On Tue, 24 Mar 2020 at 11:25, Yuval Shaia <address@hidden> wrote:
> As i already said, current code makes sure it will not happen
> however it better that API will ensure this and will not trust callers.
I agree with the principle, but I think that here there is no
way to do it -- if you are literally destroying an object
then it is invalid to use it after destruction and there
is no way to have a lock that protects against that kind
of bug, unless the lock is at a higher level (ie the
thing that owns the destroyed-object has a lock and
doesn't allow access to it outside the lock or without
a check for has-been-destroyed). Just throwing an extra
mutex-lock into the destroy function doesn't add any
So what i can do is to check list->list at every API since destroy functions sets it to NULL.
Does it make sense?