Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop in declare_class! is unsound if the object is deallocated before being fully initialized #458

Closed
madsmtm opened this issue Jun 14, 2023 · 3 comments · Fixed by #521
Closed

Drop in declare_class! is unsound if the object is deallocated before being fully initialized #458

madsmtm opened this issue Jun 14, 2023 · 3 comments · Fixed by #521
Labels
A-objc2 Affects the `objc2`, `objc2-exception-helper` and/or `objc2-encode` crates I-unsound A soundness hole
Milestone
Usable icrate

Comments

@madsmtm
Copy link
Owner

madsmtm commented Jun 14, 2023
edited
Loading

Realized this in #414 (comment).

Will probably need a drop flag, unless we figure something crazy out, see the above issue for discussion.

There are a few things in std that use similar things to drop flags, so maybe we can take inspiration from those:
@madsmtm madsmtm added A-objc2 Affects the `objc2`, `objc2-exception-helper` and/or `objc2-encode` crates I-unsound A soundness hole labels Jun 14, 2023
@madsmtm
Copy link
Owner Author

madsmtm commented Jun 24, 2023
edited
Loading

Another case where Drop is unsound:
If the object is retained past the drop, or if it is retained from the mutable reference.

The first can be detected by checking the retain count after the drop, like Swift does, but the latter is difficult. Perhaps we can override retain when debug assertions are enabled? Though that likely prevents legitimate use-case.

Also, can weak variables "resurrect" objects that have begun dropping? I really hope not!

@madsmtm madsmtm added this to the Usable icrate milestone Sep 5, 2023
@madsmtm
Copy link
Owner Author

madsmtm commented Sep 19, 2023
edited
Loading

We can, using autoref-specialization, fairly reliably detect if something explicitly implements Drop, and then act accordingly, see this gist.

@madsmtm madsmtm mentioned this issue Sep 26, 2023
Closed
@madsmtm
Copy link
Owner Author

madsmtm commented Sep 26, 2023

Cross-referencing that the way we currently deallocate our ivars is be unsound if a dealloc method calls overridden methods #414 (comment)

@madsmtm madsmtm mentioned this issue Oct 3, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-objc2 Affects the `objc2`, `objc2-exception-helper` and/or `objc2-encode` crates I-unsound A soundness hole
Projects
None yet
Milestone
Usable icrate
Development

Successfully merging a pull request may close this issue.

Redo instance variables madsmtm/objc2
1 participant
@madsmtm