On Tue, 24 Mar 2020 at 13:55, Peter Maydell <peter.mayd...@linaro.org> wrote:
> On Tue, 24 Mar 2020 at 11:25, Yuval Shaia <yuval.shaia...@gmail.com> > wrote: > > As i already said, current code makes sure it will not happen > > however it better that API will ensure this and will not trust callers. > > I agree with the principle, but I think that here there is no > way to do it -- if you are literally destroying an object > then it is invalid to use it after destruction and there > is no way to have a lock that protects against that kind > of bug, unless the lock is at a higher level (ie the > thing that owns the destroyed-object has a lock and > doesn't allow access to it outside the lock or without > a check for has-been-destroyed). Just throwing an extra > mutex-lock into the destroy function doesn't add any > protection. > Make sense. So what i can do is to check list->list at every API since destroy functions sets it to NULL. Does it make sense? > > thanks > -- PMM >
