RustPython
diff --git a/‎< 8000 !-- -->vm/src/object/core.rs
Lines changed: 35 additions & 14 deletions b/‎< 8000 !-- -->vm/src/object/core.rs
Lines changed: 35 additions & 14 deletions
diff --git a/‎vm/src/object/gc/collector.rs
Lines changed: 19 additions & 15 deletions b/‎vm/src/object/gc/collector.rs
Lines changed: 19 additions & 15 deletions
diff --git a/‎vm/src/object/gc/header.rs
Lines changed: 8 additions & 1 deletion b/‎vm/src/object/gc/header.rs
Lines changed: 8 additions & 1 deletion
diff --git a/‎vm/src/object/gc/mod.rs
Lines changed: 2 additions & 1 deletion b/‎vm/src/object/gc/mod.rs
Lines changed: 2 additions & 1 deletion
@@ -111,7 +111,7 @@ macro_rules! partially_drop {
 }
 
 /// drop only(doesn't deallocate)
-/// TODO: not drop `header` to prevent UB
+/// NOTE: `header` is not drop to prevent UB
 unsafe fn drop_only_obj<T: PyObjectPayload>(x: *mut PyObject) {
     let obj = x.cast::<PyInner<T>>().as_ref().expect("Non-Null Pointer");
     #[cfg(feature = "gc")]
@@ -1020,7 +1020,15 @@ impl PyObject {
         Ok(())
     }
 
-    /// Can only be called when ref_count has dropped to zero. `ptr` must be valid
+    /// only run `__del__`(or `slot_del` depends on the actual object), doesn't drop or dealloc
+    pub(in crate::object) unsafe fn del_only(ptr: NonNull<Self>) -> bool {
+        if let Err(()) = ptr.as_ref().drop_slow_inner() {
+            return false;
+        }
+        true
+    }
+
+    /// Can only be called when ref_count has dropped to zero. `ptr` must be valid, it run __del__ then drop&dealloc
     #[inline(never)]
     pub(in crate::object) unsafe fn drop_slow(ptr: NonNull<PyObject>) -> bool {
         if let Err(()) = ptr.as_ref().drop_slow_inner() {
@@ -1042,21 +1050,26 @@ impl PyObject {
         true
     }
 
+    /// only run rust RAII destructor, no __del__ neither dealloc
     pub(in crate::object) unsafe fn drop_only(ptr: NonNull<PyObject>) -> bool {
-        if let Err(()) = ptr.as_ref().drop_slow_inner() {
-            // abort drop for whatever reason
-            return false;
-        }
-
         if !ptr.as_ref().header().check_set_drop_only() {
             return false;
         }
-        // not set is_drop because still havn't dealloc
+        // not set PyInner's is_drop because still havn't dealloc
         let drop_only = ptr.as_ref().0.vtable.drop_only;
 
         drop_only(ptr.as_ptr());
         true
     }
+    /// run object's __del__ and then rust's destructor but doesn't dealloc
+    pub(in crate::object) unsafe fn del_drop(ptr: NonNull<PyObject>) -> bool {
+        if let Err(()) = ptr.as_ref().drop_slow_inner() {
+            // abort drop for whatever reason
+            return false;
+        }
+
+        Self::drop_only(ptr)
+    }
 
     pub(in crate::object) unsafe fn dealloc_only(ptr: NonNull<PyObject>) -> bool {
         #[cfg(feature = "gc")]
@@ -1187,12 +1200,16 @@ impl Drop for PyObjectRef {
             return;
         }
         let stat = self.decrement();
+        let ptr = self.ptr;
         match stat {
             GcStatus::ShouldDrop => unsafe {
-                PyObject::drop_slow(self.ptr);
+                PyObject::drop_slow(ptr);
             },
-            GcStatus::GarbageCycle | GcStatus::BufferedDrop => unsafe {
-                PyObject::drop_only(self.ptr);
+            GcStatus::BufferedDrop => unsafe {
+                PyObject::del_drop(ptr);
+            },
+            GcStatus::GarbageCycle => unsafe {
+                PyObject::del_only(ptr);
             },
             GcStatus::ShouldKeep | GcStatus::DoNothing => (),
         }
@@ -1357,12 +1374,16 @@ impl<T: PyObjectPayload> Drop for PyRef<T> {
             .or_insert_with(|| std::any::type_name::<T>().to_string());
 
         let stat = self.as_object().decrement();
+        let ptr = self.ptr.cast::<PyObject>();
         match stat {
             GcStatus::ShouldDrop => unsafe {
-                PyObject::drop_slow(self.ptr.cast::<PyObject>());
+                PyObject::drop_slow(ptr);
+            },
+            GcStatus::BufferedDrop => unsafe {
+                PyObject::del_drop(ptr);
             },
-            GcStatus::GarbageCycle | GcStatus::BufferedDrop => unsafe {
-                PyObject::drop_only(self.ptr.cast::<PyObject>());
+            GcStatus::GarbageCycle => unsafe {
+                PyObject::del_only(ptr);
             },
             GcStatus::ShouldKeep | GcStatus::DoNothing => (),
         }
 
@@ -97,12 +97,6 @@ impl Collector {
         PyObject::drop_slow(obj)
     }
      */
-    unsafe fn drop_only(obj: NonNull<PyObject>) -> bool {
-        PyObject::drop_only(obj)
-    }
-    unsafe fn dealloc_only(obj: NonNull<PyObject>) -> bool {
-        PyObject::dealloc_only(obj)
-    }
     fn collect_cycles(&self, force: bool) -> GcResult {
         if Self::IS_GC_THREAD.with(|v| v.get()) {
             return (0, 0).into();
@@ -171,7 +165,7 @@ impl Collector {
                         unsafe {
                             // only dealloc here, because already drop(only) in Object's impl Drop
                             // PyObject::dealloc_only(ptr.cast::<PyObject>());
-                            Self::dealloc_only(**ptr);
+                            PyObject::dealloc_only(**ptr);
                             // obj is dangling after this line?
                         }
                     }
@@ -278,14 +272,22 @@ impl Collector {
             });
         }
 
-        // drop all for once in seperate loop to avoid certain cycle ref double drop bug
+        // first only run __del__ to prevent accesss dropped object hence UB
+        let can_drops: Vec<_> = white
+            .iter()
+            .map(|i| unsafe { PyObject::del_only(*i) })
+            .collect();
+
+        // drop all for once at seperate loop to avoid certain cycle ref double drop bug
         // TODO: check and add detailed explain(could be something with __del__ func do)
-        let can_dealloc: Vec<_> = white
+        let can_deallocs: Vec<_> = white
             .iter()
-            .map(|i| {
-                unsafe {
-                    Self::drop_only(*i)
-                    // PyObject::drop_only(i.cast::<PyObject>());
+            .zip(can_drops)
+            .map(|(i, can_drop)| {
+                if can_drop {
+                    unsafe { PyObject::drop_only(*i) }
+                } else {
+                    false
                 }
             })
             .collect();
@@ -295,11 +297,11 @@ impl Collector {
         // access pointer of already dropped value's memory region
         white
             .iter()
-            .zip(can_dealloc)
+            .zip(can_deallocs)
             .map(|(i, can_dealloc)| {
                 if can_dealloc {
                     unsafe {
-                        Self::dealloc_only(*i);
+                        PyObject::dealloc_only(*i);
                     }
                 }
             })
@@ -435,6 +437,8 @@ impl Collector {
     #[inline]
     #[allow(unreachable_code)]
     pub fn should_gc(&self) -> bool {
+        // TODO: use "Optimal Heap Limits for Reducing Browser Memory Use"(http://arxiv.org/abs/2204.10455)
+        // to optimize gc condition
         if !self.is_enabled() {
             return false;
         }
 
@@ -13,13 +13,15 @@ use rustpython_common::{
 #[derive(Debug)]
 pub struct GcHeader {
     ref_cnt: PyAtomic<usize>,
+    /// TODO(discord9): compact color(2bit)+in_cycle(1)+buffered(1)+is_drop(1)+is_dealloc(1)+is_leak(1)=7bit into one byte
     color: PyMutex<Color>,
     /// prevent RAII to drop&dealloc when in cycle where should be drop&NOT dealloc
     in_cycle: PyMutex<bool>,
     buffered: PyMutex<bool>,
     is_drop: PyMutex<bool>,
     /// check for soundness
     is_dealloc: PyMutex<bool>,
+    is_leak: PyMutex<bool>,
     exclusive: PyMutex<()>,
     gc: PyRc<Collector>,
 }
@@ -33,6 +35,7 @@ impl Default for GcHeader {
             buffered: PyMutex::new(false),
             is_drop: PyMutex::new(false),
             is_dealloc: PyMutex::new(false),
+            is_leak: PyMutex::new(false),
             exclusive: PyMutex::new(()),
             /// when threading, using a global GC
             #[cfg(feature = "threading")]
@@ -207,14 +210,18 @@ impl GcHeader {
             // warn!("Try to leak a already leaked object!");
             return;
         }
+        *self.is_leak.lock() = true;
+        /*
         const BIT_MARKER: usize = (std::isize::MAX as usize) + 1;
         debug_assert_eq!(BIT_MARKER.count_ones(), 1);
         debug_assert_eq!(BIT_MARKER.leading_zeros(), 0);
         self.ref_cnt.fetch_add(BIT_MARKER, Ordering::Relaxed);
+        */
     }
 
     pub fn is_leaked(&self) -> bool {
-        (self.ref_cnt.load(Ordering::Acquire) as isize) < 0
+        // (self.ref_cnt.load(Ordering::Acquire) as isize) < 0
+        *self.is_leak.lock()
     }
 }
 
 
@@ -16,8 +16,9 @@ pub enum GcStatus {
     /// should be drop by caller
     ShouldDrop,
     /// because object is part of a garbage cycle, we don't want double dealloc
+    /// or use after drop, so run `__del__` only. Drop(destructor)&dealloc is handle by gc
     GarbageCycle,
-    /// already buffered, will be dealloc by collector, caller should call `drop_only` to run destructor only but not dealloc memory region
+    /// already buffered, will be dealloc by collector, caller should call [`PyObject::del_Drop`] to run destructor only but not dealloc memory region
     BufferedDrop,
     /// should keep and not drop by caller
     ShouldKeep,