Correctness (II)
Rule 1: metadata has no stable pointers to uninitialized metadata
- after crash could potentially access anything
- writes that include pointer cannot be stable
Rule 2: when block is freed, there are no stable pointers to it
- reference counts must be correct
- write that deletes pointer must be stable