From 36d999588400b186972e6ce778fde64733c9cfb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Desbiens?= Date: Tue, 23 Jun 2026 19:37:33 -0400 Subject: [PATCH] Marked txm_module_object_deallocate as deprecated Added a compile-time #pragma message warning to the module library source so that any module that includes or compiles this file receives an explicit deprecation notice at build time. Updated the internal documentation block in the manager-side implementation to explain that this function must not be called directly and that calling it on a live object causes a use-after-free. The Module Manager dispatch layer already releases pool memory automatically after a successful tx_*_delete() call. Module authors should remove any explicit call to txm_module_object_deallocate(). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../src/txm_module_object_deallocate.c | 21 +++++++++++++++++++ .../txm_module_manager_object_deallocate.c | 12 ++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/common_modules/module_lib/src/txm_module_object_deallocate.c b/common_modules/module_lib/src/txm_module_object_deallocate.c index c0ffb097f..480c61005 100644 --- a/common_modules/module_lib/src/txm_module_object_deallocate.c +++ b/common_modules/module_lib/src/txm_module_object_deallocate.c @@ -23,6 +23,27 @@ #define TXM_MODULE #include "txm_module.h" #ifndef TXM_MODULE_OBJECT_DEALLOCATE_CALL_NOT_USED + +/* DEPRECATION NOTICE + * txm_module_object_deallocate() is deprecated and must not be used in new + * code. It is retained only for backward-compatibility with existing modules. + * + * WHY: when a module calls tx_timer_delete(), tx_semaphore_delete(), or any + * other tx_*_delete() service, the Module Manager dispatch layer automatically + * releases the associated object pool memory after the kernel cleanup + * completes. No separate deallocation call is required or expected. + * + * WHAT TO DO: remove any call to txm_module_object_deallocate() from your + * module. The corresponding tx_*_delete() call already handles everything. + * + * RISK: calling txm_module_object_deallocate() on a live kernel object (one + * whose tx_*_delete() has not yet been called) frees the backing pool memory + * while the object is still referenced by the kernel, which is undefined + * behaviour (use-after-free). + */ +#pragma message("txm_module_object_deallocate() is deprecated and must not be used. " \ + "Call tx_*_delete() instead; the Module Manager dispatch layer " \ + "releases pool memory automatically on success.") /**************************************************************************/ /* */ /* FUNCTION RELEASE */ diff --git a/common_modules/module_manager/src/txm_module_manager_object_deallocate.c b/common_modules/module_manager/src/txm_module_manager_object_deallocate.c index 2efc465b7..95e28e4d6 100644 --- a/common_modules/module_manager/src/txm_module_manager_object_deallocate.c +++ b/common_modules/module_manager/src/txm_module_manager_object_deallocate.c @@ -38,7 +38,17 @@ /* */ /* DESCRIPTION */ /* */ -/* This function deallocates a previously allocated object. */ +/* DEPRECATED. This function is called internally by the Module */ +/* Manager dispatch layer after a successful tx_*_delete() call from */ +/* a module. It must not be called directly by module or application */ +/* code. Calling it on a live kernel object (one whose tx_*_delete() */ +/* has not yet been called) frees the backing pool memory while the */ +/* object is still referenced by the kernel (use-after-free). */ +/* */ +/* Module authors: remove any explicit call to */ +/* txm_module_object_deallocate(). Calling the appropriate */ +/* tx_*_delete() service is sufficient; pool deallocation is handled */ +/* automatically by the dispatch layer. */ /* */ /* INPUT */ /* */