Issue 186633002: Change RefPtr<DOMWrapperWorld> that causes reference cycles to DOMWrapperWorld*

Created:
6 years, 9 months ago by haraken

Modified:
6 years, 9 months ago

Reviewers:
dcarney, jochen (gone - plz use gerrit)

CC:
blink-reviews, Nils Barth (inactive), kojih, arv+blink, jsbell+bindings_chromium.org, gavinp+loader_chromium.org, sof, abarth-chromium, marja+watch_chromium.org, dglazkov+blink, dominicc+watchlist_chromium.org, adamk+blink_chromium.org, Nate Chapin, Inactive

Base URL:
svn://svn.chromium.org/blink/trunk

Visibility:
Public.

More Reviews

Description

Change RefPtr<DOMWrapperWorld> that causes reference cycles to DOMWrapperWorld* Currently a lot of V8-proxy objects hold RefPtr<DOMWrapperWorld>s, but these RefPtrs can cause reference cycles. For example, V8MutationCallback holds RefPtr<DOMWrapperWorld> like this: class V8MutationCallback { RefPtr<DOMWrapperWorld> m_world; }; This causes the following cycle: V8MutationCallback --(RefPtr)--> DOMWrapperWorld --(OwnPtr)--> DOMDataStore --(UnsafePersistent)--> some wrapper --> V8MutationCallback's wrapper --(RefPtr)--> V8MutationCallback. Previously these cycles were not a problem, because only the main thread had DOMWrapperWorld and it was OK to leak memory when shutting down the main thread. However, now that we support DOMWrapperWorlds for worker threads, it's not OK to leak memory when shutting down the worker threads. Thus this CL fixes the cycles. From the perspective of the ownership of DOMWrapperWorlds, we just need to use RefPtr<DOMWrapperWorld> in V8WindowShell, WorkerScriptController and ScriptPreprocessor. Other places should use DOMWrapperWorld*. Note that it's OK to use a raw pointer for V8MutationCallback::m_world, because DOMWrapperWorld is destroyed at the very end of the main/worker thread executions. V8MutationCallback should not outlive the DOMWrapperWorld. BUG=341032

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+49 lines, -49 lines)			Patch
M	Source/bindings/templates/callback_interface.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/templates/callback_interface.cpp	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/tests/results/V8TestCallbackInterface.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/tests/results/V8TestCallbackInterface.cpp	View		8 chunks	+8 lines, -8 lines	0 comments	Download
M	Source/bindings/v8/DOMRequestState.h	View		3 chunks	+3 lines, -3 lines	0 comments	Download
M	Source/bindings/v8/DOMWrapperWorld.h	View	1 2	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/v8/DOMWrapperWorld.cpp	View	1 2	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/v8/ScriptController.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/v8/ScriptController.cpp	View	1	3 chunks	+4 lines, -4 lines	0 comments	Download
M	Source/bindings/v8/SerializedScriptValue.cpp	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/v8/V8AbstractEventListener.h	View		2 chunks	+3 lines, -3 lines	0 comments	Download
M	Source/bindings/v8/V8AbstractEventListener.cpp	View		4 chunks	+4 lines, -4 lines	0 comments	Download
M	Source/bindings/v8/V8CustomElementLifecycleCallbacks.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/v8/V8CustomElementLifecycleCallbacks.cpp	View		4 chunks	+4 lines, -4 lines	0 comments	Download
M	Source/bindings/v8/V8MutationCallback.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/v8/V8MutationCallback.cpp	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/bindings/v8/WorkerScriptController.cpp	View	1 2 3 4	1 chunk	+2 lines, -2 lines	0 comments	Download
M	Source/bindings/v8/custom/V8CustomSQLStatementErrorCallback.cpp	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/core/events/ErrorEvent.h	View		5 chunks	+5 lines, -5 lines	0 comments	Download
M	Source/core/events/ErrorEvent.cpp	View		1 chunk	+1 line, -1 line	0 comments	Download
M	Source/core/loader/FrameLoader.cpp	View		1 chunk	+2 lines, -2 lines	0 comments	Download
M	Source/core/workers/WorkerMessagingProxy.cpp	View	1 2	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/web/tests/CustomEventTest.cpp	View	1 2 3 4 5	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 10 (0 generated)

Expand Messages | Collapse Messages

haraken

PTAL (though I need to fix the compile error in linux bots.)

6 years, 9 months ago (2014-03-04 15:25:05 UTC) #1

haraken

Dan: Would you take a look at this one? This CL is necessary for landing ...

6 years, 9 months ago (2014-03-06 00:59:40 UTC) #7

dcarney

On 2014/03/06 00:59:40, haraken wrote: > Dan: Would you take a look at this one? ...

6 years, 9 months ago (2014-03-07 09:48:31 UTC) #8

haraken

On 2014/03/07 09:48:31, dcarney wrote: > On 2014/03/06 00:59:40, haraken wrote: > > Dan: Would ...

6 years, 9 months ago (2014-03-10 04:05:33 UTC) #9

haraken

6 years, 9 months ago (2014-03-10 04:41:28 UTC) #10

On 2014/03/10 04:05:33, haraken wrote:
> On 2014/03/07 09:48:31, dcarney wrote:
> > On 2014/03/06 00:59:40, haraken wrote:
> > > Dan: Would you take a look at this one? This CL is necessary for landing
> > > https://codereview.chromium.org/182903003/.
> > 
> > I don't like having all these raw pointers running around...  Also,
> > DomWrapperMaps are weak, so i don't understand the reference cycle issue. Is
> the
> > underlying problem that we don't clear the map correctly before shutting
down
> V8
> > on a worker thread?
> 
> ah, you're completely right. I was misunderstanding the issue.
> 
> - RefPtr<DOMWrapperMap> shouldn't cause cycles.
> - The real issue is that DOMWrapperMap is not cleared before shutting down V8
on
> worker threads.
> - So what we should do is just to clear DOMWrapperMap before shutting down V8
on
> worker threads.
> 
> I'll upload another CL to fix it.

Uploaded a new CL here: https://codereview.chromium.org/189513012/

Thanks for review!

Expand Messages | Collapse Messages