Skip to content

n-api: free instance data as reference#31638

Closed
gabrielschulhof wants to merge 1 commit intonodejs:masterfrom
gabrielschulhof:finalize-instance-data-via-ref-tracker
Closed

n-api: free instance data as reference#31638
gabrielschulhof wants to merge 1 commit intonodejs:masterfrom
gabrielschulhof:finalize-instance-data-via-ref-tracker

Conversation

@gabrielschulhof
Copy link
Contributor

@gabrielschulhof gabrielschulhof commented Feb 4, 2020

Instance data associated with a napi_env is no longer stored on the
env itself but is instead rendered as a reference. Since
v8impl::Reference is tied to a JS object, this modification factors
out the v8impl::Reference refcounting and the deletion process into
a base class for v8impl::Reference, called v8impl::RefBase. The
instance data is then stored as a v8impl::RefBase, along with other
references, preventing a segfault that arises from the fact that, up
until now, upon napi_env destruction, the instance data was freed
after all references had already been forcefully freed. If the addon
freed a reference during the napi_set_instance_data finalizer
callback, such a reference had already been freed during environment
teardown, causing a double free.

Re: nodejs/node-addon-api#663

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added the c++ Issues and PRs that require attention from people who are familiar with C++. label Feb 4, 2020
@gabrielschulhof gabrielschulhof added node-api-semver-major semver-major changes that need to be considered for N-API node-api Issues and PRs related to the Node-API. and removed node-api-semver-major semver-major changes that need to be considered for N-API labels Feb 4, 2020
@gabrielschulhof gabrielschulhof force-pushed the finalize-instance-data-via-ref-tracker branch from 1aa5958 to fff128c Compare February 4, 2020 22:54
addaleax
addaleax approved these changes Feb 4, 2020
View reviewed changes
src/js_native_api_v8.h Outdated
Copy link
Member

@addaleax addaleax Feb 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can replace this entire custom linked list implementation by ListHead/ListNode from util.h? That works pretty well for other parts of the codebase :)

Copy link
Contributor Author

@gabrielschulhof gabrielschulhof Feb 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I filed #31639 for this.

This was referenced Feb 4, 2020
Closed
Closed
@gabrielschulhof gabrielschulhof force-pushed the finalize-instance-data-via-ref-tracker branch from fff128c to 69169fd Compare February 5, 2020 00:00
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Feb 6, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/28949/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Feb 6, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/28950/

@gabrielschulhof gabrielschulhof force-pushed the finalize-instance-data-via-ref-tracker branch from 69169fd to 5042714 Compare February 6, 2020 18:23
n-api: free instance data as reference
38b4b6f 
Instance data associated with a `napi_env` is no longer stored on the
env itself but is instead rendered as a reference. Since
`v8impl::Reference` is tied to a JS object, this modification factors
out the `v8impl::Reference` refcounting and the deletion process into
a base class for `v8impl::Reference`, called `v8impl::RefBase`. The
instance data is then stored as a `v8impl::RefBase`, along with other
references, preventing a segfault that arises from the fact that, up
until now, upon `napi_env` destruction, the instance data was freed
after all references had already been forcefully freed. If the addon
freed a reference during the `napi_set_instance_data` finalizer
callback, such a reference had already been freed during environment
teardown, causing a double free.

Re: nodejs/node-addon-api#663
@gabrielschulhof gabrielschulhof force-pushed the finalize-instance-data-via-ref-tracker branch from 5042714 to 38b4b6f Compare February 6, 2020 18:30
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Feb 6, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/28955/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Feb 6, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/28956/

gabrielschulhof pushed a commit that referenced this pull request Feb 6, 2020
n-api: free instance data as reference
884e287 
Instance data associated with a `napi_env` is no longer stored on the
env itself but is instead rendered as a reference. Since
`v8impl::Reference` is tied to a JS object, this modification factors
out the `v8impl::Reference` refcounting and the deletion process into
a base class for `v8impl::Reference`, called `v8impl::RefBase`. The
instance data is then stored as a `v8impl::RefBase`, along with other
references, preventing a segfault that arises from the fact that, up
until now, upon `napi_env` destruction, the instance data was freed
after all references had already been forcefully freed. If the addon
freed a reference during the `napi_set_instance_data` finalizer
callback, such a reference had already been freed during environment
teardown, causing a double free.

Re: nodejs/node-addon-api#663
PR-URL: #31638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: David Carlier <devnexen@gmail.com>
@gabrielschulhof
Copy link
Contributor Author

gabrielschulhof commented Feb 6, 2020

Landed in 884e287.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Feb 6, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/28963/

codebytere pushed a commit that referenced this pull request Feb 17, 2020
@codebytere
n-api: free instance data as reference
ae2141e 
Instance data associated with a `napi_env` is no longer stored on the
env itself but is instead rendered as a reference. Since
`v8impl::Reference` is tied to a JS object, this modification factors
out the `v8impl::Reference` refcounting and the deletion process into
a base class for `v8impl::Reference`, called `v8impl::RefBase`. The
instance data is then stored as a `v8impl::RefBase`, along with other
references, preventing a segfault that arises from the fact that, up
until now, upon `napi_env` destruction, the instance data was freed
after all references had already been forcefully freed. If the addon
freed a reference during the `napi_set_instance_data` finalizer
callback, such a reference had already been freed during environment
teardown, causing a double free.

Re: nodejs/node-addon-api#663
PR-URL: #31638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: David Carlier <devnexen@gmail.com>
@codebytere codebytere mentioned this pull request Feb 17, 2020
Merged
codebytere pushed a commit that referenced this pull request Mar 15, 2020
@codebytere
n-api: free instance data as reference
63bb634 
Instance data associated with a `napi_env` is no longer stored on the
env itself but is instead rendered as a reference. Since
`v8impl::Reference` is tied to a JS object, this modification factors
out the `v8impl::Reference` refcounting and the deletion process into
a base class for `v8impl::Reference`, called `v8impl::RefBase`. The
instance data is then stored as a `v8impl::RefBase`, along with other
references, preventing a segfault that arises from the fact that, up
until now, upon `napi_env` destruction, the instance data was freed
after all references had already been forcefully freed. If the addon
freed a reference during the `napi_set_instance_data` finalizer
callback, such a reference had already been freed during environment
teardown, causing a double free.

Re: nodejs/node-addon-api#663
PR-URL: #31638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: David Carlier <devnexen@gmail.com>
codebytere pushed a commit that referenced this pull request Mar 17, 2020
@codebytere
n-api: free instance data as reference
9680fd4 
Instance data associated with a `napi_env` is no longer stored on the
env itself but is instead rendered as a reference. Since
`v8impl::Reference` is tied to a JS object, this modification factors
out the `v8impl::Reference` refcounting and the deletion process into
a base class for `v8impl::Reference`, called `v8impl::RefBase`. The
instance data is then stored as a `v8impl::RefBase`, along with other
references, preventing a segfault that arises from the fact that, up
until now, upon `napi_env` destruction, the instance data was freed
after all references had already been forcefully freed. If the addon
freed a reference during the `napi_set_instance_data` finalizer
callback, such a reference had already been freed during environment
teardown, causing a double free.

Re: nodejs/node-addon-api#663
PR-URL: #31638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: David Carlier <devnexen@gmail.com>
@codebytere codebytere mentioned this pull request Mar 17, 2020
Merged
codebytere pushed a commit that referenced this pull request Mar 30, 2020
@codebytere
n-api: free instance data as reference
08e09ec 
Instance data associated with a `napi_env` is no longer stored on the
env itself but is instead rendered as a reference. Since
`v8impl::Reference` is tied to a JS object, this modification factors
out the `v8impl::Reference` refcounting and the deletion process into
a base class for `v8impl::Reference`, called `v8impl::RefBase`. The
instance data is then stored as a `v8impl::RefBase`, along with other
references, preventing a segfault that arises from the fact that, up
until now, upon `napi_env` destruction, the instance data was freed
after all references had already been forcefully freed. If the addon
freed a reference during the `napi_set_instance_data` finalizer
callback, such a reference had already been freed during environment
teardown, causing a double free.

Re: nodejs/node-addon-api#663
PR-URL: #31638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: David Carlier <devnexen@gmail.com>
@gabrielschulhof gabrielschulhof deleted the finalize-instance-data-via-ref-tracker branch April 21, 2020 02:58
@codebytere codebytere mentioned this pull request May 7, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@addaleax addaleax addaleax approved these changes

@mhdawson mhdawson Awaiting requested review from mhdawson

@legendecas legendecas Awaiting requested review from legendecas

+1 more reviewer

@devnexen devnexen devnexen approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. node-api Issues and PRs related to the Node-API.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@gabrielschulhof @nodejs-github-bot @addaleax @devnexen @MylesBorins