On 15/06/2026 09:12, Daniel P. Berrangé wrote:
On Mon, Jun 15, 2026 at 01:11:07PM +0900, Akihiko Odaki wrote:
Problem
=======
The Rust wrapper for object_ref() is marked unsafe and has:
The object must not be embedded in another unless the outer
object is guaranteed to have a longer lifetime.
In other words, object_ref() does not work for embedded objects and
does not keep embedded objects alive. MemoryRegion has its own
memory_region_ref() helper to call object_ref() on its owner for this
reason.
However, this is insufficient to avoid calling object_ref() for all
embedded objects. For example, consider an embedded Device that has a
MemoryRegion. When referencing a MemoryRegion for guest memory access,
QEMU automatically references the owning Device to keep the MemoryRegion
alive. However, that reference is ineffective if the Device itself is
embedded, because object_ref() does not keep the containing storage
alive.
Do we know how many examples we have of embedding objects inside
another ?
I would much prefer if we forbid the embedding of objects. It is
horrible design practice to have some QOM objects which can be
freed via reference count and some which cannot.
This is something I've been discussing with a few other people for some
time now: shouldn't we deprecate object_initialize_child() and use
references for everything instead? Not only would this help solve a lot
of lifecycle problems, but it would help reviewers because at the moment
we have too many different ways of doing the same thing.
ATB,
Mark.
