Message361382
| Author |
vstinner |
| Recipients |
eric.snow, jeremy.kloth, jkloth, nanjekyejoannah, ncoghlan, rhettinger, vstinner |
| Date |
2020年02月05日.00:08:01 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1580861281.94.0.530200047971.issue39511@roundup.psfhosted.org> |
| In-reply-to |
| Content |
> (as noted above) make dealloc() for singletons a noop
I expect issues with negative reference count value. As you wrote, it triggers a fatal error when Python is built in release mode.
> make the initial refcount sufficiently large such that it is
unlikely to reach 0 even with races
Py_None is heavily used. If the reference count is updated by multiple threads with no lock to protect it, there is a significant risk that value zero will be reached soon or later.
--
In the Linux kernel, they started to special type for reference counters, to reduce the risk of vulnerability on reference counter underflow or overflow:
* "reference-count protection" for kernel hardening: refcount_t type
* https://lwn.net/Articles/728675/
* https://lwn.net/Articles/706498/
The kernel already used atomic_t type. But the issue here is about bugs, since no program is perfect, even the Linux kernel. |
|