Tor could use a generic 'handle' implementation.

Frequently we want to have one object have a pointer to another, but we don't want to have the first object own the second. In these cases, we need to do one of the following ugly C dances:

• We make sure that the pointed-to object never outlives the pointing object.
• We make sure that when the pointed-to object is freed, the pointer to it is set to NULL.
• Instead of using a pointer, we use some kind of unique identifier, and look up the pointed-to object in a hash table.

The first two options are error-prone, and the third is slower than regular pointer access.

Instead of these choices, we could use a 'handle' pattern to create a standard way to look up objects indirectly; we could use some of the tricks from a usual 'weak reference' implementation. Ideally, we could write the interface in such a way as to permit more than one possible implementation.

The branch weakref in my public repository has some janky progress towards a solution here.