[d8] Do not delete counters on quit

If multiple isolates are running concurrently and one of them calls
`quit`, we should not delete the counters map, because another isolate
might still access it.

R=mlippautz@chromium.org
CC=nikolaos@chromium.org

Bug: v8:12453
Change-Id: I6d41478f188f0043b7d6055b0872574c28fd3039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310807
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78226}

src/d8/d8.cc

@@ -3419,8 +3419,13 @@ void Shell::OnExit(v8::Isolate* isolate, bool dispose) {
     }
   }
 
-  delete counters_file_;
-  delete counter_map_;
+  // Only delete the counters if we are done executing; after calling `quit`,
+  // other isolates might still be running and accessing that memory. This is a
+  // memory leak, which is OK in this case.
+  if (dispose) {
+    delete counters_file_;
+    delete counter_map_;
+  }
 
   if (options.simulate_errors && is_valid_fuzz_script()) {
     // Simulate several errors detectable by fuzzers behind a flag if the

test/mjsunit/dump-counters-quit.js

@@ -0,0 +1,18 @@
+// Copyright 2021 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --dump-counters
+
+d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
+
+// Test that if two isolates are running (with the --isolates flag on the test
+// runner) and one of them calls `quit`, the other one can still write to
+// counters concurrently.
+
+if (typeof WebAssembly !== 'undefined') {  // Skip on jitless.
+  const builder = new WasmModuleBuilder();
+  builder.addFunction('f', kSig_v_v).addBody([]);
+  builder.asyncInstantiate();
+}
+quit();