src/wasm · 967a2d4762fae49043a0f8d5bd2e0fc5c8285cc7 · Linshizhi / V8

[wasm] Clear owned_memory list of native modules after freeing · 9bd1e7d3

Andreas Haas authored Feb 15, 2018

The call to isolate_->AdjustAmountOfExternalAllocatedMemory in
WasmCodeManager::FreeNativeModuleMemories can cause a GC, which can
indirectly call WasmCodeManager::FreeNativeModuleMemories again. It
seems that this recursive call can cause memory to be deallocated
twice. With this CL we clear the list of owned_memory after all entries
were deallocated so that we cannot deallocate them again.

I think this CL fixes a crash we saw on ChromeCrash. I don't know how
to reproduce the issue though, or how to write a test for it.

R=mstarzinger@chromium.org

Bug: chromium:812532
Change-Id: I3b66274f9b72919952a4211e984192c0867a6c22
Reviewed-on: https://chromium-review.googlesource.com/921226Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51312}

9bd1e7d3

Name	Last commit	Last update
..
baseline		Loading commit data...
OWNERS		Loading commit data...
compilation-manager.cc		Loading commit data...
compilation-manager.h		Loading commit data...
decoder.h		Loading commit data...
function-body-decoder-impl.h		Loading commit data...
function-body-decoder.cc		Loading commit data...
function-body-decoder.h		Loading commit data...
leb-helper.h		Loading commit data...
local-decl-encoder.cc		Loading commit data...
local-decl-encoder.h		Loading commit data...
memory-tracing.cc		Loading commit data...
memory-tracing.h		Loading commit data...
module-compiler.cc		Loading commit data...
module-compiler.h		Loading commit data...
module-decoder.cc		Loading commit data...
module-decoder.h		Loading commit data...
signature-map.cc		Loading commit data...
signature-map.h		Loading commit data...
streaming-decoder.cc		Loading commit data...
streaming-decoder.h		Loading commit data...
wasm-code-manager.cc		Loading commit data...
wasm-code-manager.h		Loading commit data...
wasm-code-specialization.cc		Loading commit data...
wasm-code-specialization.h		Loading commit data...
wasm-code-wrapper.cc		Loading commit data...
wasm-code-wrapper.h		Loading commit data...
wasm-constants.h		Loading commit data...
wasm-debug.cc		Loading commit data...
wasm-engine.cc		Loading commit data...
wasm-engine.h		Loading commit data...
wasm-external-refs.cc		Loading commit data...
wasm-external-refs.h		Loading commit data...
wasm-interpreter.cc		Loading commit data...
wasm-interpreter.h		Loading commit data...
wasm-js.cc		Loading commit data...
wasm-js.h		Loading commit data...
wasm-limits.h		Loading commit data...
wasm-memory.cc		Loading commit data...
wasm-memory.h		Loading commit data...
wasm-module-builder.cc		Loading commit data...
wasm-module-builder.h		Loading commit data...
wasm-module.cc		Loading commit data...
wasm-module.h		Loading commit data...
wasm-objects-inl.h		Loading commit data...
wasm-objects.cc		Loading commit data...
wasm-objects.h		Loading commit data...
wasm-opcodes.cc		Loading commit data...
wasm-opcodes.h		Loading commit data...
wasm-result.cc		Loading commit data...
wasm-result.h		Loading commit data...
wasm-serialization.cc		Loading commit data...
wasm-serialization.h		Loading commit data...
wasm-text.cc		Loading commit data...
wasm-text.h		Loading commit data...
wasm-value.h		Loading commit data...