Author vstinner
Recipients eric.snow, jeremy.kloth, jkloth, nanjekyejoannah, ncoghlan, rhettinger, vstinner
Date 2020-02-05.00:08:01
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1580861281.94.0.530200047971.issue39511@roundup.psfhosted.org>
In-reply-to
Content
> (as noted above) make dealloc() for singletons a noop

I expect issues with negative reference count value. As you wrote, it triggers a fatal error when Python is built in release mode.


> make the initial refcount sufficiently large such that it is
unlikely to reach 0 even with races

Py_None is heavily used. If the reference count is updated by multiple threads with no lock to protect it, there is a significant risk that value zero will be reached soon or later.

--

In the Linux kernel, they started to special type for reference counters, to reduce the risk of vulnerability on reference counter underflow or overflow:

* "reference-count protection" for kernel hardening: refcount_t type
* https://lwn.net/Articles/728675/
* https://lwn.net/Articles/706498/

The kernel already used atomic_t type. But the issue here is about bugs, since no program is perfect, even the Linux kernel.
History
Date User Action Args
2020-02-05 00:08:02vstinnersetrecipients: + vstinner, rhettinger, ncoghlan, jkloth, jeremy.kloth, eric.snow, nanjekyejoannah
2020-02-05 00:08:01vstinnersetmessageid: <1580861281.94.0.530200047971.issue39511@roundup.psfhosted.org>
2020-02-05 00:08:01vstinnerlinkissue39511 messages
2020-02-05 00:08:01vstinnercreate