Add __delete for migration from delete

[wilzbach]

See also:

• Fix Issue 9433 - Deprecate delete dmd#7342
• https://dlang.org/deprecate.html#delete
• https://dlang.org/spec/expression.html#delete_expressions

I didn't add any tests for Class deallocators
as they have been deprecated since D2 and we call the existing functions.

CC @JinShil

[dlang-bot]

Thanks for your pull request, @wilzbach!

Bugzilla references

Your PR doesn't reference any Bugzilla issue.

If your PR contains non-trivial changes, please reference a Bugzilla issue or create a manual changelog.

[JinShil]

I suggest adding something to the effect that this is intended to only be used as a last resort when destroy is not an option. At least that's my understanding: We want to migrate users to destroy.

[JinShil]

Potential verbage: "Users should prefer object.destroy to explicitly finalize objects, and only resort to __delete when object.destroy would not be a feasible option."

[andralex]

The sed command could be a bit refined: s/\Wdelete[ \t]+\(.*\);/__delete(\1);/g

[JinShil]

Again, I think this should have some information explaining that users should first look to destroy and only to __delete when destroy is not an option.

[JinShil]

What is this file (src/foo.d) doing in this commit?

[ibuclaw]

Looks like you committed an extra file by mistake

[ibuclaw]

What advantages does this have over the (poorly named) destroy?

[JinShil]

What advantages does this have over the (poorly named) destroy?

My understanding is it was mandated by @andralex. See discussion starting here

[ibuclaw]

Still, my understanding was that (years ago when delete was first put for deprecation) destroy was added as a migration path - by Andrei himself I believe.

Obviously that function has failed spectacularly if this is needed. 🙄

[wilzbach]

Still, my understanding was that (years ago when delete was first put for deprecation) destroy was added as a migration path - by Andrei himself I believe.
Obviously that function has failed spectacularly if this is needed. 🙄

A bit of history I could dug up, but it seems that destroy has been there for a long time:

#231
#7

[JinShil]

The implementation just sets the pointer to null. I don't think that initiates an immediate call to the GC to free the memory.

[JinShil]

Shouldn't this be __delete?

[JinShil]

If I'm understanding correctly, you are accessing through a after b was __deleteed. According to the documentation comments, that's undefined behavior.

[JinShil]

"It is not possible to delete`" ~ T.stringof ~ "`"

[ibuclaw]

A bit of history I could dug up, but it seems that destroy has been there for a long time:

231 is titled "Rename clear to destroy". So it could always be my memory that is incorrect. :-)

[jmdavis]

clear was talked about in TDPL. I don't know how old it is, but I don't think that it was new then. Regardless, it's never been about freeing memory, only about destroying the object and putting it in an invalid state, so it's really not the same as what this is trying to do - though in principle, the idea behind clear/destroy and getting rid of delete is that no one should ever do what delete does if they're using GC-allocated memory. Andrei has been adamant about that being a terrible idea for years now, but we've just never gotten rid of delete (if nothing else, because without allocators, trying to replace code that uses with code that does something similar with non-GC-allocated memory it is a royal pain).

I am a bit surprised thought that Andrei wants this delete-replacement. From what I recall, his stance in the past has always been that delete is fundamentally a bad idea for GC-allocated memory and that it should be gone, and keeping a library function around that does the same thing doesn't fit with that - though the fact that it's not built-in does reduce its visibility and make it seem less acceptable / more dangerous, so I guess that he considers that enough now.

Personally, I think that anyone looking to do something like this should not be using GC-allocated memory, but it's not like we're completely against letting folks risk blowing their own feet off - we just don't want it to be easy to do that by default.

[andralex]

delete/__delete apply to structs and arrays as well, so please update the documentation

[andralex]

The sed command could be a bit refined: s/\Wdelete[ \t]+\(.*\);/__delete(\1);/g

[andralex]

Wait, this is incorrect. __delete should be only applicable to pointers to struct. Let's not innovate here.

[andralex]

this should free memory

[andralex]

this should free memory

[andralex]

Still, my understanding was that (years ago when delete was first put for deprecation) destroy was added as a migration path - by Andrei himself I believe.

Obviously that function has failed spectacularly if this is needed. 🙄

Thanks for the quip. The olden idea is to keep the safer clear while still allowing people to free objects. That was (and is) possible by means of two function calls. More recently our doctrine for deprecation has become to provide a simple replacement for people who have delete spread out through their code and just want to keep the current semantics for the time being. So both clear and __delete have their place.

[wilzbach]

Alrighty I went over the implementation again and it now matches with DMD 1:1 -> https://github.com/dlang/dmd/blob/v2.078.0/src/dmd/e2ir.d#L3886

The only thing that I couldn't figure out is how to detect at compile-time whether -profile=gc has been set by the user (DMD uses a different function mapping for this option - see toTraceGC), but I doubt that it's essential for this PR as -profile=gdc is mostly about detecting allocations.

[JinShil]

One of the procedures we need to perform to deprecate and eventually remove delete is to remove all references to it in the spec (see dlang/dlang.org#1941). I suggest removing the link to the spec.

[andralex]

This "otherwise" is ambiguous because it's applied to a conjunction. Does it refer to the fact that t is a class object reference, to the fact there is a destructor, or to the conjunction? (It applies to the second clause only). I'll make an edit to clarify.

[wilzbach]

FYI: That was taken 1:1 from the spec ;-)

[andralex]

@wilzbach @WalterBright and I are at POPL 2018 and one thing that became abundantly clear is we must overhaul the spec making it radically more precise. More on that later.

[andralex]

@wilzbach I just sent a patch to the doc - we should reuse destroy both in the documentation and the implementation. Also it seems associative arrays have been forgotten.

[wilzbach]

That's strictly speaking not true for class/interface objects and raw memory:

Exact behavior

• If x is a class or interface object -> rt_finalize

druntime/src/rt/lifetime.d

Lines 163 to 167 in 098a08a

	else
	{
	rt_finalize(cast(void*) *p);
	}
	GC.free(cast(void*) *p);

Of course, object.destroy does call rt_finalize:

druntime/src/object.d

Lines 2887 to 2896 in 098a08a

	void destroy(T)(T obj) if (is(T == class))
	{
	rt_finalize(cast(void*)obj);
	}
	/// ditto
	void destroy(T)(T obj) if (is(T == interface))
	{
	destroy(cast(Object)obj);
	}

FTR rt_finalize is deprecated, but rt_finalize2 does call a few interesting things:

druntime/src/rt/lifetime.d

Lines 1382 to 1419 in 098a08a

	debug(PRINTF) printf("rt_finalize2(p = %p)\n", p);
	auto ppv = cast(void**) p;
	if(!p || !*ppv)
	return;
	auto pc = cast(ClassInfo*) *ppv;
	try
	{
	if (det || collectHandler is null || collectHandler(cast(Object) p))
	{
	auto c = *pc;
	do
	{
	if (c.destructor)
	(cast(fp_t) c.destructor)(cast(Object) p); // call destructor
	}
	while ((c = c.base) !is null);
	}
	if (ppv[1]) // if monitor is not null
	_d_monitordelete(cast(Object) p, det);
	if (resetMemory)
	{
	auto w = (*pc).initializer;
	p[0 .. w.length] = w[];
	}
	}
	catch (Exception e)
	{
	import core.exception : onFinalizeError;
	onFinalizeError(*pc, e);
	}
	finally
	{
	*ppv = null; // zero vptr even if `resetMemory` is false
	}

• If x is a reference to a struct -> Typeinfo_Struct.destroy:

druntime/src/rt/lifetime.d

Lines 177 to 183 in 098a08a

	extern (C) void _d_delstruct(void** p, TypeInfo_Struct inf)
	{
	if (*p)
	{
	debug(PRINTF) printf("_d_delstruct(%p, %p)\n", *p, cast(void*)inf);
	inf.destroy(*p);

Here it's all about calling the dtor:

druntime/src/object.d

Lines 1194 to 1199 in 098a08a

	if (xdtor)
	{
	if (m_flags & StructFlags.isDynamicType)
	(*xdtorti)(p, this);
	else
	(*xdtor)(p);

• If x is a reference to an arrays -> for all structs within: Typeinfo_Struct.destroy:

druntime/src/rt/lifetime.d

Line 1169 in 098a08a

finalize_array(start, length, ti);

druntime/src/rt/lifetime.d

Lines 1347 to 1356 in 098a08a

	void finalize_array(void* p, size_t size, const TypeInfo_Struct si)
	{
	// Due to the fact that the delete operator calls destructors
	// for arrays from the last element to the first, we maintain
	// compatibility here by doing the same.
	auto tsize = si.tsize;
	for (auto curP = p + size - tsize; curP >= p; curP -= tsize)
	{
	// call destructor
	si.destroy(curP);

• Otherwise only GC.free is called.

[wilzbach]

Associative arrays aren't allowed: https://run.dlang.io/is/CtfP8f

[wilzbach]

Reminder to myself: I will rename this to x then.

[schveiguy]

From my memory:

1. clear/GC.free was intended as the replacement for delete. The problem with delete is that it wasn't possible to destroy things deterministically without also creating a dangling pointer. The required conflation of memory management with finalization/destruction was a faulty mechanism, especially in a GC-by-default language. I think the intention was to allow a library function, and stop reserving a keyword for such a thing.
2. clear was renamed to destroy because .clear is typically the name people use for removing all elements of a container. Given how prevalent UFCS is in D, then this creates massive confusion.

IMO, the destroy/GC.free mechanism is too raw, however. Sometimes it's exactly what you want, and GC.free requires a pointer, destroy requires a value. You are using clunky mechanisms everywhere if you use this thing.

[wilzbach]

@wilzbach I just sent a patch to the doc

Nice (I just removed your trailing white-space in case you were wondering why I force-pushed your commit).

[andralex]

@wilzbach yah I wonder if we could submit a github issue - would be great if their editor supported trailing space elimination

[andralex]

@wilzbach agreed about the discrepancies - in this case we must work backwards: __delete IS (by fiat) "destroy then deallocate". To the extent it isn't we need to adjust either destroy or __delete.

[wilzbach]

yah I wonder if we could submit a github issue - would be great if their editor supported trailing space elimination

https://github.com/isaacs/github

@wilzbach agreed about the discrepancies - in this case we must work backwards: __delete IS (by fiat) "destroy then deallocate". To the extent it isn't we need to adjust either destroy or __delete.

What do you suggest? Do you want to change __delete do call destroy?
_d_delclass still checks for deallocators as class deallocators haven't been deprecated yet.

I would simply change the wording to sth. like:

Calls .object.destroy(x) (if x is a class or interface object) or typeid(*x).destroy(x) (if x is pointer to a struct) to destroy the referred entity. Arrays of structs call typeid(*x).destroy(x) for each element.

[andralex]

Yes, __delete must call destroy. The wording you propose is good, thanks.

[wilzbach]

This could also state: Arrays of structs call typeid(x).destroy(&x) for each element (that's what the implementation does below).

[andralex]

I think it should be .object.destroy(e) for each element e in the array.

[wilzbach]

Is there a simple way to add a test this for "no effect"?

[andralex]

Here it should just be .object.destroy(*x), no? It's faster and better documented.

[wilzbach]

Are you sure about object.destroy being faster?

TypeInfo_Struct.destroy:

druntime/src/object.d

Lines 1192 to 1201 in 18be8bf

	final override void destroy(void* p) const
	{
	if (xdtor)
	{
	if (m_flags & StructFlags.isDynamicType)
	(*xdtorti)(p, this);
	else
	(*xdtor)(p);
	}
	}

object.destroy:

druntime/src/object.d

Lines 2954 to 2965 in 18be8bf

	void destroy(T)(ref T obj) if (is(T == struct))
	{
	_destructRecurse(obj);
	() @trusted {
	auto buf = (cast(ubyte*) &obj)[0 .. T.sizeof];
	auto init = cast(ubyte[])typeid(T).initializer();
	if (init.ptr is null) // null ptr means initialize to 0s
	buf[] = 0;
	else
	buf[] = init[];
	} ();
	}

[andralex]

The former is an indirect call and the second is a direct call. Truth be told, destroy does more work because it reinitializes the object. In the case of __delete we don't care to reinitialize the object because we just wrote in the documentation that access after __delete is undefined behavior.

So all in all the best way to go is to write in the documentation that we call destroy and actually call _destructRecurse. That covers all defined cases and is fast.

[wilzbach]

_destructRecurse is private and in object - so we can't even do package(core).

[andralex]

I think it should be .object.destroy(e) for each element e in the array.

[andralex]

I think this should do what the spec says it does: .object.destroy(cast(Object) x); This is a pedantic point because Object does not define a method destroy.

[andralex]

Same here, .object.destroy(cast(Object) x); would clarify lookup

[andralex]

As mentioned, I think this is less efficient - it entails an indirect call instead of simply calling the destructor (if defined) or doing nothing (if not). I suggest: .object.destroy(*x)

[andralex]

same here

[andralex]

I'm not sure about this in the case of classes and interfaces. For those shouldn't the call be GC.free(cast(void*) x)?

[wilzbach]

Added tests for GC.free

[wilzbach]

That's exactly what we do, but I wasn't whether there's a more elegant way to put it - __xdtor is a bit ugly, but it's still better than ".object.destroy(*x), but doesn't initialize the struct to T.init"

[andralex]

People cannot be expected to know what __xdtor does, but they do know what a destructor is. So the text should be:

"Calls the destructor ~this() for the object referred to by x (if x is a class or interface reference) or for the object pointed to by x (if x is a pointer to a struct). If no destructor is defined, this step has no effect."

[wilzbach]

So are we ready to 🚀 here?

[andralex]

A few more nits to look at.

[andralex]

they are @nogc as well

[andralex]

Instead of assuming people know delete and defining __delete in terms of it, describe __delete as "destroy then deallocate" and at the very end "see also the deprecated keyword" etc.

[andralex]

People cannot be expected to know what __xdtor does, but they do know what a destructor is. So the text should be:

"Calls the destructor ~this() for the object referred to by x (if x is a class or interface reference) or for the object pointed to by x (if x is a pointer to a struct). If no destructor is defined, this step has no effect."

[andralex]

"Arrays of structs call the destructor, if defined, for each element in the array."

[andralex]

unindent

[andralex]

I see the bugzilla is fixed, why do we need this?

[wilzbach]

Because fixing 14746, added this to _destructRecurse: 1a2290b

[andralex]

ping @wilzbach

[wilzbach]

ping @wilzbach

Sorry. Pong. Addressed the final nits & squashed everything into one commit.