On 1/29/26 05:41, Akihiko Odaki wrote:
However, I see another problem in struct embedding; it breaks
object_ref(). When embedding, the child object effectively takes the
reference to the storage of the parent object, but this reference is not
counted, so use-after-free can happen if someone takes a reference to
the child object with object_ref(). That is why the wrapper of
object_ref() in rust/qom/src/qom.rs needs to be marked unsafe. Memory
regions workaround this with memory_region_ref(), but it's not perfect
since it relies on object_ref() in the end.
Yes, and in Rust the idea was to have (in addition to Owned<T> which is
for an allocated object) another smart pointer Child<'a, T>: an embedded
object that is owned (the parent has a reference and a field of type
Child releases that reference when the parent is finalized) but cannot
be cloned.
For this reason I think object_initialize(), object_initialize_child(),
and the like are better to be noted as deprecated in
include/qom/object.h. Then memory_region_init() can be deprecated
referring to them.
This would be huge and I don't think it's feasible.
It also only provides the appearance of safety. If you have a backwards
pointer (such as the memory region's owner), you still have either a
leak or the risk of a use-after-free.
Paolo
