SajithP SajithP - 1 month ago 8
C++ Question

Valgrind error when removing items from a vector

This might look like a duplicate to most of you. But I spent so much time finding a fix for this. Implemented many solutions given in stackoverflow and other coding sites. Finally I managed to fix it but still I'm clueless of what was wrong with my older implementation.

Please help me finding out what has caused the exact error looking at my old code, new code, unit test and the valgrind error.

Note:


  • I was testing my code from unit tests (Google test framework).

  • Compiled using C++11

  • m_queue_ is a std::vector

  • Used Google C++ coding standards



Test:


  • Queue has 2 SAPA items (created by new operator)

  • Deleting the first item by its id (Queue has only one now)

  • Deleting the only item
    left by its id

  • Second delete seems to give the valgrind error when accessing the m_id_ of the item



Here is my Queue Item base class

class Item {
public:
Item() {
type = Type::kInvalid;
}

virtual ~Item() {}

Type type;
string m_id_ = string("");
};


Here is the child class

class SAPA : public Item {
public:
SAPA() { Item::type = Type::kSAPA; }
~SAPA() {}
};


Old code used to remove item if it meets a certain criteria (RemoveIf). Caused the VALGRIND issues.

This was proposed as a correct way to remove items from a vector in many posts.

void Queue::RemoveItems(const string& id) const {
vector<Item*>::iterator it = m_queue_.begin();
while (it != m_queue_.end()) {
Item* item = *it;
if (item == nullptr) {
continue;
}

if (RemoveIf(item, id)) {
delete item;
item = nullptr;
it = m_queue_.erase(it);
} else {
++it;
}
}
}


RemoveIf function

bool Queue::RemoveIf(Item* item,
const string& id) const {
**cout << id.c_str() << endl; <--- seems to cause the invalid read**

if (item->m_id_.compare(id) == 0) {
return true;
}

return false;
}


VALGRIND output says invalid read of size 8. Sorry this contains some project specific names.

> ==21919== Invalid read of size 8
> ==21919== at 0x5880B90: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::c_str() const (in
> /usr/lib64/libstdc++.so.6.0.21)
> ==21919== by 0xEC416C: Queue::RemoveIf(network::multiplexer::Item*, blf::String const&) const (network_multiplexer_queue.cc:99)
> ==21919== by 0xEC3FFB: Queue::RemoveItems(blf::String const&) const (network_multiplexer_queue.cc:85)
> ==21919== by 0xEC4FDC: Queue::OnTimer() const (network_multiplexer_queue.cc:228)
> ==21919== by 0xFB05E0: (anonymous namespace)::NetworkMultiplexerTest_sapaTimeout_shouldBeHandled_successfully_Test::TestBody()
> (network_multiplexer_comm_test.cc:1201)
> ==21919== by 0x1232186: void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test,
> void>(testing::Test*, void (testing::Test::*)(), char const*) (in
> /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x122C547: void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test,
> void>(testing::Test*, void (testing::Test::*)(), char const*) (in
> /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x12124B7: testing::Test::Run() (in /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x1212D99: testing::TestInfo::Run() (in /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x1213444: testing::TestCase::Run() (in /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x1219F2E: testing::internal::UnitTestImpl::RunAllTests() (in
> /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x1233583: bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,
> bool>(testing::internal::UnitTestImpl*, bool
> (testing::internal::UnitTestImpl::*)(), char const*) (in
> /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== Address 0x6d24a00 is 16 bytes inside a block of size 112 free'd
> ==21919== at 0x4C2A131: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==21919== by 0xED3991: SAPA::~SAPA() (network_multiplexer_queue_item.h:82)
> ==21919== by 0xEC4045: Queue::RemoveItems(blf::String const&) const (network_multiplexer_queue.cc:86)
> ==21919== by 0xEC4FDC: OnTimer() const (network_multiplexer_queue.cc:228)
> ==21919== by 0xFB05E0: (anonymous namespace)::NetworkMultiplexerTest_sapaTimeout_shouldBeHandled_successfully_Test::TestBody()
> (network_multiplexer_comm_test.cc:1201)
> ==21919== by 0x1232186: void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test,
> void>(testing::Test*, void (testing::Test::*)(), char const*) (in
> /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x122C547: void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test,
> void>(testing::Test*, void (testing::Test::*)(), char const*) (in
> /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x12124B7: testing::Test::Run() (in /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x1212D99: testing::TestInfo::Run() (in /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x1213444: testing::TestCase::Run() (in /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x1219F2E: testing::internal::UnitTestImpl::RunAllTests() (in
> /home/sajith/cioffi/cioffi-linux/build/unit_tests)
> ==21919== by 0x1233583: bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,
> bool>(testing::internal::UnitTestImpl*, bool
> (testing::internal::UnitTestImpl::*)(), char const*) (in
> /home/sajith/cioffi/cioffi-linux/build/unit_tests)


Below FIXED the valgrind issues
This is the new code which iterates backwards and removes items.

auto it = m_queue_.end();
while (it > m_queue_.begin()) {
it--;
Item* item = *it;
if (item == nullptr) {
continue;
}

if (RemoveIf(item, id)) {
delete item;
item = nullptr;
it = m_queue_.erase(it);
}
}

Answer

EDIT

After your clarification, the actual cause seems to be pretty clear.

You're passing "id" as a const string& which passes a reference to the original object rather than a copy. Since it is coming from the first object, I'm guessing that somewhere above you have const string& id = *m_queue_.begin()->m_id_; and then you proceed to pass this to RemoveIf. Because the comparison is guaranteed to delete the first item, that happens in your loop. Now id is a dangling reference to the data in that item. The reason that it works in your reverse iteration version is that the first item becomes the last thing you delete. After you delete it, nothing else looks at id. You could probably change the line of code that assigns id to be something like string id = *m_queue_.begin()->m_id_;. By making it a string rather than string& at that point, you force a copy to be made. That copy will have a lifetime to the end of scope.

END EDIT

One thing you should be looking at is the std library functions. In particularly, you want vector::erase() and std::remove_if(). The version of erase that you want is the one that takes a pair of iterators rather than erasing one at time. When you call it, it will look something like m_queue_.erase(XXXX, m_queue_.end()). Now what is XXXX - well that ends up being the return value of remove_if. The arguments to remove_if are a pair of iterators, and a unary predicate. (I.e. a function that takes a const T& for whatever's in your vector and returns true if it should be removed.) The return value is an iterator just past the end of the non-removed items.

In c++11, this might look like:

string id = "the_id_to_filter";
m_queue_.erase(std::remove_if(m_queue_.begin(), m_queue_.end(), 
                              [&id](const Item* item) { 
                                  return item_.m_id_ == id;
                              });

In pre-c++11, you would replace the lambda with something like:

struct Filter {
   Filter(const string& id) : id_(id) {}
   string id_;
   bool operator()(const Item* item) { return item.m_id_ == id_; }
};

and then your call would look something like:

string id = "the_id_to_filter";
m_queue_.erase(std::remove_if(m_queue_.begin(), m_queue_.end(), Filter(id)));

If it's valid for your vector to contain nullptr or other values that you shouldn't be dereferencing, add those checks inside the predicate function. Also, if the vector owns the items, you may want to make it a vector<std::unique_ptr<Item>> instead of a vector<Item*>, if you don't then use of the erase(remove_if) idiom will likely leak. It also saves you from needing to remember to delete things.

Use of the library functions will save you from frustration of having off by one bugs in your loops and assorted other pain.

For reference: