fix and reduce the risk of GC-arena related leaks #701
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current design pushes down the arena value to callees so that they could restore the arena when operation is complete. The positive side of the design is that it would help us restore the arena earlier, and that there is more chance of callees getting tail-call optimized. The downside is that we need to assert that the arena is restored in more code paths.
As has been reported in #699, we have failed to assert that the arena is always being restored. I have found that such code is also missing here.
Now that we have found multiple occurrences of such failures we should switch to a more conservative design: maintain GC arena at the highest level; i.e. restore the GC state within the functions that collect the GC state. With the change, the code paths involved to handling the GC arena decreases, thereby it becomes easier for us to audit the code.