This proposal is similar to the proposal to have destructors with no explicit exception specification default to noexcept(true). The rationale behind this proposal is similar. Delete operators are typically called from destructors, and so a delete operator that throws an exception is likely to cause an exception to be thrown from a destructor.Deallocate and destroy functions on allocators will be affected; this will be addressed in N3157 (More on noexcept for the General Utility Library).
Having deallocation functions default to noexcept improves the overall security of a program. Since deallocation functions are usually called by destructors, they will have the same restrictions as destructors. Document N3166 addresses the security improvements associated with making destructors default to noexcept.
GB 60 and CH 16 have also requested that instances of throw() be replaced with noexcept in the library. This is being proposed by N3148, and includes the global delete operators.
The CERT C++ Secure Coding rule ERR38-CPP forbids deallocation functions from throwing exceptions.
This paper presents proposed wording for this set of changes.
... void operator delete(void*)This change is also proposed by N3148 for compatibility with that document.
throw(); void operator delete(void*) throw();
If a deallocation function has no explicit exception-specification, it is treated as if it were specified with noexcept( true). That is, the deallocation function will not throw any exceptions.
A function with no exception-specification or with an exception-specification of the form noexcept( constant-expression ) where the constant-expression yields false allows all exceptions. An exception-specification is non-throwing if it is of the form throw(), noexcept, or noexcept(constant-expression ) where the constant- expression yields true. A function with a non-throwing exception-specification does not allow any exceptions.
CERT C++ Secure Coding Standard:
ERR38-CPP. Deallocation functions must not throw exceptions
Becker, Pete, N3126=10-0116: Working Draft, Standard for Programming Language C++, 2010-08-21
Garcia, J. Daniel, N3148=10-0138: throw() becomes noexcept (Version 2), 2010-10-08
Garcia, J. Daniel, N3157: More on noexcept for the General Utility Library, (forthcoming)
Svoboda, David, N3166-10-0156: Destructors default to noexcept, 2010-10-15