Fix use-after-free bug in reactor shutdown

[mvandeberg]

Summary by CodeRabbit

• Bug Fixes
  • Fixed potential use-after-free errors during shutdown by deferring resource release until queued operations are drained.
  • Improved lifetime management so socket and acceptor resources are released at service teardown, preventing premature destruction.
  • Ensured internal shutdown sequences allow queued operations to complete before underlying resources are destroyed.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR defers clearing of acceptor and socket pointer maps during shutdown across epoll, kqueue, and select backends, leaving those shared_ptrs to be released by the state destructor after the scheduler drains queued operations. descriptor_state::destroy() is implemented to reset impl_ref_ to break self-referential cycles during shutdown.

Changes

Cohort / File(s)	Summary
Acceptor shutdown lifecycle src/corosio/src/detail/epoll/acceptors.cpp, src/corosio/src/detail/kqueue/acceptors.cpp, src/corosio/src/detail/select/acceptors.cpp	Removed clearing of acceptor_ptrs_ in shutdown; pointers now remain until state destruction after scheduler drains queued ops.
Socket shutdown lifecycle src/corosio/src/detail/epoll/sockets.cpp, src/corosio/src/detail/kqueue/sockets.cpp, src/corosio/src/detail/select/sockets.cpp	Removed clearing of socket_ptrs_ in shutdown; implementations are retained until queued operations are drained to avoid use-after-free.
Descriptor state lifecycle src/corosio/src/detail/epoll/op.hpp, src/corosio/src/detail/kqueue/op.hpp	Implemented descriptor_state::destroy() to reset impl_ref_, breaking self-referential cycles created during close/shutdown.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Epoll optimizations #106: Changes to descriptor_state and shutdown lifetime management that touch impl_ref_ handling and deferred clearing of pointer maps.
• Add portable select() reactor backend for POSIX platforms #87: Related edits to descriptor lifetime and shutdown coordination across backends.
• Edge-Triggered Epoll and Backend Improvements #96: Modifications addressing op ownership and descriptor lifecycle during shutdown and drain semantics.

Poem

🐰
Cycles loosen, pointers stay,
Scheduler drains the ops away,
Destructor waits for queue to clear,
Impl_ref broken, no more fear,
Hops of safety, soft and gay.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main purpose of the changeset: fixing a use-after-free bug during reactor shutdown across multiple I/O multiplexing implementations.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cppalliance-bot]

An automated preview of the documentation is available at https://127.corosio.prtest3.cppalliance.org/index.html

If more commits are pushed to the pull request, the docs will rebuild at the same URL.

2026-02-11 17:55:56 UTC

[codecov]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 80.12%. Comparing base (6a49606) to head (d926dc3).
⚠️ Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
src/corosio/src/detail/epoll/op.hpp	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop     #127      +/-   ##
===========================================
- Coverage    80.13%   80.12%   -0.02%     
===========================================
  Files           65       65              
  Lines         5639     5635       -4     
===========================================
- Hits          4519     4515       -4     
  Misses        1120     1120              

Files with missing lines	Coverage Δ
src/corosio/src/detail/epoll/acceptors.cpp	81.77% <ø> (-0.08%)	⬇️
src/corosio/src/detail/epoll/sockets.cpp	71.39% <ø> (-0.07%)	⬇️
src/corosio/src/detail/select/acceptors.cpp	62.90% <ø> (-0.15%)	⬇️
src/corosio/src/detail/select/sockets.cpp	73.38% <ø> (-0.08%)	⬇️
src/corosio/src/detail/epoll/op.hpp	84.34% <0.00%> (ø)

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6a49606...d926dc3. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cppalliance-bot]

GCOVR code coverage report https://127.corosio.prtest3.cppalliance.org/gcovr/index.html
LCOV code coverage report https://127.corosio.prtest3.cppalliance.org/genhtml/index.html
Coverage Diff Report https://127.corosio.prtest3.cppalliance.org/diff-report/index.html

Build time: 2026-02-11 17:59:20 UTC