Status: Accepted
Owner: [email protected]
Labels: Type-Bug Priority-High HW-All OS-All
New issue 1889 by [email protected]: API should not pass weak persistent
handles directly to runtime
http://code.google.com/p/v8/issues/detail?id=1889
Currently API simply converts any API Handle (v8::Handle) to
(v8::internal::Handle) but this is not safe for weak persistent handles
because all runtime functions expect that any Handle passes to them will
stay valid between GCs which does not hold for weak persistent handles.
Currently API:
a) might violate embedder's expectations: e.g. calling obj->Set(foo, bar)
for weakly reachable bar might cause bar to be reclaimed before Set
completes.
b) is not GC safe when memory usage approaches the limit and multiple GCs
might be required during API call. For example see attached test case where
weak handle to strongly reachable object is passed into Array::Set API
function, artificially lowered memory limit eventually causes V8 to perform
emergency GC which in turn makes strongly reachable object weakly reachable
and causes it to be collected leading to use of invalid handle later:
(reproduced on bleeding_edge@10353, ia32, no snapshot debug build on Mac;
there is certain degree of flakiness)
% g++ -m32 -g -o boomster boomster.cc -Iinclude -L. -lv8_g
% ./boomster
#
# Fatal error in src/objects-inl.h, line 1136
# CHECK((reinterpret_cast<intptr_t>(address) & HeapObjectTagMask()) == 0)
failed
#
Attempt to print stack while printing stack (double fault)
If you are lucky you may find a partial stack dump on stdout.
==== Stack trace ============================================
zsh: abort ./boomster
Attachments:
boomster.cc 1.8 KB
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
