The problem with weak references is that they put the GC in the driver's seat, which makes it very hard to avoid revealing GC secrets to the client. Instead, I propose that we let the client code drive, and see how far we get with hueyfix-style tools.
One of the major difficulties with leak prevention on the Web is that there are often two phases of retirement for a given object. The first happens when the object goes away semantically - when a window is closed, when a node is removed from the DOM, when a connection is terminated, etc. The second happens when the object is actually GC-able, which depends on the graph of references in the VM, and can occur at an arbitrarily distant time. The interval from the first to the second is general the period in which JS "leaks". What if we give script the ability to say "this Foo is semantically dead - please neuter cross-global references to it"? This is effectively what we have with Cu.nukeSandbox, and it works well. It doesn't in any way expose GC behavior, but it lets callers give the GC a much-needed boost, which the GC may subsequently leverage if it turns out to be useful. This won't solve esoteric cross-vat use cases, but I think it would be a nice way to bulldoze the subtle gotchas that make it so easy to introduce subtle leaks in large-scale JS. Thoughts? bholley _______________________________________________ dev-tech-js-engine-internals mailing list dev-tech-js-engine-internals@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
