[heap] Fix address space leak in Unmapper

src/heap/spaces.cc

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/heap/spaces.h"
 
 #include <utility>
 
 #include "src/base/bits.h"
 #include "src/base/platform/platform.h"
@@ skipping 364 matching lines @@
   // Non-regular chunks.
   while ((chunk = GetMemoryChunkSafe<kNonRegular>()) != nullptr) {
     allocator_->PerformFreeMemory(chunk);
   }
 }
 
 void MemoryAllocator::Unmapper::TearDown() {
   WaitUntilCompleted();
   ReconsiderDelayedChunks();
   CHECK(delayed_regular_chunks_.empty());
-  PerformFreeMemoryOnQueuedChunks();
+  // Free any queued chunks. Note that we need to clear the pooled flag for
+  // regular chunks as they otherwise only get uncommitted.
+  MemoryChunk* chunk = nullptr;

[Hannes Payer (out of office), 2017/02/10 12:29:22]

Let's wrap that into a function with a proper name to immediately see the
difference to PerformFreeMemoryOnQueuedChunks.

[Michael Lippautz, 2017/02/10 13:34:12]

Done. Unified into a single function.

+  while ((chunk = GetMemoryChunkSafe<kRegular>()) != nullptr) {
+    chunk->ClearFlag(MemoryChunk::POOLED);
+    allocator_->PerformFreeMemory(chunk);
+  }
+  while ((chunk = GetMemoryChunkSafe<kPooled>()) != nullptr) {
+    // Already uncommitted memory.
+    allocator_->Free<MemoryAllocator::kAlreadyPooled>(chunk);
+  }
+  while ((chunk = GetMemoryChunkSafe<kNonRegular>()) != nullptr) {
+    allocator_->PerformFreeMemory(chunk);
+  }

[Hannes Payer (out of office), 2017/02/10 12:29:22]

Let's verify here that all lists are empty.

[Michael Lippautz, 2017/02/10 13:34:12]

Done.

 }
 
 void MemoryAllocator::Unmapper::ReconsiderDelayedChunks() {
   std::list<MemoryChunk*> delayed_chunks(std::move(delayed_regular_chunks_));
   // Move constructed, so the permanent list should be empty.
   DCHECK(delayed_regular_chunks_.empty());
   for (auto it = delayed_chunks.begin(); it != delayed_chunks.end(); ++it) {
     AddMemoryChunkSafe<kRegular>(*it);
   }
 }
@@ skipping 506 matching lines @@
   }
 }
 
 template <MemoryAllocator::FreeMode mode>
 void MemoryAllocator::Free(MemoryChunk* chunk) {
   switch (mode) {
     case kFull:
       PreFreeMemory(chunk);
       PerformFreeMemory(chunk);
       break;
+    case kAlreadyPooled:
+      // Pooled pages cannot be touched anymore as their memory is uncommitted.
+      FreeMemory(chunk->address(), static_cast<size_t>(MemoryChunk::kPageSize),
+                 Executability::NOT_EXECUTABLE);
+      break;
     case kPooledAndQueue:
       DCHECK_EQ(chunk->size(), static_cast<size_t>(MemoryChunk::kPageSize));
       DCHECK_EQ(chunk->executable(), NOT_EXECUTABLE);
       chunk->SetFlag(MemoryChunk::POOLED);
     // Fall through to kPreFreeAndQueue.
     case kPreFreeAndQueue:
       PreFreeMemory(chunk);
       // The chunks added to this queue will be freed by a concurrent thread.
       unmapper()->AddMemoryChunkSafe(chunk);
       break;
-    default:
-      UNREACHABLE();
   }
 }
 
 template void MemoryAllocator::Free<MemoryAllocator::kFull>(MemoryChunk* chunk);
 
+template void MemoryAllocator::Free<MemoryAllocator::kAlreadyPooled>(
+    MemoryChunk* chunk);
+
 template void MemoryAllocator::Free<MemoryAllocator::kPreFreeAndQueue>(
     MemoryChunk* chunk);
 
 template void MemoryAllocator::Free<MemoryAllocator::kPooledAndQueue>(
     MemoryChunk* chunk);
 
-template <MemoryAllocator::AllocationMode alloc_mode, typename SpaceType>
-Page* MemoryAllocator::AllocatePage(size_t size, SpaceType* owner,
-                                    Executability executable) {
-  MemoryChunk* chunk = nullptr;
-  if (alloc_mode == kPooled) {
-    DCHECK_EQ(size, static_cast<size_t>(MemoryChunk::kAllocatableMemory));
-    DCHECK_EQ(executable, NOT_EXECUTABLE);
-    chunk = AllocatePagePooled(owner);
-  }
-  if (chunk == nullptr) {
-    chunk = AllocateChunk(size, size, executable, owner);
-  }
-  if (chunk == nullptr) return nullptr;
-  return Page::Initialize(isolate_->heap(), chunk, executable, owner);
-}
-
-template Page*
-MemoryAllocator::AllocatePage<MemoryAllocator::kRegular, PagedSpace>(
-    size_t size, PagedSpace* owner, Executability executable);
-template Page*
-MemoryAllocator::AllocatePage<MemoryAllocator::kRegular, SemiSpace>(
-    size_t size, SemiSpace* owner, Executability executable);
-template Page*
-MemoryAllocator::AllocatePage<MemoryAllocator::kPooled, SemiSpace>(
-    size_t size, SemiSpace* owner, Executability executable);
-
 LargePage* MemoryAllocator::AllocateLargePage(size_t size,
                                               LargeObjectSpace* owner,
                                               Executability executable) {
   MemoryChunk* chunk = AllocateChunk(size, size, executable, owner);
   if (chunk == nullptr) return nullptr;
   return LargePage::Initialize(isolate_->heap(), chunk, executable, owner);
 }
 
 template <typename SpaceType>
 MemoryChunk* MemoryAllocator::AllocatePagePooled(SpaceType* owner) {
@@ skipping 2259 matching lines @@
     object->ShortPrint();
     PrintF("\n");
   }
   printf(" --------------------------------------\n");
   printf(" Marked: %x, LiveCount: %x\n", mark_size, LiveBytes());
 }
 
 #endif  // DEBUG
 }  // namespace internal
 }  // namespace v8