-
It may not be obvious, but the moment unlock is called, the locker instance may be destroyed. See g_object_unref(), which calls toggle_refs_check_and_ref_or_deref(). It will check for toggle references while dropping the ref count from 2 to 1. It must decrement the ref count while holding the lock, but it also must still unlock afterwards. Note that the locker instance is on the object itself. Once we decrement the ref count we give up our reference and another thread may race against destroying the object. We thus must not touch object anymore. How can we then still unlock? This works correctly because: - unlock operations must not touch the locker instance after unlocking. - assume that another thread races g_object_unref() to destroy the object, while we are about to call object_bit_unlock() in toggle_refs_check_and_ref_or_deref(). Then that other thread will also need to acquire the same lock (during g_object_n...
1b298d1d