Document number: N3167=10-0157
Date: 2010-10-13
David Svoboda

Delete operators default to noexcept

This proposal is similar to the proposal to have destructors with no explicit exception specification default to noexcept(true). The rationale behind this proposal is similar. Delete operators are typically called from destructors, and so a delete operator that throws an exception is likely to cause an exception to be thrown from a destructor.

Deallocate and destroy functions on allocators will be affected; this will be addressed in N3157 (More on noexcept for the General Utility Library).

Having deallocation functions default to noexcept improves the overall security of a program. Since deallocation functions are usually called by destructors, they will have the same restrictions as destructors. Document N3166 addresses the security improvements associated with making destructors default to noexcept.

GB 60 and CH 16 have also requested that instances of throw() be replaced with noexcept in the library. This is being proposed by N3148, and includes the global delete operators.

The CERT C++ Secure Coding rule ERR38-CPP forbids deallocation functions from throwing exceptions.

This paper presents proposed wording for this set of changes.

Identified changes

All changes in this paper are against N3126.


3.7.4 Dynamic storage duration

After p. 2
void operator delete(void*) throw()noexcept;
void operator delete[](void*) throw()noexcept;
This change is also proposed by N3148 for compatibility with that document.

12.5 Free Store

Add the following paragraph at the end of this section:

If a deallocation function has no explicit exception-specification, it is treated as if it were specified with noexcept( true). That is, the deallocation function will not throw any exceptions.

15.4 Exception Specifications

Modify paragraph 12 thus:

A deallocation function with no explicit exception-specification is treated as if it were specified with noexcept( true). That is, the deallocation function does not throw any exceptions. Any otherA function with no exception-specification or with an exception-specification of the form noexcept( constant-expression ) where the constant-expression yields false allows all exceptions. An exception-specification is non-throwing if it is of the form throw(), noexcept, or noexcept(constant-expression ) where the constant- expression yields true. A function with a non-throwing exception-specification does not allow any exceptions.


CERT C++ Secure Coding Standard:
ERR38-CPP. Deallocation functions must not throw exceptions

Becker, Pete, N3126=10-0116: Working Draft, Standard for Programming Language C++, 2010-08-21

Garcia, J. Daniel, N3148=10-0138: throw() becomes noexcept (Version 2), 2010-10-08

Garcia, J. Daniel, N3157: More on noexcept for the General Utility Library, (forthcoming)

Svoboda, David, N3166-10-0156: Destructors default to noexcept, 2010-10-15