[wrapper-tracing] Avoid GC during PostMessageTimer construction

[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742, chromium:668059, chromium:668060
Committed: https://crrev.com/ca07ee393934e403d0bb2e0d8790d8edbbe3df96
Cr-Commit-Position: refs/heads/master@{#434638}

[Michael Lippautz, 2016-11-28 10:32:46]

Description was changed from

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=
==========

to

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742
==========

[Michael Lippautz, 2016-11-28 10:33:16]

Description was changed from

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742
==========

to

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742,chromium:668059
==========

[Michael Lippautz, 2016-11-28 10:33:44]

Description was changed from

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742,chromium:668059
==========

to

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742,chromium:668059, chromium:668060
==========

[Michael Lippautz, 2016-11-28 10:34:17]

mlippautz@chromium.org changed reviewers:
+ haraken@chromium.org, hlopko@chromium.org

[Michael Lippautz, 2016-11-28 10:35:09]

This one should deal with the vast majority of CHECK failures on current
Canaries.

[Michael Lippautz, 2016-11-28 10:35:21]

On 2016/11/28 10:35:09, Michael Lippautz wrote:
> This one should deal with the vast majority of CHECK failures on current
> Canaries.

fyi: Was also flushed out by a CF issue.

[Marcel Hlopko, 2016-11-28 10:39:12]

LGTM, that must've been hard to spot!

[Michael Lippautz, 2016-11-28 10:47:26]

The CQ bit was checked by mlippautz@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-28 10:47:42]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[haraken, 2016-11-28 10:56:26]

LGTM

That said, we should add a more generic mechanism to avoid triggering an
incremental tracing while isGCForbidden is true.

[Michael Lippautz, 2016-11-28 11:48:04]

On 2016/11/28 10:56:26, haraken wrote:
> LGTM
> 
> That said, we should add a more generic mechanism to avoid triggering an
> incremental tracing while isGCForbidden is true.

While it would make our lives easier if we could do that, I am not yet convinced
we can postpone in all cases.

I can see us postponing incremental marking steps and also starting wrapper
tracing from incremental marking steps. However, when we finally do a full GC in
V8 we cannot delay anymore.

I will give this some more thought.

[haraken, 2016-11-28 11:55:17]

On 2016/11/28 11:48:04, Michael Lippautz wrote:
> On 2016/11/28 10:56:26, haraken wrote:
> > LGTM
> > 
> > That said, we should add a more generic mechanism to avoid triggering an
> > incremental tracing while isGCForbidden is true.
> 
> While it would make our lives easier if we could do that, I am not yet
convinced
> we can postpone in all cases.
> 
> I can see us postponing incremental marking steps and also starting wrapper
> tracing from incremental marking steps. However, when we finally do a full GC
in
> V8 we cannot delay anymore.
> 
> I will give this some more thought.

Would it be possible to delay even a full GC to the next V8 allocation? (Oilpan
is doing that.)

My concern is that the current programming constraint is a bit too error-prone
for Blink developers. There's no easy way to figure out a V8 object allocation
during a Blink object construction.

Another option might be to add DCHECK(!isGCForbidden()) to the call path of a V8
object allocation so that the developers can notice the programming error more
easily (before hitting a CHECK in an undeterministic GC).

[commit-bot: I haz the power, 2016-11-28 12:03:41]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-28 12:03:42]

Dry run: This issue passed the CQ dry run.

[Michael Lippautz, 2016-11-28 12:03:59]

The CQ bit was checked by mlippautz@chromium.org

[commit-bot: I haz the power, 2016-11-28 12:04:11]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Michael Lippautz, 2016-11-28 12:06:06]

On 2016/11/28 11:55:17, haraken wrote:
> On 2016/11/28 11:48:04, Michael Lippautz wrote:
> > On 2016/11/28 10:56:26, haraken wrote:
> > > LGTM
> > > 
> > > That said, we should add a more generic mechanism to avoid triggering an
> > > incremental tracing while isGCForbidden is true.
> > 
> > While it would make our lives easier if we could do that, I am not yet
> convinced
> > we can postpone in all cases.
> > 
> > I can see us postponing incremental marking steps and also starting wrapper
> > tracing from incremental marking steps. However, when we finally do a full
GC
> in
> > V8 we cannot delay anymore.
> > 
> > I will give this some more thought.
> 
> Would it be possible to delay even a full GC to the next V8 allocation?
(Oilpan
> is doing that.)
> 

I will check that. I don't think we can always do that.

> My concern is that the current programming constraint is a bit too error-prone
> for Blink developers. There's no easy way to figure out a V8 object allocation
> during a Blink object construction.

Totally agree!

> 
> Another option might be to add DCHECK(!isGCForbidden()) to the call path of a
V8
> object allocation so that the developers can notice the programming error more
> easily (before hitting a CHECK in an undeterministic GC).

Yes, I was thinking of a more pragmatic solution that will fail fast. Since
almost any path into V8 can lead to allocations I think we could add such a
check somewhere on the API boundary.

[commit-bot: I haz the power, 2016-11-28 12:07:29]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1480334639507550, "parent_rev":
"46a51c1d947d2a5d555f47ce5e4430890af2d454", "commit_rev":
"209548fbf3832b8e740da382562e8519700ef01d"}

[commit-bot: I haz the power, 2016-11-28 12:07:51]

Description was changed from

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742,chromium:668059, chromium:668060
==========

to

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742,chromium:668059, chromium:668060
==========

[commit-bot: I haz the power, 2016-11-28 12:07:52]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-11-28 12:12:25]

Description was changed from

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742,chromium:668059, chromium:668060
==========

to

==========
[wrapper-tracing] Avoid GC during PostMessageTimer construction

BUG=chromium:668742,chromium:668059, chromium:668060

Committed: https://crrev.com/ca07ee393934e403d0bb2e0d8790d8edbbe3df96
Cr-Commit-Position: refs/heads/master@{#434638}
==========

[commit-bot: I haz the power, 2016-11-28 12:12:26]

Patchset 1 (id:??) landed as
https://crrev.com/ca07ee393934e403d0bb2e0d8790d8edbbe3df96
Cr-Commit-Position: refs/heads/master@{#434638}

[sof, 2016-11-29 09:15:44]

sigbjornf@opera.com changed reviewers:
+ sigbjornf@opera.com

[sof, 2016-11-29 09:15:45]

https://codereview.chromium.org/2529353002/diff/1/third_party/WebKit/Source/c...
File third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp (right):

https://codereview.chromium.org/2529353002/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp:628:
std::unique_ptr<SourceLocation> location = SourceLocation::capture(source);
Subtle staging of allocations going on here wrt 'new'; an explanatory comment
covering why the allocation needs to be lifted out, would have been helpful.

Even better, following the standard pattern of having a create() factory method
would have prevented the problem from arising, i think.

[Michael Lippautz, 2016-11-29 09:51:41]

https://codereview.chromium.org/2529353002/diff/1/third_party/WebKit/Source/c...
File third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp (right):

https://codereview.chromium.org/2529353002/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp:628:
std::unique_ptr<SourceLocation> location = SourceLocation::capture(source);
On 2016/11/29 09:15:44, sof wrote:
> Subtle staging of allocations going on here wrt 'new'; an explanatory comment
> covering why the allocation needs to be lifted out, would have been helpful.
> 

Sorry, for not leaving a comment. The rationale is that we cannot call into V8
from a gcForbidden scope, because V8 can now trace through blink, effectively
requiring some of its marking infrastructure.

> Even better, following the standard pattern of having a create() factory
method
> would have prevented the problem from arising, i think.

I will add (D)CHECKs that would immediately fail (even without triggering a GC)
when calling into V8 from such scopes. Only those call sites require
refactoring. 

Using ::create might mitigate this scenario, but people could still call it from
ctors before vtable poitners are available.