From c75baad41d9e6cbe11d83e208ccfe35c18a6b19d Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Wed, 24 May 2017 07:21:30 -0700
Subject: ffi: sanity check on object in ffi_val_get.

* ffi.c (ffi_val_get): Throw an exception if the object
doesn't appear valid.

* gc.c (valid_object_p): New function.  Invalid objects are
those that are pointers, but either not into a heap, or else
to a freed object or to an object that is marked by the
garbage collector (should only be seen while GC is running).
All others are valid.  There can be false positives here: a
value with the LIT tag is in fact a pointer, but we don't
check whether that is valid.

* gc.c (valid_object_p): Declared.

* txr.1: Remarks added to documentation of FFI val type.
---
 gc.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'gc.c')

diff --git a/gc.c b/gc.c
index cb67d156..ad3e25bc 100644
--- a/gc.c
+++ b/gc.c
@@ -911,6 +911,20 @@ val gc_call_finalizers(val obj)
   return call_finalizers_impl(obj, is_matching_final);
 }
 
+val valid_object_p(val obj)
+{
+  if (!is_ptr(obj))
+    return t;
+
+  if (!in_heap(obj))
+    return nil;
+
+  if (obj->t.type & (REACHABLE | FREE))
+    return nil;
+
+  return t;
+}
+
 void gc_late_init(void)
 {
   reg_fun(intern(lit("gc"), system_package), func_n0(gc_wrap));
-- 
cgit v1.2.3