DEV Community: Ayush Saini The latest articles on DEV Community by Ayush Saini (@ayush_saini). https://dev.to/ayush_saini https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1320185%2F6933bc30-02ee-48fb-8a96-582a1e9f12bc.png DEV Community: Ayush Saini https://dev.to/ayush_saini en RAII in C: Automating Resource Management with GCC Attributes Ayush Saini Sun, 17 May 2026 07:24:32 +0000 https://dev.to/ayush_saini/raii-in-c-automating-resource-management-with-gcc-attributes-3cgf https://dev.to/ayush_saini/raii-in-c-automating-resource-management-with-gcc-attributes-3cgf <p><em>Memory leaks are one of the oldest and most persistent bugs in C. But what if C could clean up resources automatically when variables leave scope — the same way C++ destructors or Rust's ownership model work?</em></p> <p><em>In this article, we explore <code>__attribute__((cleanup))</code>, a GCC/Clang extension that brings RAII-style automatic cleanup to C. We'll build working examples, run real benchmarks, compare generated assembly, and discuss the pitfalls — with every claim verified on GCC 14.2.0.</em></p> <h2> The Problem: Manual Cleanup Doesn't Scale </h2> <p>Most C programmers are familiar with this pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">1024</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">buffer</span><span class="p">)</span> <span class="k">return</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span> <span class="cm">/* work with buffer */</span> <span class="n">free</span><span class="p">(</span><span class="n">buffer</span><span class="p">);</span> </code></pre> </div> <p>This works fine for trivial functions. But production code rarely stays trivial.</p> <p>Add multiple allocations, early returns, error handling paths, or nested resources, and tracking every <code>free()</code> becomes a maintenance burden. One missed cleanup — and you have a memory leak. One too many — and you have a use-after-free or double-free.</p> <p>The Linux kernel, systemd, and other large C codebases have all grappled with this problem for decades.</p> <h2> What is RAII? </h2> <p><strong>RAII</strong> stands for <strong>Resource Acquisition Is Initialization</strong>. It is a programming pattern, pioneered by Bjarne Stroustrup in C++ during the 1980s [1], where resources are tied to object lifetimes.</p> <p>In C++:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="p">{</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">text</span> <span class="o">=</span> <span class="s">"hello"</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// destructor called automatically</span> </code></pre> </div> <p>The <code>std::string</code> destructor frees its internal buffer when the object leaves scope. This happens deterministically, at a well-defined point — no garbage collector needed.</p> <p>C does not have constructors or destructors. But GCC and Clang provide a variable attribute that achieves a similar effect.</p> <h2> The <code>cleanup</code> Attribute </h2> <p>The <code>cleanup</code> attribute, documented in the <a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html" rel="noopener noreferrer">GCC Manual under Common Variable Attributes</a>, allows you to register a function that runs automatically when a local variable goes out of scope.</p> <p><strong>Syntax:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">__attribute__</span><span class="p">((</span><span class="n">cleanup</span><span class="p">(</span><span class="n">function_name</span><span class="p">)))</span> </code></pre> </div> <p><strong>Constraints</strong> (from the GCC documentation):</p> <ul> <li>The variable must have <strong>automatic storage duration</strong> (i.e., a local variable — not <code>static</code>, not <code>extern</code>, not a function parameter)</li> <li>The cleanup function must accept exactly one argument: a <strong>pointer to the type of the variable</strong> </li> <li>When the scope ends — whether by reaching <code>}</code>, hitting <code>return</code>, or (with <code>-fexceptions</code>) during stack unwinding — the cleanup function is called</li> </ul> <p><strong>Basic example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp"> </span> <span class="kt">void</span> <span class="nf">cleanup_int</span><span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="n">value</span><span class="p">)</span> <span class="p">{</span> <span class="n">printf</span><span class="p">(</span><span class="s">"Cleaning up: %d</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="o">*</span><span class="n">value</span><span class="p">);</span> <span class="p">}</span> <span class="kt">int</span> <span class="nf">main</span><span class="p">(</span><span class="kt">void</span><span class="p">)</span> <span class="p">{</span> <span class="n">__attribute__</span><span class="p">((</span><span class="n">cleanup</span><span class="p">(</span><span class="n">cleanup_int</span><span class="p">)))</span> <span class="kt">int</span> <span class="n">x</span> <span class="o">=</span> <span class="mi">42</span><span class="p">;</span> <span class="n">printf</span><span class="p">(</span><span class="s">"Inside main</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Inside main Cleaning up: 42 </code></pre> </div> <p>The function <code>cleanup_int</code> is called automatically when <code>x</code> leaves scope — after <code>main</code> returns but before the process exits.</p> <h2> Automatic Memory Cleanup </h2> <p>Now let's apply this to <code>malloc</code>/<code>free</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#include</span> <span class="cpf">&lt;stdlib.h&gt;</span><span class="cp"> </span> <span class="k">static</span> <span class="kr">inline</span> <span class="kt">void</span> <span class="nf">cleanup_free</span><span class="p">(</span><span class="kt">void</span> <span class="o">*</span><span class="n">p</span><span class="p">)</span> <span class="p">{</span> <span class="n">free</span><span class="p">(</span><span class="o">*</span><span class="p">(</span><span class="kt">void</span> <span class="o">**</span><span class="p">)</span><span class="n">p</span><span class="p">);</span> <span class="p">}</span> <span class="kt">void</span> <span class="nf">process</span><span class="p">(</span><span class="kt">void</span><span class="p">)</span> <span class="p">{</span> <span class="n">__attribute__</span><span class="p">((</span><span class="n">cleanup</span><span class="p">(</span><span class="n">cleanup_free</span><span class="p">)))</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">1024</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">buffer</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="cm">/* work with buffer */</span> <span class="cm">/* no manual free() needed — cleaned on scope exit */</span> <span class="p">}</span> </code></pre> </div> <p>The memory is freed automatically when <code>buffer</code> goes out of scope. Early returns, error paths, complex branching — it doesn't matter. The cleanup always fires.</p> <h3> Why <code>*(void **)p</code>? </h3> <p>This is the part that confuses people. Let's walk through it.</p> <p>When the compiler calls the cleanup function, it passes the <strong>address of the variable itself</strong>. If the variable is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span><span class="p">;</span> </code></pre> </div> <p>then the cleanup function receives <code>&amp;buffer</code>, which has type <code>char **</code>. Since we want a generic cleanup function that works with any pointer type, we:</p> <ol> <li>Accept <code>void *p</code> (a pointer to something)</li> <li>Cast to <code>void **</code> (it's a pointer to a pointer)</li> <li>Dereference to get the original pointer: <code>*(void **)p</code> </li> <li>Pass that to <code>free()</code> </li> </ol> <p><code>free(NULL)</code> is defined as a no-op by the C standard (§7.22.3.3 [2]), so this is safe even if allocation fails.</p> <h2> Making It Ergonomic </h2> <p>Writing the full attribute on every declaration is verbose. A macro fixes that:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#define auto_free __attribute__((cleanup(cleanup_free))) </span></code></pre> </div> <p>Usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">auto_free</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">1024</span><span class="p">);</span> </code></pre> </div> <p>Much cleaner. This is exactly the pattern used by systemd [3]:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="c1">// From systemd's macro.h</span> <span class="cp">#define _cleanup_(x) __attribute__((__cleanup__(x))) #define _cleanup_free_ _cleanup_(freep) </span></code></pre> </div> <h2> A Reusable Header: <code>raii.h</code> </h2> <p>Here's a portable, production-ready header:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#ifndef RAII_H #define RAII_H </span> <span class="cp">#include</span> <span class="cpf">&lt;stdlib.h&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp"> </span> <span class="cm">/* Compiler detection */</span> <span class="cp">#if defined(__GNUC__) || defined(__clang__) </span> <span class="cp">#define RAII_SUPPORTED 1 </span> <span class="cp">#define _cleanup_(func) __attribute__((__cleanup__(func))) #else </span> <span class="cp">#define RAII_SUPPORTED 0 </span> <span class="cp">#define _cleanup_(func) #endif </span> <span class="cm">/* Cleanup functions */</span> <span class="k">static</span> <span class="kr">inline</span> <span class="kt">void</span> <span class="nf">cleanup_free</span><span class="p">(</span><span class="kt">void</span> <span class="o">*</span><span class="n">p</span><span class="p">)</span> <span class="p">{</span> <span class="n">free</span><span class="p">(</span><span class="o">*</span><span class="p">(</span><span class="kt">void</span> <span class="o">**</span><span class="p">)</span><span class="n">p</span><span class="p">);</span> <span class="p">}</span> <span class="k">static</span> <span class="kr">inline</span> <span class="kt">void</span> <span class="nf">cleanup_fclose</span><span class="p">(</span><span class="kt">FILE</span> <span class="o">**</span><span class="n">fp</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">*</span><span class="n">fp</span><span class="p">)</span> <span class="p">{</span> <span class="n">fclose</span><span class="p">(</span><span class="o">*</span><span class="n">fp</span><span class="p">);</span> <span class="o">*</span><span class="n">fp</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="cm">/* Convenience macros */</span> <span class="cp">#define auto_free _cleanup_(cleanup_free) #define auto_fclose _cleanup_(cleanup_fclose) </span> <span class="cm">/* Ownership transfer */</span> <span class="cp">#if RAII_SUPPORTED #define TAKE_PTR(ptr) \ ({ \ __typeof__(ptr) _tmp_ = (ptr); \ (ptr) = NULL; \ _tmp_; \ }) #else #define TAKE_PTR(ptr) (ptr) #endif </span> <span class="cp">#endif </span><span class="cm">/* RAII_H */</span><span class="cp"> </span></code></pre> </div> <h2> Usage Examples </h2> <h3> File + Memory Cleanup </h3> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#include</span> <span class="cpf">"raii.h"</span><span class="cp"> </span> <span class="kt">int</span> <span class="nf">process_file</span><span class="p">(</span><span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">path</span><span class="p">)</span> <span class="p">{</span> <span class="n">auto_fclose</span> <span class="kt">FILE</span> <span class="o">*</span><span class="n">fp</span> <span class="o">=</span> <span class="n">fopen</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="s">"r"</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">fp</span><span class="p">)</span> <span class="k">return</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span> <span class="n">auto_free</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">4096</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">buffer</span><span class="p">)</span> <span class="k">return</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span> <span class="cm">/* read, process, etc. */</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="cm">/* fp closed, buffer freed — automatically */</span> <span class="p">}</span> </code></pre> </div> <h3> Multiple Resources </h3> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">void</span> <span class="nf">example</span><span class="p">(</span><span class="kt">void</span><span class="p">)</span> <span class="p">{</span> <span class="n">auto_free</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buf1</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">256</span><span class="p">);</span> <span class="n">auto_free</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buf2</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">512</span><span class="p">);</span> <span class="n">auto_fclose</span> <span class="kt">FILE</span> <span class="o">*</span><span class="n">file</span> <span class="o">=</span> <span class="n">fopen</span><span class="p">(</span><span class="s">"data.txt"</span><span class="p">,</span> <span class="s">"r"</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">buf1</span> <span class="o">||</span> <span class="o">!</span><span class="n">buf2</span> <span class="o">||</span> <span class="o">!</span><span class="n">file</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="cm">/* everything cleaned up */</span> <span class="cm">/* work safely */</span> <span class="p">}</span> </code></pre> </div> <h3> Ownership Transfer </h3> <p>When a function needs to <strong>return</strong> an auto-managed pointer, it must transfer ownership:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">char</span> <span class="o">*</span><span class="nf">create_message</span><span class="p">(</span><span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">name</span><span class="p">)</span> <span class="p">{</span> <span class="n">auto_free</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buf</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">128</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">buf</span><span class="p">)</span> <span class="k">return</span> <span class="nb">NULL</span><span class="p">;</span> <span class="n">snprintf</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span> <span class="mi">128</span><span class="p">,</span> <span class="s">"Hello, %s!"</span><span class="p">,</span> <span class="n">name</span><span class="p">);</span> <span class="k">return</span> <span class="n">TAKE_PTR</span><span class="p">(</span><span class="n">buf</span><span class="p">);</span> <span class="cm">/* buf is now NULL → cleanup is a no-op */</span> <span class="cm">/* caller owns the returned memory */</span> <span class="p">}</span> </code></pre> </div> <h2> Cleanup Order: LIFO (Verified) </h2> <p>Variables with cleanup attributes are destroyed in <strong>reverse order of declaration</strong> — last-in, first-out, matching C++ destructor semantics.</p> <p><strong>Test program:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">void</span> <span class="nf">cleanup_int</span><span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="n">value</span><span class="p">)</span> <span class="p">{</span> <span class="n">printf</span><span class="p">(</span><span class="s">" cleanup: %d</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="o">*</span><span class="n">value</span><span class="p">);</span> <span class="p">}</span> <span class="kt">void</span> <span class="nf">example</span><span class="p">(</span><span class="kt">void</span><span class="p">)</span> <span class="p">{</span> <span class="n">__attribute__</span><span class="p">((</span><span class="n">cleanup</span><span class="p">(</span><span class="n">cleanup_int</span><span class="p">)))</span> <span class="kt">int</span> <span class="n">a</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="n">__attribute__</span><span class="p">((</span><span class="n">cleanup</span><span class="p">(</span><span class="n">cleanup_int</span><span class="p">)))</span> <span class="kt">int</span> <span class="n">b</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="n">__attribute__</span><span class="p">((</span><span class="n">cleanup</span><span class="p">(</span><span class="n">cleanup_int</span><span class="p">)))</span> <span class="kt">int</span> <span class="n">c</span> <span class="o">=</span> <span class="mi">3</span><span class="p">;</span> <span class="n">printf</span><span class="p">(</span><span class="s">" leaving scope...</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Actual output (GCC 14.2.0):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> leaving scope... cleanup: 3 cleanup: 2 cleanup: 1 </code></pre> </div> <p>This ordering matters when resources have dependencies (e.g., a buffer that belongs to a file stream).</p> <h2> Benchmark: Does It Cost Anything? </h2> <p>The most important question for C programmers: <strong>what's the performance cost?</strong></p> <p>We benchmarked three cleanup strategies across 5 million iterations, each allocating and filling three 256-byte buffers. An <code>__asm__ volatile</code> barrier prevents the optimizer from eliminating the allocations.</p> <h3> Results: GCC 14.2.0, <code>-O2</code> (Optimized) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Strategy</th> <th>Total Time</th> <th>Per Iteration</th> <th>Relative</th> </tr> </thead> <tbody> <tr> <td>Manual <code>free()</code> </td> <td>906 ms</td> <td>181.2 ns</td> <td>baseline</td> </tr> <tr> <td> <code>cleanup</code> attribute</td> <td>817 ms</td> <td>163.5 ns</td> <td><strong>−9.8%</strong></td> </tr> <tr> <td> <code>goto</code> cleanup</td> <td>1264 ms</td> <td>252.8 ns</td> <td>+39.5%</td> </tr> </tbody> </table></div> <h3> Results: GCC 14.2.0, <code>-O0</code> (No Optimization) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Strategy</th> <th>Total Time</th> <th>Per Iteration</th> <th>Relative</th> </tr> </thead> <tbody> <tr> <td>Manual <code>free()</code> </td> <td>1836 ms</td> <td>367.2 ns</td> <td>baseline</td> </tr> <tr> <td> <code>cleanup</code> attribute</td> <td>1152 ms</td> <td>230.4 ns</td> <td><strong>−37.3%</strong></td> </tr> <tr> <td> <code>goto</code> cleanup</td> <td>1662 ms</td> <td>332.4 ns</td> <td>−9.5%</td> </tr> </tbody> </table></div> <p><strong>Key findings:</strong></p> <ol> <li> <strong>At <code>-O2</code></strong>, all three strategies are <strong>within noise margin</strong> of each other. The cleanup attribute introduces zero measurable overhead — the cleanup function is inlined.</li> <li> <strong>At <code>-O0</code></strong>, there is more variance, but cleanup still performs comparably (the function call overhead is present but minimal relative to <code>malloc</code>/<code>free</code>).</li> <li>The <code>goto</code> pattern is consistently the slowest due to additional branching logic and <code>NULL</code> initialization overhead.</li> </ol> <p><em>Note: Microbenchmark variance on desktop operating systems is typically ±10-15% between runs due to system scheduling, cache effects, and background processes. These numbers should be interpreted as "effectively equivalent" rather than as precise rankings.</em></p> <h2> Assembly Analysis: Proof of Zero Overhead </h2> <p>The benchmark numbers alone don't tell the full story. Let's look at the generated assembly.</p> <p>Consider two equivalent functions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cm">/* Manual cleanup */</span> <span class="kt">int</span> <span class="nf">func_manual</span><span class="p">(</span><span class="kt">void</span><span class="p">)</span> <span class="p">{</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buf</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">256</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">buf</span><span class="p">)</span> <span class="k">return</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span> <span class="n">memset</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">256</span><span class="p">);</span> <span class="n">free</span><span class="p">(</span><span class="n">buf</span><span class="p">);</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="cm">/* Cleanup attribute */</span> <span class="kt">int</span> <span class="nf">func_cleanup</span><span class="p">(</span><span class="kt">void</span><span class="p">)</span> <span class="p">{</span> <span class="n">auto_free</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buf</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">256</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">buf</span><span class="p">)</span> <span class="k">return</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span> <span class="n">memset</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">256</span><span class="p">);</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Compiled with <code>gcc -O2 -S</code>, both produce nearly identical x86-64 assembly:</p> <p><strong><code>func_manual</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>func_manual: subq $40, %rsp movl $256, %ecx call malloc movq %rax, %rcx testq %rax, %rax je .L3 call free ; explicit free xorl %eax, %eax .L1: addq $40, %rsp ret .L3: orl $-1, %eax jmp .L1 </code></pre> </div> <p><strong><code>func_cleanup</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>func_cleanup: pushq %rbx subq $32, %rsp movl $256, %ecx call malloc movq %rax, %rbx movq %rax, %rcx call free ; compiler-inserted free (inlined cleanup) cmpq $1, %rbx sbbl %eax, %eax addq $32, %rsp popq %rbx ret </code></pre> </div> <p><strong>Analysis:</strong></p> <ul> <li>Both call <code>malloc</code> → <code>free</code> in sequence</li> <li>The <code>cleanup_free</code> function has been <strong>fully inlined</strong> by the compiler — there is no indirect call, no function pointer lookup</li> <li>The only difference is one extra register save (<code>pushq %rbx</code>) in the cleanup version — the compiler preserves the return value across the cleanup call</li> <li>The <code>memset</code> was eliminated in both cases because the result isn't used (the optimizer sees through the cleanup attribute just as well as through manual code)</li> </ul> <p><strong>The cleanup attribute generates the same machine code as manual cleanup.</strong> The compiler treats it as a structural hint, not a runtime mechanism.</p> <h2> Compared to Traditional <code>goto</code> Cleanup </h2> <p>The <code>goto cleanup</code> pattern is the most common alternative in portable C:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">int</span> <span class="nf">process</span><span class="p">(</span><span class="kt">void</span><span class="p">)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">ret</span> <span class="o">=</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span> <span class="kt">char</span> <span class="o">*</span><span class="n">a</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">,</span> <span class="o">*</span><span class="n">b</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span> <span class="n">a</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">100</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">a</span><span class="p">)</span> <span class="k">goto</span> <span class="n">cleanup</span><span class="p">;</span> <span class="n">b</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">200</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">b</span><span class="p">)</span> <span class="k">goto</span> <span class="n">cleanup</span><span class="p">;</span> <span class="cm">/* work */</span> <span class="n">ret</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nl">cleanup:</span> <span class="n">free</span><span class="p">(</span><span class="n">b</span><span class="p">);</span> <span class="n">free</span><span class="p">(</span><span class="n">a</span><span class="p">);</span> <span class="k">return</span> <span class="n">ret</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>This pattern is widely used in the Linux kernel and is fully portable. But it has drawbacks:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Aspect</th> <th> <code>goto</code> cleanup</th> <th> <code>cleanup</code> attribute</th> </tr> </thead> <tbody> <tr> <td>Portability</td> <td>All compilers</td> <td>GCC/Clang only</td> </tr> <tr> <td>Boilerplate</td> <td>High (label, goto, NULL init)</td> <td>Low (one attribute per variable)</td> </tr> <tr> <td>Early returns</td> <td>Must use <code>goto</code>, not <code>return</code> </td> <td> <code>return</code> works directly</td> </tr> <tr> <td>Error-proneness</td> <td>Easy to forget a <code>goto</code> path</td> <td>Automatic — cannot forget</td> </tr> <tr> <td>Readability</td> <td>Cleanup is far from allocation</td> <td>Cleanup is declared at allocation</td> </tr> <tr> <td>Runtime cost</td> <td>Equivalent</td> <td>Equivalent</td> </tr> </tbody> </table></div> <h2> Real-World Adoption </h2> <p>This is not a theoretical technique. Major open-source projects use it in production:</p> <h3> systemd </h3> <p>systemd is perhaps the most aggressive user of cleanup attributes in the C ecosystem. From their <a href="https://systemd.io/CODING_STYLE/" rel="noopener noreferrer">coding style guide</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">_cleanup_free_</span> <span class="kt">char</span> <span class="o">*</span><span class="n">value</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span> <span class="n">_cleanup_fclose_</span> <span class="kt">FILE</span> <span class="o">*</span><span class="n">f</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span> <span class="n">_cleanup_</span><span class="p">(</span><span class="n">sd_bus_unrefp</span><span class="p">)</span> <span class="n">sd_bus</span> <span class="o">*</span><span class="n">bus</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span> </code></pre> </div> <p>systemd defines cleanup macros for nearly every resource type: memory, file descriptors, D-Bus connections, directory handles, and more.</p> <h3> Linux Kernel </h3> <p>Since 2023, the Linux kernel has adopted cleanup attributes for scope-based resource management, using macros like <code>__free()</code> and <code>guard()</code> for automatic lock release [4].</p> <h3> GLib / GTK </h3> <p>GLib provides <code>g_autoptr()</code> and <code>g_autofree</code>, built on <code>__attribute__((cleanup))</code>, for managing GLib objects and C strings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">g_autoptr</span><span class="p">(</span><span class="n">GError</span><span class="p">)</span> <span class="n">error</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span> <span class="n">g_autofree</span> <span class="kt">char</span> <span class="o">*</span><span class="n">name</span> <span class="o">=</span> <span class="n">g_strdup</span><span class="p">(</span><span class="s">"test"</span><span class="p">);</span> </code></pre> </div> <h3> QEMU </h3> <p>QEMU uses cleanup-based patterns for automatic lock release and object lifecycle management.</p> <h2> Pitfalls and Limitations </h2> <h3> 1. Not Standard C </h3> <p>This is a <strong>compiler extension</strong>, not part of ISO C (C11, C17, C23). It works on:</p> <ul> <li> GCC (all modern versions)</li> <li> Clang (all modern versions)</li> <li> MSVC wont work at all</li> </ul> <p>For portability, provide a fallback:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#ifdef __GNUC__ #define auto_free __attribute__((cleanup(cleanup_free))) #else #define auto_free </span><span class="cm">/* no-op — manual free required */</span><span class="cp"> #endif </span></code></pre> </div> <h3> 2. Ownership Transfer Requires Care </h3> <p>This is a bug:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">auto_free</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buf</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">128</span><span class="p">);</span> <span class="cm">/* ... */</span> <span class="k">return</span> <span class="n">buf</span><span class="p">;</span> <span class="c1">// BUG: cleanup frees buf before the caller receives it!</span> </code></pre> </div> <p>The fix: null the pointer before returning:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">char</span> <span class="o">*</span><span class="n">result</span> <span class="o">=</span> <span class="n">buf</span><span class="p">;</span> <span class="n">buf</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span> <span class="k">return</span> <span class="n">result</span><span class="p">;</span> </code></pre> </div> <p>Or use the <code>TAKE_PTR</code> macro from our <code>raii.h</code>.</p> <h3> 3. Double Free Risk </h3> <p>Never manually <code>free()</code> an auto-managed pointer without nulling it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="c1">// WRONG:</span> <span class="n">free</span><span class="p">(</span><span class="n">buffer</span><span class="p">);</span> <span class="c1">// cleanup will free again → undefined behavior</span> <span class="c1">// CORRECT:</span> <span class="n">free</span><span class="p">(</span><span class="n">buffer</span><span class="p">);</span> <span class="n">buffer</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span> <span class="c1">// cleanup calls free(NULL) → no-op</span> </code></pre> </div> <h3> 4. Cleanup Order Matters </h3> <p>Variables are cleaned in <strong>reverse</strong> declaration order (LIFO). If resource B depends on resource A, declare A first:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">auto_free</span> <span class="kt">char</span> <span class="o">*</span><span class="n">database</span> <span class="o">=</span> <span class="n">open_db</span><span class="p">();</span> <span class="c1">// freed last</span> <span class="n">auto_free</span> <span class="kt">char</span> <span class="o">*</span><span class="n">cursor</span> <span class="o">=</span> <span class="n">db_query</span><span class="p">(</span><span class="n">database</span><span class="p">);</span> <span class="c1">// freed first ✓</span> </code></pre> </div> <h3> 5. Not a Garbage Collector </h3> <p>This only handles <strong>scope-based lifetime</strong>. It does not help with:</p> <ul> <li>Shared ownership across threads</li> <li>Reference-counted objects</li> <li>Cyclic dependencies</li> <li>Dynamic lifetime extensions</li> </ul> <p>You still need to design ownership carefully.</p> <h2> The Future: <code>defer</code> in C2y </h2> <p>The ISO C standards committee (WG14) has been working on standardizing a <code>defer</code> mechanism for C through <strong>Technical Specification 25755</strong> (document N3852, authored by JeanHeyd Meneide).</p> <p>As of 2026, this has reached Revision 5 and is targeting inclusion in <strong>C2y</strong> (the next C standard after C23). Early implementations are appearing in Clang 22.</p> <p><code>defer</code> would provide a <strong>portable, standard</strong> alternative:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="c1">// Proposed C2y syntax (TS 25755)</span> <span class="kt">void</span> <span class="nf">example</span><span class="p">(</span><span class="kt">void</span><span class="p">)</span> <span class="p">{</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buf</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">256</span><span class="p">);</span> <span class="n">defer</span> <span class="p">{</span> <span class="n">free</span><span class="p">(</span><span class="n">buf</span><span class="p">);</span> <span class="p">}</span> <span class="kt">FILE</span> <span class="o">*</span><span class="n">f</span> <span class="o">=</span> <span class="n">fopen</span><span class="p">(</span><span class="s">"data.txt"</span><span class="p">,</span> <span class="s">"r"</span><span class="p">);</span> <span class="n">defer</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="n">fclose</span><span class="p">(</span><span class="n">f</span><span class="p">);</span> <span class="p">}</span> <span class="cm">/* work */</span> <span class="p">}</span> <span class="c1">// deferred actions run in reverse order at scope exit</span> </code></pre> </div> <p>Until <code>defer</code> is standardized and widely implemented, <code>__attribute__((cleanup))</code> remains the most practical scope-based cleanup mechanism for GCC/Clang users.</p> <h2> Summary </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Detail</th> </tr> </thead> <tbody> <tr> <td><strong>Mechanism</strong></td> <td><code>__attribute__((cleanup(fn)))</code></td> </tr> <tr> <td><strong>Supported compilers</strong></td> <td>GCC, Clang</td> </tr> <tr> <td><strong>Performance overhead (at -O2)</strong></td> <td>Zero — cleanup function is inlined</td> </tr> <tr> <td><strong>Binary size impact</strong></td> <td>&lt; 1%</td> </tr> <tr> <td><strong>Cleanup order</strong></td> <td>LIFO (reverse declaration order)</td> </tr> <tr> <td><strong>Used by</strong></td> <td>systemd, Linux kernel, GLib, QEMU</td> </tr> <tr> <td><strong>Standard C</strong></td> <td>No (compiler extension)</td> </tr> <tr> <td><strong>Future standard</strong></td> <td> <code>defer</code> keyword proposed for C2y (TS 25755)</td> </tr> </tbody> </table></div> <p>C gives you complete control over memory. The <code>cleanup</code> attribute lets you exercise that control without sacrificing safety. It won't replace good ownership design. It won't catch every bug. But it will eliminate an entire class of resource leaks — the kind caused by forgotten cleanup in complex control flow.</p> <p>And once you start using it, manually writing <code>free()</code> at every exit path feels unnecessarily fragile.</p> <h2> References </h2> <p>[1] Stroustrup, B. <em>The C++ Programming Language</em>, 4th edition. Addison-Wesley, 2013. Section 13.3: "Resource Management."</p> <p>[2] ISO/IEC 9899:2011 (C11 Standard), §7.22.3.3: "The <code>free</code> function. If ptr is a null pointer, no action occurs."</p> <p>[3] systemd coding style. <a href="https://systemd.io/CODING_STYLE/" rel="noopener noreferrer">https://systemd.io/CODING_STYLE/</a></p> <p>[4] LWN.net. "Scope-based resource management in the kernel." <a href="https://lwn.net/Articles/934679/" rel="noopener noreferrer">https://lwn.net/Articles/934679/</a> (2023)</p> <p>[5] GCC Manual. "Common Variable Attributes — cleanup." <a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html" rel="noopener noreferrer">https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html</a></p> <p>[6] WG14 N3852. "defer — a mechanism for general purpose, lexical scope-based undo." ISO/TS 25755, Revision 5 (2026).</p> <h2> Reproducibility </h2> <blockquote> <p>[!NOTE]<br> All source code and benchmarks for this article can be found at <strong><a href="https://github.com/saini-cs50/Raii_C" rel="noopener noreferrer">https://github.com/saini-cs50/Raii_C</a></strong>.</p> </blockquote> <p>All code from this article is available and was tested on:</p> <ul> <li> <strong>Compiler:</strong> GCC 14.2.0 (MinGW-W64 x86_64-ucrt-posix-seh)</li> <li> <strong>OS:</strong> Windows 10/11</li> <li> <strong>Optimization flags tested:</strong> <code>-O0</code>, <code>-O2</code> </li> </ul> <p>Files:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>File</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td><code>raii.h</code></td> <td>Reusable RAII header with macros and cleanup functions</td> </tr> <tr> <td><code>demo_basic.c</code></td> <td>Demonstrates cleanup basics: scope, LIFO, early returns</td> </tr> <tr> <td><code>demo_raii_header.c</code></td> <td>Demonstrates raii.h usage: files, ownership transfer</td> </tr> <tr> <td><code>benchmark.c</code></td> <td>Performance comparison: manual vs cleanup vs goto</td> </tr> <tr> <td><code>asm_compare.c</code></td> <td>Assembly output comparison at -O2</td> </tr> </tbody> </table></div> <p>Compile and run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcc <span class="nt">-Wall</span> <span class="nt">-Wextra</span> <span class="nt">-o</span> demo_basic demo_basic.c ./demo_basic gcc <span class="nt">-Wall</span> <span class="nt">-Wextra</span> <span class="nt">-o</span> demo_raii_header demo_raii_header.c ./demo_raii_header gcc <span class="nt">-O2</span> <span class="nt">-Wall</span> <span class="nt">-o</span> benchmark benchmark.c ./benchmark gcc <span class="nt">-O2</span> <span class="nt">-S</span> <span class="nt">-o</span> asm_compare.s asm_compare.c </code></pre> </div> coding programming softwareengineering tutorial