Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Reference stealing #2722
Opening this issue to discuss how Cython handles reference stealing. Have noted that some functions account for this by returning
This was referenced
Nov 16, 2018
Good question. :) Let me collect a couple of thoughts on this.
First of all, regarding the examples at hand, the obvious solution for users is to not use
Then, it feels to me like this is not really a bug in Cython, because Cython does the right thing, seen from the point of the caller. It's the function itself that misbehaves, in a way. It is still a usability issue, because Cython can't help with this kind of contract and does not guard against accidental misuse.
Changing the argument type would be a signal to the user that something unusual is going on, and that it's up to the user to take care of it. It's not perfect, because
But then, what could Cython do? Automatically increase the reference count of the argument when it gets passed? That would go against the intention of these functions, which specifically want to avoid useless reference counting.
What Cython could do is to set the reference to
Personally, I think we'd be better off entirely without such functions. They are just too error prone by design.
I'd be happy to hear other thoughts on this, but could live with just raising the bar for users of such functions by requiring an explicit cast to make them aware that they are on their own.
I agree that all reference-stealing function should be marked with a large warning.
The problem is that there's not really a "correct" way to indicate this with argument types as the way to "properly" use these functions is all about what you do (or don't do) after passing the argument. This makes it hard (impossible?) to check via types.
It's worth noting that there is a certain convenience here for writing against the raw C API, as one can pass new references to these functions without worrying about cleaning them up. Increfing before the call might not be that bad (and try to optimize it away if it matters).