On Sep 29, 2009, at 10:31 AM, Anton Muhin wrote:
> This 5 number looks really odd. Do you have a simple way to reproduce > it? I'd love to have a look. Ivan suggested to me that it might take five to ten GCs; he said something about cached generated (JITted?) functions that have a context pointer referencing that context, and that it takes a number of GCs for those to be evicted from the cache. The newer (two-file) test case in the bug report I linked to demonstrates the problem. The symptom is the second instance of WebCore::Document, the one corresponding to the closed tab, not being freed. You may want to set a breakpoint on the destructor, or add a printf, to watch this. > The only hypothesis I immediately have > a long chain of JS wrapper - native something: wrapper gets collected, > releases native wrapper which makes another JS wrapper collectable... I don't think that's the case. There are very few DOM objects left around in this test case, mostly just the Documents themselves. Running with the --print_global_handles flag, I didn't see handles going away after each collection, only after the fifth. > There are indeed two global objects (and it is explicitly required by > HTML 5 and it's the way most of browser implements it): global object > proxy which forwards everything to a 'real' global object which is a > window. If you can give more explanations which of properties should > be retained after context disposal and when it's free to clear them, > that'd be really helpful. This relates to the WebCore::V8Proxy object, which manages V8 global state for a document. It keeps a persistent handle to a v8::Context and another to its globals. In some cases I don't entirely understand (when navigating to a new page?) it's told to dispose the context, but it detaches the globals and keeps the handle. Then later, I think, it can be told to regenerate a context using those globals, maybe when the user goes back to that page. But when the tab is closed or the frame is otherwise disposed, the V8Proxy is also disposed, and its destructor disposes the handle to the globals as well as the context. So at the point that the V8Proxy disposes its context handle, I would like the v8::Context object not to have any more references to the globals, so that if the frame is closed (and the proxy deleted) the DOM objects pointed to by the globals can be collected. I don't think it's safe to selectively pull properties out of the globals, because the globals might be re-used later for a new context and they need to be in the same shape they were in before. The only point where I know it's safe to delete properties is in the V8Proxy's destructor, because I know it's not going to be re-used; but by that point there is no context anymore so it's difficult to invoke V8 calls to modify the global properties. —Jens --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---