{"id":104444,"date":"2020-11-12T07:00:00","date_gmt":"2020-11-12T15:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=104444"},"modified":"2025-02-07T19:53:43","modified_gmt":"2025-02-08T03:53:43","slug":"20201112-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20201112-00\/?p=104444","title":{"rendered":"Destructing outside the lock when removing items from C++ standard containers"},"content":{"rendered":"

Last time, we saw that object destruction is a hidden callout<\/a> that can cause you to violate the rule against calling out to external code while holding an internal lock. To recap, here’s the class we were using as our example:<\/p>\n

class ThingManager\r\n{\r\nprivate:\r\n  std::mutex things_lock_;\r\n  std::vector<std::shared_ptr<Thing>> things_;\r\n\r\npublic:\r\n   void AddThing(std::shared_ptr<Thing> thing)\r\n   {\r\n      std::lock_guard guard(things_lock_);\r\n      things_.push_back(std::move(thing));\r\n   }\r\n\r\n   void RemoveThingById(int32_t id)\r\n   {\r\n      std::lock_guard guard(things_lock_);\r\n      auto it = std::find_if(things_.begin(), things_.end(),\r\n        [&](auto&& thing)\r\n        {\r\n          return thing->id() == id;\r\n        });\r\n      if (it != things_.end()) {\r\n        things_.erase(it);\r\n      }\r\n   }\r\n};\r\n<\/pre>\n
We saw that there was a problem at the call to things_.<\/code>erase()<\/code> because the erasure will result in the destruction of the shared_ptr<\/code>, which could in turn trigger the destruction of an object you don’t control. And that uncontrolled code could try to call back into the Thing\u00adManager<\/code>, resulting in a mess.<\/p>\n
Solving this problem can be tricky in general, although things are a bit easier for us in this case because we know some properties of shared_ptr<\/code>, most importantly that it is noexcept movable.<\/p>\n
What we want to do is to remove the element from the vector without destructing it immediately. We want to extend the object’s lifetime until after the lock has been released.<\/p>\n
Here’s one way of doing it that works specifically for shared_ptr<\/code>, taking advantage of its inexpensive default constructor.<\/p>\n
void RemoveThingById(int32_t id)\r\n{\r\n  std::shared_ptr<Thing> removed;<\/span>\r\n  std::lock_guard guard(things_lock_);\r\n  auto it = std::find_if(things_.begin(), things_.end(),\r\n    [&](auto&& thing)\r\n    {\r\n      return thing->id() == id;\r\n    });\r\n  if (it != things_.end()) {\r\n    removed = std::move(*it);<\/span>\r\n    things_.erase(it);\r\n  }\r\n}\r\n<\/pre>\n
Before entering the lock, we create an empty shared_ptr<\/code> and use that to hold the element we intend to remove. C++ destructs objects in reverse order of construction, so declaring it before the guard<\/code> means that the removed<\/code> variable destructs after the guard is destructed; in other words, the removed<\/code> variable destructs outside the lock.<\/p>\n
If the container is a std::map<\/code> or std::unordered_map<\/code>, you can accomplish this delayed destruction in general by using the extract<\/code> method to extract the entire node, and then destruct the node outside the lock. For std::list<\/code> and std::forward_list<\/code>, you can splice<\/code> the element out of the container into a temporary initially-empty list. But for containers like vectors, you’ll need to move the object out of the container, in which case you’re counting on the move operation not doing anything scary.<\/p>\n
Mind you, you’re already assuming that the move operation isn’t doing anything scary, because your vector mutation operations are going to move objects around, too.<\/p>\n
Fortunately, for things like shared_ptr<\/code>, unique_ptr<\/code>, and (in Windows) COM wrappers, the move operations are indeed not scary. They just shuffle pointers around. (I’m assuming you’re moving into an empty object. Obviously, if the destination of the move is not empty, then you’re going to run scary code when the previous contents of the destination are released.)<\/p>\n
Here are some ways of extracting elements from a container for later destruction:<\/p>\n
\/\/ map, multimap, set, multiset,\r\n\/\/ and unordered versions of same\r\nauto removed = source.extract(it);\r\n\r\n\/\/ vector, dequeue\r\nauto removed = std::move(*it);\r\nsource.erase(*it);\r\n\r\n\/\/ list, forward_list\r\nstd::list<T> removed; \/\/ or std::forward_list\r\nremoved.splice(removed.begin(), source, it);\r\nreturn removed;\r\n<\/pre>\n
If you need to delay-destruct multiple items, you could extract them into a temporary vector.<\/p>\n
template<typename FwdIt, typename OutIt, typename Pr>\r\nFwdIt extract_if(FwdIt first, const FwdIt last, OutIt out, Pr pred)\r\n{\r\n    first = std::find_if_not(first, last, std::ref(pred));\r\n    auto next = first;\r\n    for (; first != last; ++first) {\r\n            if (pred(*first)) {\r\n                *out = std::move(*first);\r\n                ++out;\r\n            } else {\r\n                *next = std::move(*first);\r\n                ++next;\r\n            }\r\n    }\r\n\r\n    return next;\r\n}\r\n\r\nstd::vector<T> removed;\r\nv.erase(extract_if(v.begin(), v.end(), std::back_inserter(removed), filter), v.end());\r\n<\/pre>\n
Keep the removed<\/code> object alive beyond the release of the lock, so that the objects are destructed outside the lock.<\/p>\n
Bonus chatter<\/b>: It would be convenient if vector<\/code>, list<\/code>, and forward_list<\/code> also had extract<\/code> methods which returned the removed object, similar to the node extractors for the map and set types. Until then, we’ll have to write our own:<\/p>\n
template<typename T>\r\nT extract(\r\n    std::vector<T>& v,\r\n    typename std::vector<T>::iterator it)\r\n{\r\n    auto cleanup = wil::scope_exit([&] { v.erase(it); });\r\n    return std::move(*it);\r\n}\r\n\r\ntemplate<typename T>\r\nstd::list<T> extract(\r\n    std::list<T>& source,\r\n    typename std::list<T>::const_iterator it)\r\n{\r\n    std::list<T> removed;\r\n    removed.splice(removed.begin(), source, it);\r\n    return removed;\r\n}\r\n\r\ntemplate<typename T>\r\nstd::forward_list<T> extract_after(\r\n    std::forward_list<T>& source,\r\n    typename std::forward_list<T>::const_iterator it)\r\n{\r\n    std::forward_list<T> removed;\r\n    removed.splice_after(removed.before_begin(), source, it);\r\n    return removed;\r\n}\r\n<\/pre>\n
Exercise<\/b>: Why did I use a scope_exit<\/code> in the vector extractor? Why not<\/p>\n
template<typename T>\r\nT extract(std::vector<T>& v,\r\n    std::vector<T>::iterator it)\r\n{\r\n    auto result = std::move(*it);\r\n    v.erase(it);\r\n    return result;\r\n}\r\n<\/pre>\n
Update<\/b>: Wrote extract_if<\/code> because the previous version used remove_if<\/code> incorrectly.<\/p>\n","protected":false},"excerpt":{"rendered":"
Managing the order of destruction.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-104444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"
Managing the order of destruction.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/104444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=104444"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/104444\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=104444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=104444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=104444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}