Memory allocation on C++ object creation

Question

The different size of memory allocation is observed during the object creation on class C below,

class C {
 int i;
 int j;
};

void f() {
 C *c = new C;
 C *c2 = new C[2];
 C (*c3)[2] = new C[2][2];
}

c is allocated with 8 bytes;

c2 is allocated with 8*2+4 bytes;

c3 is allocated with 8*2*2+4 bytes.

Why does c2 and c3 aquire 4 more bytes?

Answer 1

Remember that C++ separates memory allocation and object expression. The default array-new expression T * p = new T[N]; both allocates enough memory for N objects and constructs those objects. At the other end, delete[] p; must call the destructor of all those elements, and then free the memory.

While allocating and freeing memory is handled by the platform, and freeable memory is sufficiently well identified to the OS by a single pointer value, constructing and destroying objects is more complicated. The number of actual objects must be stored somewhere, and to that end, the standard permits a C++ implementation to request more memory than N * sizeof(T). It is true that the pointer p will always point to the beginning of the array of N objects, but p does not have to be the same pointer that was returned by the underlying memory allocator. (In fact, p is guaranteed to be precisely the value of the underlying allocation result offset by the excess amount of memory.)

The details are entirely left up to the implementation. Some platforms provide additional guarantees, though; for example, the Itanium ABI (which calls the extra data "array cookie") says that the memory for new T[N] will be laid out as follows:

+- alignof(T) --+-- sizeof(T) --+-- sizeof(T) --+-- sizeof(T) --+-- ...
| ***** [8B: N] |  1st element  |  2nd element  |  3rd element  |  .....
+---------------+---------------+---------------+---------------+-- ...
A               A
|               |_ result of "new T[N]"
|
|_ value returned "operator new[]()"

Answer 2

From the standard (section [expr.mew]):

A new-expression passes the amount of space requested to the allocation function as the first argument of type std::size_t. That argument shall be no less than the size of the object being created; it may be greater than the size of the object being created only if the object is an array.

Clearly the standard expects some additional information to be stored with a dynamically allocated array.

Now, use your debugger to see what's stuffed into those extra bytes, and figure out when that extra information might be needed for the compiler to do its job.

(Hint: fix your program so that it doesn't leak memory)

Answer 3

A lot of compilers use the 4 bytes before the pointer returned from new[] to store the number of objects actually being allocated. This is all implementation dependent and it's important to remember that pointer arithmetic that takes you outside the range of memory you allocated results in undefined behavior