When are you proposing trashing the global object? I don't think there's any particular time when we know this is safe. Recall that someone can call a function from an inactive document whenever they have a pointer to that function.
Adam On Tue, Sep 29, 2009 at 10:48 AM, Jens Alfke <[email protected]> wrote: > > > On Sep 29, 2009, at 10:31 AM, Anton Muhin wrote: > >> This 5 number looks really odd. Do you have a simple way to reproduce >> it? I'd love to have a look. > > Ivan suggested to me that it might take five to ten GCs; he said > something about cached generated (JITted?) functions that have a > context pointer referencing that context, and that it takes a number > of GCs for those to be evicted from the cache. > > The newer (two-file) test case in the bug report I linked to > demonstrates the problem. The symptom is the second instance of > WebCore::Document, the one corresponding to the closed tab, not being > freed. You may want to set a breakpoint on the destructor, or add a > printf, to watch this. > >> The only hypothesis I immediately have >> a long chain of JS wrapper - native something: wrapper gets collected, >> releases native wrapper which makes another JS wrapper collectable... > > I don't think that's the case. There are very few DOM objects left > around in this test case, mostly just the Documents themselves. > Running with the --print_global_handles flag, I didn't see handles > going away after each collection, only after the fifth. > >> There are indeed two global objects (and it is explicitly required by >> HTML 5 and it's the way most of browser implements it): global object >> proxy which forwards everything to a 'real' global object which is a >> window. If you can give more explanations which of properties should >> be retained after context disposal and when it's free to clear them, >> that'd be really helpful. > > This relates to the WebCore::V8Proxy object, which manages V8 global > state for a document. It keeps a persistent handle to a v8::Context > and another to its globals. In some cases I don't entirely understand > (when navigating to a new page?) it's told to dispose the context, but > it detaches the globals and keeps the handle. Then later, I think, it > can be told to regenerate a context using those globals, maybe when > the user goes back to that page. But when the tab is closed or the > frame is otherwise disposed, the V8Proxy is also disposed, and its > destructor disposes the handle to the globals as well as the context. > > So at the point that the V8Proxy disposes its context handle, I would > like the v8::Context object not to have any more references to the > globals, so that if the frame is closed (and the proxy deleted) the > DOM objects pointed to by the globals can be collected. > > I don't think it's safe to selectively pull properties out of the > globals, because the globals might be re-used later for a new context > and they need to be in the same shape they were in before. The only > point where I know it's safe to delete properties is in the V8Proxy's > destructor, because I know it's not going to be re-used; but by that > point there is no context anymore so it's difficult to invoke V8 calls > to modify the global properties. > > —Jens > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
