buffer,n-api: release external buffers from BackingStore callback

[addaleax]

(The first commit is #33320, split out due to different backportability, hence the blocked label.)

Release Buffer and ArrayBuffer instances that were created through
our addon APIs and have finalizers attached to them only after V8 has
called the deleter callback passed to the BackingStore, instead of
relying on our own GC callback(s).

This fixes the following race condition:

1. Addon code allocates pointer P via malloc.
2. P is passed into napi_create_external_buffer with a finalization
   callback which calls free(P). P is inserted into V8’s global array
   buffer table for tracking.
3. The finalization callback is executed on GC. P is freed and returned
   to the allocator. P is not yet removed from V8’s global array
   buffer table. (!)
4. Addon code attempts to allocate memory once again. The allocator
   returns P, as it is now available.
5. P is passed into napi_create_external_buffer. P still has not been
   removed from the v8 global array buffer table.
6. The world ends with Check failed: result.second.

Since our API contract is to call the finalizer on the JS thread on
which the ArrayBuffer was created, but V8 may call the BackingStore
deleter callback on another thread, fixing this requires posting
a task back to the JS thread.

Refs: #32463 (comment)
Fixes: #32463

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• commit message follows commit guidelines

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/31245/

[addaleax]

Updated the test because timing for setImmediate() vs uv_async_t is different on Windows vs POSIX (I think we've run into this before).

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/31263/ (:green_heart:)

[davedoesdev]

This fixes my use case (mmap/munmap), thanks.

[addaleax]

Landed in c1ee70e

[mafintosh]

@addaleax I keep getting Check failed: result.second still with this commit, in our fuse-native module when making external buffers from n-api (node 12 is fine).

Any ideas? Get the crash wheather I using finalisers or not.

(Update: Misread, I'm not getting the Check failed on create_external_buffer anymore but on get_buffer_info)

[addaleax]

@mafintosh I have a hard time following the fuse-native code, but as far as I can tell, it does things that seem fishy here.

If you use napi_create_external_buffer() a second time on the same pointer without waiting for the buffer created from the first time to be released, you’ll get a crash, that behavior is not changed by this PR, and it seems to me like that’s something that happens in the fuse-native code. I don’t like the changed behavior too much either, but that’s kind of what has been handed down from V8 to us.

[mafintosh]

@addaleax its a bit of macros on macros I know 😅. That’s a good pointer! I’ll investigate that. The actual crash is coming from the get buffer info call know. Do you know on the top of your head, if that would crash if i made two external buffers from the same pointer?

[addaleax]

@mafintosh I don’t, no, sorry – I don’t quite know why it would fail at that point

[mafintosh]

Ok, I’ll try to poke around it a bit and avoid the dual external buffer on the same pointer and see if it works

[lovell]

@addaleax Danke!

[srguiwiz]

@addaleax I hope the reproducible failure I have filed with package ext2fs issue 76 can help find an even better correction of the underlying problem.

[addaleax]

@srguiwiz The problem can’t really be corrected in Node.js (without non-trivial overhead), so this is something to be addressed in the addons themselves, unfortunately.