On Wed, Oct 3, 2018 at 1:49 AM Michael Lippautz <mlippa...@chromium.org> wrote:
> It appears that it's possible that an object registered with >> EmbedderHeapTracer::RegisterV8References() can actually be collected (i.e. >> its weak callback is called) between then and >> EmbedderHeapTracer::AdvanceTracing(). So, in RegisterV8References() I have >> to make sure to put all the pointers in a map. When an object is destroyed >> while tracing is active, I have to go remove it from the tracer's map. In >> AdvanceTracing() I can then trace whatever is still in the map at that >> point. >> >> I'm not sure what mechanism causes the object to be destroyed immediately >> after it has been registered for tracing. But, AFAICT, the object is >> legitimately no longer reachable -- I'm not seeing any objects being >> destroyed that were still in-use. >> > > That should not be possible when everything is properly set up. Any object > can only go away > - on Scavenge, which should be prohibited by marking it as active in the > prologue callbacks > - on Mark-Compact, which should not be possible as tracing is still in > progress. > This seems to have to do with MarkIndependent(). When I create a wrapper, I create one weak handle that is held by the wrapper itself and exists solely to detect when the wrapper should be destroyed (via the weak callback). On this handle I call MarkIndependent(). I don't quite remember why -- I probably cargo-culted it from somewhere. It appears that handles marked independent are not visited by VisitWeakHandles(). Hence, the scavenge prologue callback does not mark the handle active. If this is the only handle pointing to the object, then, it will be scavenged. But independent handles apparently are still traced, hence it can be passed to RegisterV8References() before it is scavenged. I think this behavior is actually overall a good thing for me. If the only handle left pointing at an object is this fake handle that exists only to invoke the destructor, then that object might as well be collected immediately. Waiting through the next full trace cycle before collecting it is a waste. However, I notice that MarkIndependent() is deprecated, with the message: "Objects are always considered independent." The message suggests that MarkIndependent() has no effect, but that seems inaccurate. Is there a preferred alternative to get the behavior I want here? The only thing I can think of where this could happen is when V8 calls > AdvanceTracing where it *must* trace all objects that are cached (indicated > by completing actions in the old version, or with infinite as timeout in > the new version) and the embedder does not follow this policy. The > Mark-Compact collector implements various stages of weakness processing and > an object could be collected if AdvanceTracing(infinity) does not fully > process all objects on the embedder side. Then the next > AdvanceTracing(infinity) call could see dead objects. > > Any chance that you are not completely draining all objects when it's > required? > Currently, my AdvanceTracing() callback always drains the whole queue. I haven't tried to implement deadlines. -Kenton -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
