[objects] Fix memory leak in PrototypeUsers::Add

Dominik Inführ · Commit Bot · commit d3a1a5b6c491 · 2019-12-16T11:42:08.000Z
PrototypeUsers::Add now iterates the WeakArrayList to find empty slots before growing the array. Not reusing empty slots caused a memory leak. It might also be desirable to shrink the WeakArrayList in the future. Right now it is only compacted when invoking CreateBlob. Also removed unused PrototypeUsers::IsEmptySlot declaration. Bug: v8:10031 Change-Id: I570ec78fca37e8f0c794f1f40846a4daab47c225 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967317 Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#65456}
diff --git a/src/objects/objects.cc b/src/objects/objects.cc
@@ -4044,6 +4044,13 @@ Handle<WeakArrayList> PrototypeUsers::Add(Isolate* isolate,
 
   // If there are empty slots, use one of them.
   int empty_slot = Smi::ToInt(empty_slot_index(*array));
+
+  if (empty_slot == kNoEmptySlotsMarker) {
+    // GCs might have cleared some references, rescan the array for empty slots.
+    PrototypeUsers::ScanForEmptySlots(*array);
+    empty_slot = Smi::ToInt(empty_slot_index(*array));
+  }
+
   if (empty_slot != kNoEmptySlotsMarker) {
     DCHECK_GE(empty_slot, kFirstIndex);
     CHECK_LT(empty_slot, array->length());
@@ -4066,6 +4073,15 @@ Handle<WeakArrayList> PrototypeUsers::Add(Isolate* isolate,
   return array;
 }
 
+// static
+void PrototypeUsers::ScanForEmptySlots(WeakArrayList array) {
+  for (int i = kFirstIndex; i < array.length(); i++) {
+    if (array.Get(i)->IsCleared()) {
+      PrototypeUsers::MarkSlotEmpty(array, i);
+    }
+  }
+}
+
 WeakArrayList PrototypeUsers::Compact(Handle<WeakArrayList> array, Heap* heap,
                                       CompactionCallback callback,
                                       AllocationType allocation) {
diff --git a/src/objects/prototype-info.h b/src/objects/prototype-info.h
@@ -99,7 +99,7 @@ class V8_EXPORT_PRIVATE PrototypeUsers : public WeakArrayList {
   static inline Smi empty_slot_index(WeakArrayList array);
   static inline void set_empty_slot_index(WeakArrayList array, int index);
 
-  static void IsSlotEmpty(WeakArrayList array, int index);
+  static void ScanForEmptySlots(WeakArrayList array);
 
   DISALLOW_IMPLICIT_CONSTRUCTORS(PrototypeUsers);
 };
