TBar object instance will leak regardless. Yes, eating up exception in TFoo destructor would at least prevent leaking of TFoo instance, but if it is broken does it really matter how much?

Comments

Post a Comment

Popular posts from this blog

Delphi 12.1 & New Quality Portal Released

-
Image
The Delphi 12.1 update has been released. Besides a number of bug fixes, this release also has a few new features. The most notable ones are the new Split Editor, which allows having multiple files opened side by side; and support for Android API 34. You can find more information about what is new in this update at https://docwiki.embarcadero.com/RADStudio/Athens/en/12_Athens_-_Release_1 However, the greatest change for all Delphi developers is a new bug tracking portal that replaces the old one, still available in read-only mode at https://quality.embarcadero.com/ . The new portal is hosted in Atlassian Cloud https://embt.atlassian.net/servicedesk/customer/portals  or through a redirect https://qp.embarcadero.com and is based on Jira Service Management (JSM), while the internal bug tracking system, which was also migrated to the cloud, was not changed and is running on Jira. This move to the cloud was inevitable, because Atlassian retired their Server line of products. JSM i...
Read more

Coming in Delphi 12: Disabled Floating-Point Exceptions

-
Delphi 12 is in the works. One of its small features that will have a huge impact is a change in the default handling of floating-point exceptions, which will now be masked on all platforms. Previously, floating-point exception handling was different across platforms, and most notably on the Windows platform: In VCL and console applications, floating-point exceptions were not masked and would raise an exception. On the other hand, FireMonkey applications had all floating-exceptions masked by default, regardless of which platform they were running on. Basically if you haven't explicitly changed the exception mask in your code to some value other than the default, and you had code that attempted to divide some number with zero, you would get an EZeroDivide exception in previous Delphi versions on the Windows VCL application. In Delphi 12, there is no exception, and the result of such a division will be +INF . So the following code will no longer raise an exception. If you were r...
Read more

Assigning result to a function from asynchronous code

-
One of the more common problems that comes up in multi-threading, especially when refactoring existing code, is assigning a result obtained from asynchronous code. In other words, how do you write a function that will return some value, and calculate that value in a background thread? Basically, converting the following code: function GetData(...): string; var Data: string; begin Data := LongTask(...); // assign result of a long-running task to a function Result := Data; end; To this one: function GetData(...): string; var Data: string; begin TThread.CreateAnonymousThread( procedure begin Data := LongTask(...); end).Start; // assign result of a long-running task to a function Result := Data; end; Now, the above code will compile, but it will not achieve the desired functionality. Even if we ignore its thread safety issues (the background thread writes to the Data variable and that can interfere with assigning it to the function result), the funct...
Read more