Fix dangling and reassigned Variants

This commit addresses multiple issues with `Variant`s that point to an `Object` which is later released, when it's tried to be accessed again. Formerly, **while running on the debugger the system would check if the instance id was still valid** to print warnings or return special values. Some cases weren't being warned about whatsoever. Also, a newly allocated `Object` could happen to be allocated at the same memory address of an old one, making cases of use hard to find and having **`Variant`s pointing to the old one magically reassigned to the new**. This commit makes the engine realize all these situations **under debugging** so you can detect and fix them. Running without a debugger attached will still behave as it always did. Also the warning messages have been extended and made clearer. All that said, in the name of performance there's still one possible case of undefined behavior: in multithreaded scripts there would be a race condition between a thread freeing an `Object` and another one trying to operate on it. The latter may not realize the `Object` has been freed soon enough. But that's a case of bad scripting that was never supported anyway.
2025-11-01 06:01:14 +00:00 · 2020-04-23 12:40:06 +02:00 · 2020-04-23 12:40:06 +02:00 · d904d05e65
commit d904d05e65
parent 07c4dc1b30
8 changed files with 378 additions and 166 deletions
--- a/core/object.cpp
+++ b/core/object.cpp
@ -33,6 +33,7 @@
 #include "core/class_db.h"
 #include "core/core_string_names.h"
 #include "core/message_queue.h"
+#include "core/object_rc.h"
 #include "core/os/os.h"
 #include "core/print_string.h"
 #include "core/resource.h"
@ -968,6 +969,37 @@ void Object::cancel_delete() {
 	_predelete_ok = true;
 }

+#ifdef DEBUG_ENABLED
+ObjectRC *Object::_use_rc() {
+
+	// The RC object is lazily created the first time it's requested;
+	// that way, there's no need to allocate and release it at all if this Object
+	// is not being referred by any Variant at all.
+
+	// Although when dealing with Objects from multiple threads some locking
+	// mechanism should be used, this at least makes safe the case of first
+	// assignment.
+
+	ObjectRC *rc = nullptr;
+	ObjectRC *const creating = reinterpret_cast<ObjectRC *>(1);
+	if (unlikely(_rc.compare_exchange_strong(rc, creating, std::memory_order_acq_rel))) {
+		// Not created yet
+		rc = memnew(ObjectRC(this));
+		_rc.store(rc, std::memory_order_release);
+		return rc;
+	}
+
+	// Spin-wait until we know it's created (or just return if it's already created)
+	for (;;) {
+		if (likely(rc != creating)) {
+			rc->increment();
+			return rc;
+		}
+		rc = _rc.load(std::memory_order_acquire);
+	}
+}
+#endif
+
 void Object::set_script_and_instance(const RefPtr &p_script, ScriptInstance *p_instance) {

 	//this function is not meant to be used in any of these ways
@ -1944,6 +1976,9 @@ Object::Object() {
 	instance_binding_count = 0;
 	memset(_script_instance_bindings, 0, sizeof(void *) * MAX_SCRIPT_INSTANCE_BINDINGS);
 	script_instance = NULL;
+#ifdef DEBUG_ENABLED
+	_rc.store(nullptr, std::memory_order_release);
+#endif
 #ifdef TOOLS_ENABLED

 	_edited = false;
@ -1957,6 +1992,15 @@ Object::Object() {

 Object::~Object() {

+#ifdef DEBUG_ENABLED
+	ObjectRC *rc = _rc.load(std::memory_order_acquire);
+	if (rc) {
+		if (rc->invalidate()) {
+			memfree(rc);
+		}
+	}
+#endif
+
 	if (script_instance)
 		memdelete(script_instance);
 	script_instance = NULL;