Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

domain: avoid circular memory references #25993

Closed
wants to merge 4 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions lib/domain.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ const {
} = require('internal/errors').codes;
const { createHook } = require('async_hooks');

// TODO(addaleax): Use a non-internal solution for this.
const kWeak = Symbol('kWeak');
const { WeakReference } = internalBinding('util');

// Overwrite process.domain with a getter/setter that will allow for more
// effective optimizations
var _domain = [null];
Expand All @@ -53,20 +57,22 @@ const asyncHook = createHook({
init(asyncId, type, triggerAsyncId, resource) {
if (process.domain !== null && process.domain !== undefined) {
// If this operation is created while in a domain, let's mark it
pairing.set(asyncId, process.domain);
pairing.set(asyncId, process.domain[kWeak]);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it conceivable that user code tampers with process.domain?

What would happen if I set process.domain = {}?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don’t think the domain code is all that tampering-proof to being with…

I’m also not sure what we could do in that case.

resource.domain = process.domain;
}
},
before(asyncId) {
const current = pairing.get(asyncId);
addaleax marked this conversation as resolved.
Show resolved Hide resolved
if (current !== undefined) { // enter domain for this cb
current.enter();
// We will get the domain through current.get(), because the resource
// object's .domain property makes sure it is not garbage collected.
current.get().enter();
}
},
after(asyncId) {
const current = pairing.get(asyncId);
if (current !== undefined) { // exit domain for this cb
current.exit();
current.get().exit();
}
},
destroy(asyncId) {
Expand Down Expand Up @@ -167,6 +173,7 @@ class Domain extends EventEmitter {
super();

this.members = [];
this[kWeak] = new WeakReference(this);
asyncHook.enable();

this.on('removeListener', updateExceptionCapture);
Expand Down
43 changes: 43 additions & 0 deletions src/node_util.cc
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#include "node_errors.h"
#include "node_watchdog.h"
#include "util.h"
#include "base_object-inl.h"

namespace node {
namespace util {
Expand All @@ -11,6 +12,7 @@ using v8::Boolean;
using v8::Context;
using v8::Function;
using v8::FunctionCallbackInfo;
using v8::FunctionTemplate;
using v8::IndexFilter;
using v8::Integer;
using v8::Isolate;
Expand Down Expand Up @@ -181,6 +183,37 @@ void EnqueueMicrotask(const FunctionCallbackInfo<Value>& args) {
isolate->EnqueueMicrotask(args[0].As<Function>());
}

class WeakReference : public BaseObject {
public:
WeakReference(Environment* env, Local<Object> object, Local<Object> target)
: BaseObject(env, object) {
MakeWeak();
target_.Reset(env->isolate(), target);
target_.SetWeak();
}

static void New(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);
CHECK(args.IsConstructCall());
CHECK(args[0]->IsObject());
new WeakReference(env, args.This(), args[0].As<Object>());
}

static void Get(const FunctionCallbackInfo<Value>& args) {
WeakReference* weak_ref = Unwrap<WeakReference>(args.Holder());
Isolate* isolate = args.GetIsolate();
if (!weak_ref->target_.IsEmpty())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically not necessary: Persistent<T>::Get() will return an empty handle, causing ReturnValue<T>::Set() to default to undefined.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thought about it, and I think I’d prefer an explicit variant here, so that it’s a bit more obvious what happens when the object has been GC’ed…

args.GetReturnValue().Set(weak_ref->target_.Get(isolate));
}

SET_MEMORY_INFO_NAME(WeakReference)
SET_SELF_SIZE(WeakReference)
SET_NO_MEMORY_INFO()

private:
Persistent<Object> target_;
};

void Initialize(Local<Object> target,
Local<Value> unused,
Local<Context> context,
Expand Down Expand Up @@ -241,6 +274,16 @@ void Initialize(Local<Object> target,
should_abort_on_uncaught_toggle,
env->should_abort_on_uncaught_toggle().GetJSArray())
.FromJust());

Local<String> weak_ref_string =
FIXED_ONE_BYTE_STRING(env->isolate(), "WeakReference");
Local<FunctionTemplate> weak_ref =
env->NewFunctionTemplate(WeakReference::New);
weak_ref->InstanceTemplate()->SetInternalFieldCount(1);
weak_ref->SetClassName(weak_ref_string);
env->SetProtoMethod(weak_ref, "get", WeakReference::Get);
target->Set(context, weak_ref_string,
weak_ref->GetFunction(context).ToLocalChecked()).FromJust();
}

} // namespace util
Expand Down
36 changes: 36 additions & 0 deletions test/parallel/test-domain-async-id-map-leak.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
// Flags: --expose-gc
'use strict';
const common = require('../common');
const onGC = require('../common/ongc');
const assert = require('assert');
const async_hooks = require('async_hooks');
const domain = require('domain');
const EventEmitter = require('events');

// This test makes sure that the (async id → domain) map which is part of the
// domain module does not get in the way of garbage collection.
// See: https://github.com/nodejs/node/issues/23862

let d = domain.create();
d.run(() => {
const resource = new async_hooks.AsyncResource('TestResource');
const emitter = new EventEmitter();

d.remove(emitter);
d.add(emitter);

emitter.linkToResource = resource;
assert.strictEqual(emitter.domain, d);
assert.strictEqual(resource.domain, d);

// This would otherwise be a circular chain now:
// emitter → resource → async id ⇒ domain → emitter.
// Make sure that all of these objects are released:

onGC(resource, { ongc: common.mustCall() });
onGC(d, { ongc: common.mustCall() });
onGC(emitter, { ongc: common.mustCall() });
});

d = null;
global.gc();
17 changes: 17 additions & 0 deletions test/parallel/test-internal-util-weakreference.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
// Flags: --expose-internals --expose-gc
'use strict';
require('../common');
const assert = require('assert');
const { internalBinding } = require('internal/test/binding');
const { WeakReference } = internalBinding('util');

let obj = { hello: 'world' };
const ref = new WeakReference(obj);
assert.strictEqual(ref.get(), obj);

setImmediate(() => {
obj = null;
global.gc();

assert.strictEqual(ref.get(), undefined);
});