Posted on January 23, 2023
The Foreign Function & Memory API (FFM in short) in centered around the idea of explicit lifetime management. That is, memory segments allocated using the FFM API are assigned a lifetime (known as SegmentScope), which determines when can the segments be accessed (e.g. when is their backing region of memory still available), and by whom (e.g. which threads can access the memory segment). In this document we show why existing approaches to explicit memory management such as malloc/free are not sufficient for the FFM API, and how reasoning about lifetimes helps programs using the FFM API avoid pesky temporal bugs (also known as use-after-free).
More at https://cr.openjdk.org/~mcimadamore/panama/why_lifetimes.html