mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 10:59:27 +00:00
bc9a875c99
Previously when managing the importModuleDynamically callback of vm.compileFunction(), we use an ID number as the host defined option and maintain a per-Environment ID -> CompiledFnEntry map to retain the top-level referrer function returned by vm.compileFunction() in order to pass it back to the callback, but it would leak because with how we used v8::Persistent to maintain this reference, V8 would not be able to understand the cycle and would just think that the CompiledFnEntry was supposed to live forever. We made an attempt to make that reference known to V8 by making the CompiledFnEntry weak and using a private symbol to make CompiledFnEntry strongly references the top-level referrer function in https://github.com/nodejs/node/pull/46785, but that turned out to be unsound, because the there's no guarantee that the top-level function must be alive while import() can still be initiated from that function, since V8 could discard the top-level function and only keep inner functions alive, so relying on the top-level function to keep the CompiledFnEntry alive could result in use-after-free which caused a revert of that fix. With this patch we use a symbol in the host defined options instead of a number, because with the stage-3 symbol-as-weakmap-keys proposal we could directly use that symbol to keep the referrer alive using a WeakMap. As a bonus this also keeps the other kinds of referrers alive as long as import() can still be initiated from that Script/Module, so this also fixes the long-standing crash caused by vm.Script being GC'ed too early when its importModuleDynamically callback still needs it. PR-URL: https://github.com/nodejs/node/pull/48510 Refs: https://github.com/nodejs/node/issues/44211 Refs: https://github.com/nodejs/node/issues/42080 Refs: https://github.com/nodejs/node/issues/47096 Refs: https://github.com/nodejs/node/issues/43205 Refs: https://github.com/nodejs/node/issues/38695 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
33 lines
812 B
JavaScript
33 lines
812 B
JavaScript
// Flags: --expose-gc --experimental-vm-modules
|
|
|
|
'use strict';
|
|
|
|
// This tests that vm.Script would not get GC'ed while the script can still
|
|
// initiate dynamic import.
|
|
// See https://github.com/nodejs/node/issues/43205.
|
|
|
|
require('../common');
|
|
const vm = require('vm');
|
|
|
|
const code = `
|
|
new Promise(resolve => {
|
|
setTimeout(() => {
|
|
gc(); // vm.Script should not be GC'ed while the script is alive.
|
|
resolve();
|
|
}, 1);
|
|
}).then(() => import('foo'));`;
|
|
|
|
// vm.runInThisContext creates a vm.Script underneath, which should not be GC'ed
|
|
// while import() can still be initiated.
|
|
vm.runInThisContext(code, {
|
|
async importModuleDynamically() {
|
|
const m = new vm.SyntheticModule(['bar'], () => {
|
|
m.setExport('bar', 1);
|
|
});
|
|
|
|
await m.link(() => {});
|
|
await m.evaluate();
|
|
return m;
|
|
}
|
|
});
|