2

I was wondering how does .NET's string.Remove() method operates regarding memory.

If I have the following piece of code: 

string sample = "abc"; sample = sample.Remove(0);

What will actually happen in memory?

If I understand correctly, We've allocated a string consisting of 3 chars, and then we removed all of them on a new copy of the string, assigned the copy to the old reference, by that overriding it, and then what? What happens to those 3 characters?
If we're not pointing to them anymore, and they're not freed up (at least not that I'm aware of), they will remain in memory as garbage.
However, I'm sure the CLR has some way of detecting it and freeing them up eventually.

So any of you guys know what happens here? Thanks in advance!

Improve this question
3
  • Yes, the CLR has a garbage collector (that is the actual term) which runs periodically and frees unused objects. Commented Mar 14, 2016 at 20:08
  • It sounds like you actually have a question like "How do I securely erase a string from memory?", and you want to know if string.Remove is the right way. Perhaps you should ask the former question (as a new SO question) with some details about your specific scenario. Commented Mar 14, 2016 at 20:22
  • @Blorgbeard Technically, your'e right, I should've asked a question like the latter, but I understood myself that if the answer to THIS question is GC-related, then it's not secure by any means. Commented Mar 14, 2016 at 20:33

2 Answers 2

Reset to default
3

First Remove is going to create a new string that has no characters in it (an empty string). This will involve the allocation of a char array an a string object to wrap it. Then you'll assign a reference to that string to your local variable.

Since the string "abc" is a literal string, it'll still exist in the intern pool, unless you've disabled interning of compile time literal strings, so it won't be garbage collected.

So in summary, you've created two new objects and changed the reference of the variable sample from the old object to the new one.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Did you mean allocation of a char array?
@Servy, if you check the source code I linked to, Remove does create a new string, but with reserved space for the required number of characters. Essentially, not an empty string. It then copies the necessary characters into the reserved space. Everything else is accurate.
@BerinLoritsch Remove doesn't always create an empty string. When you pass 0 as the argument though, you're removing all of the characters, so what is left is an empty string. You don't need to look at the source code to know that, just the documentation for the method.
@Servy So from my understanding, in this case, just because I've assigned a literal, they will remain in memory as garbage, but in any other case those chars will be garbage collected, yes?
@TimorGruber In any other case if there are no other references to that string then it may be collected whenever the GC happens to run next.
|
1

According to the source code: http://referencesource.microsoft.com/#mscorlib/system/string.cs

  • The method Remove() allocates a new string object and returns the results to you
  • In your code sample, the sample variable is replaced with a new string object that no longer has the first character
  • When the garbage collector fires, the orphaned string is reclaimed.
Improve this answer

10 Comments

So in terms of security, this is not the correct way of releasing strings from memory regarding tracing issues, am I right?
@TimorGruber I'm not certain about that, but if you aim at security you should have a look at the SecureString.
What does security have to do with this? You have a garbage collected language. The only way to clear a string from memory is to ensure all references to the object are cleared and explicitly invoke the garbage collector. Garbage collection is by nature ad hoc.
@BerinLoritsch Even doing that wouldn't ensure that the data from the string isn't in memory anymore. Such is the nature of a garbage collected language.
@TimorGruber Are you expecting a hostile user to have access to the system's memory? If so, then you can't treat that password as secure from such a user, no. Even SecureString likely wouldn't change that.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.