[PATCH] Bugfix and drop weak references to finalizable objects (was: Re: [PATCH] thread-safe handling of asynchronous events)

[Peter Bex]

On Thu, Jul 06, 2023 at 09:05:03PM +0200, felix.winkelmann@bevuta.com wrote:
> > This would be problematic if the finalizer has run and deleted the
> > foreign object, while there are still weak references that hold onto
> > the object.  This has then become invalid/inconsistent.
> 
> I don't understand this, I'm afraid. Finalizers can always "revive"
> objects, this can't be avoided and may sometimes even be required.
> If weak refs suddenly make our memory model unsound, then the whole idea
> of weak references stands to discussion.

I don't think they make the memory model unsound per say.  But it is
an issue, and one avoided by MIT Scheme by simply making it impossible
to revive collected objects.  This thread made me consider what to do
with such weak references and I decided that we should clear references
to finalizable (which may already be finalized) objects.

Attached is a patch to ensure that "live" weak references don't hold
onto objects that may have been processed by a finalizer.  I think this
removes the worst potential use-after-free footguns.

NOTE: This issue already exists in older CHICKEN versions with weak
locatives, it is not newly introduced by weak pairs!

While working on this, I also noticed a remaining bug in the weak locative
handling: when a locative has already been cleared, it contains a NULL
pointer, and we need to avoid dereferencing it on the next GC.

Cheers,
Peter

0001-Skip-weak-locatives-that-were-already-invalidated.patch
Description: Text document

0002-Don-t-retain-weak-references-to-finalizable-objects.patch
Description: Text document

signature.asc
Description: PGP signature