Open
Description
Currently _Py_Dealloc()
can call arbitrary code, and since _Py_Dealloc()
can be called by any Py_DECREF()
is means that Py_DECREF()
can call arbitrary code. Py_DECREF()
is everywhere, so it impairs our ability to reason about about the behavior of code.
This problem is not as severe as #97922, but is still worth fixing, especially as it will impair our ability to optimize traces for 3.12.
We can either make a Py_SAFE_DECREF()
to be used internally, or change Py_DECREF()
to defer all potentially side-effecting deallocation functions.
It is not clear which is the best option. Changing Py_DECREF()
is simple, and certainly easy to reason about, but might delay deallocation of extension module objects for too long.