scheduler: use token API when destroying objects
diff --git a/sdk/core/scheduler/common.h b/sdk/core/scheduler/common.h
index ea9ccfd..0c43380 100644
--- a/sdk/core/scheduler/common.h
+++ b/sdk/core/scheduler/common.h
@@ -51,10 +51,17 @@
* Subclasses must implement a static `sealing_type` method that returns
* the sealing key.
*/
- template<bool IsDynamic>
+ template<bool IsDynamicArg>
struct Handle
{
/**
+ * Some Handle types must reside in static memory, and some may be built
+ * on the fly, and in particular in the shared heap, at runtime. Is
+ * this type among the latter?
+ */
+ static constexpr bool IsDynamic = IsDynamicArg;
+
+ /**
* Unseal `unsafePointer` as a pointer to an object of the specified
* type. Returns nullptr if `unsafePointer` is not a valid sealed
* pointer to an object of the correct type.
diff --git a/sdk/core/scheduler/main.cc b/sdk/core/scheduler/main.cc
index d5d2b01..d4d36a8 100644
--- a/sdk/core/scheduler/main.cc
+++ b/sdk/core/scheduler/main.cc
@@ -375,20 +375,24 @@
/// Helper to safely deallocate an instance of `T`.
template<typename T>
- int deallocate(SObjStruct *heapCapability, void *object)
+ int deallocate(SObjStruct *heapCapability, void *objectPtr)
{
+ static_assert(T::IsDynamic);
+
// Acquire the lock and hold it. We need to be careful of two attempts
// to free the same object racing, so we cause others to back up behind
// this one. They will then fail in the unseal operation.
LockGuard g{deallocLock};
- return typed_op<T>(object, [&](T &unsealed) {
- if (int ret = heap_can_free(heapCapability, &unsealed); ret != 0)
+ return typed_op<T>(objectPtr, [&](T &unsealed) {
+ SObj object = static_cast<SObj>(objectPtr);
+ if (int ret = token_obj_can_destroy(
+ heapCapability, T::sealing_type(), object);
+ ret != 0)
{
return ret;
}
unsealed.~T();
- heap_free(heapCapability, &unsealed);
- return 0;
+ return token_obj_destroy(heapCapability, T::sealing_type(), object);
});
}