https://issues.dlang.org/show_bug.cgi?id=23611

          Issue ID: 23611
           Summary: Zombie heap leak proof of concept: linked list in dead
                    resized array
           Product: D
           Version: D2
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P1
         Component: dmd
          Assignee: nobody@puremagic.com
          Reporter: default_357-line@yahoo.de

In my post A GC Memory Usage Experiment https://forum.dlang.org/post/befrzndhowlwnvlqcoxx@forum.dlang.org , I suggested the existence of a GC leak caused by downsizing data structures. This bug report poses a proof-of-concept for such a leak:

struct S {
    S[] parent;
}

void main() {
    S parent;
    while (true) {
        S[] link = [S(null), parent];
        link.length = 1;
        parent = S(link);
    }
}

As can be seen, at any given point almost no memory in this program is actually live: `parent` can only point at an array of the value `[S(null)]`, and all other variables get overwritten on every loop pass.

And yet, this program leaks an unbounded amount of memory. (I recommend running
with -m32 to test.)

What's happening is that the program forms a linked list in memory that is dead, but that the GC cannot determine is dead. Because the GC has no type-level understanding of allocated memory, it sees `parent` as a pointer to a linked list of allocations; that the linking element lives in an unreferenced part of the array is outside of its purview.

In theory this could be fixed by being smarter about arrays marking memory regions as alive: a slice need only mark as alive the part of the array it actually points at, which would allow the recursive mark to skip the dead parent reference.

--