Jens, thanks a lot, I'd have a look (most probably tomorrow). If anyone would learn something new about this, please, let me know.
yours, anton. On Tue, Sep 29, 2009 at 9:48 PM, Jens Alfke <[email protected]> wrote: > > On Sep 29, 2009, at 10:31 AM, Anton Muhin wrote: > >> This 5 number looks really odd. Do you have a simple way to reproduce >> it? I'd love to have a look. > > Ivan suggested to me that it might take five to ten GCs; he said something > about cached generated (JITted?) functions that have a context pointer > referencing that context, and that it takes a number of GCs for those to be > evicted from the cache. > > The newer (two-file) test case in the bug report I linked to demonstrates > the problem. The symptom is the second instance of WebCore::Document, the > one corresponding to the closed tab, not being freed. You may want to set a > breakpoint on the destructor, or add a printf, to watch this. > >> The only hypothesis I immediately have >> a long chain of JS wrapper - native something: wrapper gets collected, >> releases native wrapper which makes another JS wrapper collectable... > > I don't think that's the case. There are very few DOM objects left around in > this test case, mostly just the Documents themselves. Running with the > --print_global_handles flag, I didn't see handles going away after each > collection, only after the fifth. > >> There are indeed two global objects (and it is explicitly required by >> HTML 5 and it's the way most of browser implements it): global object >> proxy which forwards everything to a 'real' global object which is a >> window. If you can give more explanations which of properties should >> be retained after context disposal and when it's free to clear them, >> that'd be really helpful. > > This relates to the WebCore::V8Proxy object, which manages V8 global state > for a document. It keeps a persistent handle to a v8::Context and another to > its globals. In some cases I don't entirely understand (when navigating to a > new page?) it's told to dispose the context, but it detaches the globals and > keeps the handle. Then later, I think, it can be told to regenerate a > context using those globals, maybe when the user goes back to that page. But > when the tab is closed or the frame is otherwise disposed, the V8Proxy is > also disposed, and its destructor disposes the handle to the globals as well > as the context. > > So at the point that the V8Proxy disposes its context handle, I would like > the v8::Context object not to have any more references to the globals, so > that if the frame is closed (and the proxy deleted) the DOM objects pointed > to by the globals can be collected. > > I don't think it's safe to selectively pull properties out of the globals, > because the globals might be re-used later for a new context and they need > to be in the same shape they were in before. The only point where I know > it's safe to delete properties is in the V8Proxy's destructor, because I > know it's not going to be re-used; but by that point there is no context > anymore so it's difficult to invoke V8 calls to modify the global > properties. > > —Jens --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
