On 6/8/23 22:14, Nick Desaulniers wrote:
Here, we're talking about using __attribute__((cleanup())) to DTR locally, but then we return a "raw" pointer to a caller. What cleanup function should the caller run, implicitly, if at all? If we use __attribute__((cleanup())) that saves us a few gotos locally, but the caller perhaps now needs the same treatment.
But this is only a problem when you return a void*; and in general in C you will return a struct more often than a raw pointer (and in C++ you also have the issue of delete vs. delete[], that does not exist in C).
Returning a struct doesn't protect against use-after-free bugs in the way std::unique_ptr<> or Rust lifetimes do, but it at least tries to protect against calling the wrong cleanup function if you provide a typed "destructor" function that does the right thing---for example by handling reference counting or by freeing sub-structs before calling kfree/vfree.
Of course it's not a silver bullet, but then that's why people are looking into Rust for Linux.
Paolo
