Thanks Anton. I have some more info. It seems in this case, GC only does a scavenge phase (possibly since its not aware of the webcore side memory usage) and hence does not invoke weak ref callbacks.
I noticed that we do not call AdjustAmountOfExternalAllocatedMemory on strings that do not create a external string resource. calling it in the else part of (( if (external == Externalize && v8String->CanMakeExternal() ) fixes the problem however iam not sure how to track strings when they get destroyed. Regards, Zaheer On Thu, Oct 28, 2010 at 3:47 PM, Anton Muhin <[email protected]> wrote: > Zaheer, > > thanks a lot for reduction and discussion. I'll answer later, > probably Fri or Mon, sorry for delay. > > yours, > anton. > > On Wed, Oct 27, 2010 at 7:24 PM, Zaheer Ahmad <[email protected]> > wrote: > > hi Anton, > > Attached simplified test which shows the problem [works fine on JSC, runs > > oom on v8] > > Thanks, > > Zaheer > > On Wed, Oct 27, 2010 at 6:53 PM, Zaheer Ahmad <[email protected]> > wrote: > >> > >> Hi Anton, Good day! comments inline > >> > >> On Wed, Oct 27, 2010 at 12:23 AM, Anton Muhin <[email protected]> > wrote: > >>> > >>> Good day, Zaheer, > >>> > >>> On Tue, Oct 26, 2010 at 10:44 PM, Zaheer Ahmad <[email protected]> > >>> wrote: > >>> > hi Anton, > >>> > Iam running the standard > >>> > test view-source:http://dromaeo.com/tests/dom-modify.html so i > assume > >>> > the > >>> > test itself does not have any leaks. > >>> > >>> Please, see below. > >>> > >>> > On Tue, Oct 26, 2010 at 11:13 PM, Anton Muhin <[email protected]> > >>> > wrote: > >>> >> > >>> >> Good day, Zaheer. > >>> >> > >>> >> Thanks a lot for looking into it. > >>> >> > >>> >> However, I cannot immediately see how taking this path can make > things > >>> >> leak. And what exactly do you mean by leak here? > >>> > > >>> > The webcore strings allocated in ret = document.createTextNode(str); > >>> > call > >>> > are not being collected in the GC > >>> > >>> They should be, but it might happen later that you expect that. > >>> Please note, that JS node wrappers (and hence objects they reference) > >>> should survive as long as their owner document survives which means > >>> (at least in this test, if I remember it right), the whole time while > >>> page is loaded (unless I forgot some crazy frame stuff). > >> > >> I think thats true if the document has a reference to them. however in > the > >> test it overwrites the same reference (ret) and the nodes are not > attached > >> to DOM - so they get created and become garbage > >> for ( var i = 0; i < num; i++ ) { > >> ret = document.createTextNode(str); - DOM node/ v8 wrapper > >> created > >> ret = document.createTextNode(str + "2"); - The previous > >> object/wrapper become garbage? > >> .. > >> I also checked JSC, and it does collect the Text nodes during GC and the > >> memory almost remains constant. > >>> > >>> >> Newly allocated > >>> >> stringResource would be only deallocated when V8 JS String object > >>> >> (referenced by v8String handle here) would go away, but that > >>> >> eventually should happen for most of the objects, and if it won't > >>> >> happen, typically v8 or script have good reasons to keep this object > >>> >> for a long enough time. > >>> > > >>> > The webcore string allocated for the argument str > >>> > in document.createTextNode(str); is not going through this patch (ie. > >>> > it > >>> > doesnt create a string resource). Do you see any reason why it would > be > >>> > not > >>> > marked as external from v8 engine? > >>> > >>> There are reasons for it: those strings are roughly too new and it was > >>> decided that such strings should not be externalized. Do you think > >>> it's a problem? > >> > >> yeah i realize its irrelevant for this case. > >>> > >>> > I think an easier think to check at your side would be run this > >>> > test http://dromaeo.com/?dom and verify if there is no memory bloat. > >>> > >>> It's not a problem on desktop boxes as far as I know. I talked with > >>> Android folks and they can repro it on some devices after several > >>> runs. I won't be surprised if v8's DOM bindings are fast enough to > >>> eat the whole memory out of your device. > >> > >> As mentioned above, even if v8 is fast, there is garbage created [i can > >> see GC being invoked but no garbage collected]. > >>> > >>> Do you have any other > >>> browsers installed? If yes, it might be interesting to run this > >>> benchmark in them as well and see how they behave. > >> > >> no. > >>> > >>> > >>> > >>> The problem might > >>> be that in this benchmark out of desktop browsers only Safari is close > >>> to v8-backed one, so it might be a matter of sheer speed. > >>> > >>> yours, > >>> anton. > >> > >> Thanks > >> Zaheer > >>> > >>> >> > >>> >> yours, > >>> >> anton. > >>> >> > >>> >> On Tue, Oct 26, 2010 at 9:08 PM, Zaheer Ahmad <[email protected] > > > >>> >> wrote: > >>> >> > hi Anton, > >>> >> > Started to look at this furthur.. I can confirm GC gets triggered > >>> >> > between > >>> >> > the tests..I suspect leak happens in the else part - could you > check > >>> >> > my > >>> >> > comments. > >>> >> > Thanks, > >>> >> > Zaheer > >>> >> > WebCore/bindings/v8/V8Binding.cpp > >>> >> > template <typename StringType> > >>> >> > StringType v8StringToWebCoreString(v8::Handle<v8::String> > v8String, > >>> >> > ExternalMode external) > >>> >> > { > >>> >> > WebCoreStringResource* stringResource = > >>> >> > WebCoreStringResource::toStringResource(v8String); > >>> >> > if (stringResource) > >>> >> > return > >>> >> > StringTraits<StringType>::fromStringResource(stringResource); > >>> >> > int length = v8String->Length(); > >>> >> > if (!length) { > >>> >> > // Avoid trying to morph empty strings, as they do not > have > >>> >> > enough > >>> >> > room to contain the external reference. > >>> >> > return StringImpl::empty(); > >>> >> > } > >>> >> > StringType > >>> >> > result(StringTraits<StringType>::fromV8String(v8String, > >>> >> > length)); >> string allocated here > >>> >> > if (external == Externalize && v8String->CanMakeExternal()) { > >>> >> > stringResource = new WebCoreStringResource(result); > >>> >> > if (!v8String->MakeExternal(stringResource)) { >> resource > >>> >> > tracked > >>> >> > by the v8 heap > >>> >> > // In case of a failure delete the external resource > as > >>> >> > it > >>> >> > was > >>> >> > not used. > >>> >> > delete stringResource; > >>> >> > } > >>> >> > }else { > >>> >> > __android_log_print(ANDROID_LOG_DEBUG, "hmm", > >>> >> > "hmmmmmmmmmmmmmmmmmmmm"); >> leak happens if it goes here, I > guess > >>> >> > at > >>> >> > this > >>> >> > point its not tracked by the heap, > >>> >> > } > >>> >> > return result; > >>> >> > } > >>> >> > > >>> >> > > >>> >> > On Thu, Oct 7, 2010 at 8:29 PM, Zaheer Ahmad < > [email protected]> > >>> >> > wrote: > >>> >> >> > >>> >> >> On Thu, Oct 7, 2010 at 8:19 PM, Anton Muhin <[email protected] > > > >>> >> >> wrote: > >>> >> >>> > >>> >> >>> And what is amount of available RAM? > >>> >> >> > >>> >> >> 256M and the froyo is the initial version released in July i > guess. > >>> >> >>> > >>> >> >>> yours, > >>> >> >>> anton. > >>> >> >>> > >>> >> >>> On Thu, Oct 7, 2010 at 6:49 PM, Anton Muhin < > [email protected]> > >>> >> >>> wrote: > >>> >> >>> > On Thu, Oct 7, 2010 at 6:42 PM, Zaheer Ahmad > >>> >> >>> > <[email protected]> > >>> >> >>> > wrote: > >>> >> >>> >> On Thu, Oct 7, 2010 at 6:20 PM, Anton Muhin > >>> >> >>> >> <[email protected]> > >>> >> >>> >> wrote: > >>> >> >>> >>> > >>> >> >>> >>> On Thu, Oct 7, 2010 at 9:29 AM, Zaheer Ahmad > >>> >> >>> >>> <[email protected]> > >>> >> >>> >>> wrote: > >>> >> >>> >>> > On Wed, Oct 6, 2010 at 7:50 PM, Anton Muhin > >>> >> >>> >>> > <[email protected]> > >>> >> >>> >>> > wrote: > >>> >> >>> >>> >> > >>> >> >>> >>> >> That sounds bad. How do you run dromaeo? > >>> >> >>> >>> > > >>> >> >>> >>> > go to http://dromaeo.com/ and select DOM core tests > >>> >> >>> >>> > (modification > >>> >> >>> >>> > and > >>> >> >>> >>> > query > >>> >> >>> >>> > test show the problem) > >>> >> >>> >>> > >>> >> >>> >>> Zaheer, I am curious what is HW you're using and what is the > >>> >> >>> >>> browser. > >>> >> >>> >>> In any event, that shouldn't be a problem with v8 per se, > but > >>> >> >>> >>> rather > >>> >> >>> >>> with the way v8 is used in that browser. I'll try to sync > up > >>> >> >>> >>> with > >>> >> >>> >>> Android folks. > >>> >> >>> >> > >>> >> >>> >> Iam using android on a variant of bravo device with froyo. > >>> >> >>> > > >>> >> >>> > Thanks a lot. What is the exact version of Froyo? > >>> >> >>> > > >>> >> >>> >>> > >>> >> >>> >>> > > >>> >> >>> >>> >> > >>> >> >>> >>> >> And what do you mean by 'to > >>> >> >>> >>> >> track the caller on andriod'? > >>> >> >>> >>> > > >>> >> >>> >>> > I mean the call trace which is leaking. > >>> >> >>> >>> > >>> >> >>> >>> What do you mean by call trace which is leaking? Note that > >>> >> >>> >>> it's > >>> >> >>> >>> not > >>> >> >>> >>> like C++, leak means that GC for some reason failed to > collect > >>> >> >>> >>> already > >>> >> >>> >>> unused objects. There are some tools which allow you to > trace > >>> >> >>> >>> leaks, > >>> >> >>> >>> but they are usually not exposed to the user. > >>> >> >>> >> > >>> >> >>> >> Actually andriod does have pretty good call tracing > capability > >>> >> >>> >> :) > >>> >> >>> >> here's the > >>> >> >>> >> trace..as you can see its 43Meg [And btw i see this in a > older > >>> >> >>> >> version > >>> >> >>> >> of v8 > >>> >> >>> >> too - the one in the froyo initial baseline] > >>> >> >>> >> Allocations: 20886 > >>> >> >>> >> Size: 2088 > >>> >> >>> >> Total Size: 43609968 > >>> >> >>> >> 8000b4c4 /system/lib/libc_malloc_debug_leak.so --- > >>> >> >>> >> leak_malloc > >>> >> >>> >> --- > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > /local/mnt/workspace/froyo/bionic/libc/bionic/malloc_debug_leak.c:514 > >>> >> >>> >> afd0cd40 /system/lib/libc.so --- afd0cd40 --- > >>> >> >>> >> a836ce92 /system/lib/libwebcore.so --- > >>> >> >>> >> WTF::fastMalloc(unsigned > >>> >> >>> >> int) > >>> >> >>> >> --- > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > /local/mnt/workspace/froyo/external/webkit/JavaScriptCore/wtf/FastMalloc.cpp:239 > >>> >> >>> >> a840d9de /system/lib/libwebcore.so --- > >>> >> >>> >> WebCore::StringImpl::createUninitialized(unsigned int, > unsigned > >>> >> >>> >> short*&) --- > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > /local/mnt/workspace/froyo/external/webkit/WebCore/platform/text/StringImpl.cpp:938 > >>> >> >>> >> a8484f42 /system/lib/libwebcore.so --- > >>> >> >>> >> WTF::PassRefPtr<WebCore::StringImpl>::releaseRef() const --- > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > /local/mnt/workspace/froyo/external/webkit/JavaScriptCore/wtf/PassRefPtr.h:75 > >>> >> >>> >> a84850a4 /system/lib/libwebcore.so --- > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > WebCore::StringTraits<WebCore::String>::fromV8String(v8::Handle<v8::String>, > >>> >> >>> >> int) --- > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > /local/mnt/workspace/froyo/external/webkit/WebCore/bindings/v8/V8Binding.cp > >>> >> >>> >> a84858d2 /system/lib/libwebcore.so --- > >>> >> >>> >> WebCore::v8ValueToWebCoreString(v8::Handle<v8::Value>) --- > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > /local/mnt/workspace/froyo/external/webkit/WebCore/bindings/v8/V8Binding.cpp:133 > >>> >> >>> >> a85822a2 /system/lib/libwebcore.so --- > >>> >> >>> >> WebCore::V8Parameter<(WebCore::V8ParameterMode)0>::operator > >>> >> >>> >> WebCore::String() --- > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > /local/mnt/workspace/froyo/external/webkit/WebCore/bindings/v8/V8Binding.h:199 > >>> >> >>> >> a8595c8a /system/lib/libwebcore.so --- > >>> >> >>> >> > WebCore::DocumentInternal::createTextNodeCallback(v8::Arguments > >>> >> >>> >> const&) --- > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > /local/mnt/workspace/froyo/out/target/product/qsd8250_ffa/obj/STATIC_LIBRARIES/libweb > >>> >> >>> >> a8609bee /system/lib/libwebcore.so --- > >>> >> >>> >> v8::internal::Object* > >>> >> >>> >> > >>> >> >>> >> > v8::internal::HandleApiCallHelper<false>(v8::internal::(anonymous > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>) > >>> >> >>> >> --- > >>> >> >>> >> a8609c48 /system/lib/libwebcore.so --- > >>> >> >>> >> v8::internal::Builtin_HandleApiCall(v8::internal::(anonymous > >>> >> >>> >> > >>> >> >>> >> > >>> >> >>> >> > namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>) > >>> >> >>> >> --- > >>> >> >>> >> /local/mnt/workspace/froyo > >>> >> >>> >> Regards, > >>> >> >>> >> Zaheer > >>> >> >>> > > >>> >> >>> > In many cases OOMs are due to v8 exhausting its heap which v8 > >>> >> >>> > manages > >>> >> >>> > not via malloc. Even for WebCore data structures, they are > >>> >> >>> > often > >>> >> >>> > retained from JS wrappers. So, even though malloc tracing is > >>> >> >>> > quite > >>> >> >>> > helpful in many cases, esp. when the whole memory is managed > via > >>> >> >>> > C/C++ > >>> >> >>> > memory management system, it won't give you the whole picture, > >>> >> >>> > esp. > >>> >> >>> > in > >>> >> >>> > the case when v8 is involved. > >>> >> >> > >>> >> >> Yes, i was not sure if its a leak or a behavior that happens by > >>> >> >> design > >>> >> >> [the tests are crazy in that they do things in tight loops so it > >>> >> >> usually > >>> >> >> doesnt represent a problem in a normal case]. Its quite strange > >>> >> >> that > >>> >> >> JSC > >>> >> >> doesnt have this problem though [since they should also be > creating > >>> >> >> text > >>> >> >> nodes as in the trace] > >>> >> >>> > >>> >> >>> > > >>> >> >>> > yours, > >>> >> >>> > anton. > >>> >> >>> > > >>> >> >>> >> > >>> >> >>> >>> > >>> >> >>> >>> yours, > >>> >> >>> >>> anton. > >>> >> >>> >>> > >>> >> >>> >>> > Thanks, > >>> >> >>> >>> > Zaheer > >>> >> >>> >>> >> > >>> >> >>> >>> >> On Wed, Oct 6, 2010 at 6:03 PM, Zaheer Ahmad > >>> >> >>> >>> >> <[email protected]> > >>> >> >>> >>> >> wrote: > >>> >> >>> >>> >> > dromaeo usally runs on android the last time i checked > >>> >> >>> >>> >> > with > >>> >> >>> >>> >> > v8 > >>> >> >>> >>> >> > and > >>> >> >>> >>> >> > currently > >>> >> >>> >>> >> > the OOM gets invoked and browser is killed (i presume a > >>> >> >>> >>> >> > GC > >>> >> >>> >>> >> > would > >>> >> >>> >>> >> > interfere > >>> >> >>> >>> >> > before that). i just checked JSC works fine. so most > >>> >> >>> >>> >> > probably > >>> >> >>> >>> >> > its an > >>> >> >>> >>> >> > issue. > >>> >> >>> >>> >> > is there a easy way to track the caller on android? > >>> >> >>> >>> >> > Thanks, > >>> >> >>> >>> >> > Zaheer > >>> >> >>> >>> >> > > >>> >> >>> >>> >> > On Wed, Oct 6, 2010 at 7:08 PM, Anton Muhin > >>> >> >>> >>> >> > <[email protected]> > >>> >> >>> >>> >> > wrote: > >>> >> >>> >>> >> >> > >>> >> >>> >>> >> >> Are you sure it's a leak? v8 uses GC and time when it > >>> >> >>> >>> >> >> collects > >>> >> >>> >>> >> >> garbage is roughly unpredictable. > >>> >> >>> >>> >> >> > >>> >> >>> >>> >> >> yours, > >>> >> >>> >>> >> >> anton. > >>> >> >>> >>> >> >> > >>> >> >>> >>> >> >> On Wed, Oct 6, 2010 at 5:07 PM, Zaheer Ahmad > >>> >> >>> >>> >> >> <[email protected]> > >>> >> >>> >>> >> >> wrote: > >>> >> >>> >>> >> >> > hi, > >>> >> >>> >>> >> >> > Iam running dromaeo tests with latest BE (oct-1) and > >>> >> >>> >>> >> >> > DOM > >>> >> >>> >>> >> >> > modification > >>> >> >>> >>> >> >> > tests > >>> >> >>> >>> >> >> > seem to leak a lot (40M in 5s). Is this a known > issue? > >>> >> >>> >>> >> >> > thanks, > >>> >> >>> >>> >> >> > Zaheer > >>> >> >>> >>> >> >> > > >>> >> >>> >>> >> >> > -- > >>> >> >>> >>> >> >> > v8-users mailing list > >>> >> >>> >>> >> >> > [email protected] > >>> >> >>> >>> >> >> > http://groups.google.com/group/v8-users > >>> >> >>> >>> >> >> > >>> >> >>> >>> >> >> -- > >>> >> >>> >>> >> >> v8-users mailing list > >>> >> >>> >>> >> >> [email protected] > >>> >> >>> >>> >> >> http://groups.google.com/group/v8-users > >>> >> >>> >>> >> > > >>> >> >>> >>> >> > -- > >>> >> >>> >>> >> > v8-users mailing list > >>> >> >>> >>> >> > [email protected] > >>> >> >>> >>> >> > http://groups.google.com/group/v8-users > >>> >> >>> >>> >> > >>> >> >>> >>> >> -- > >>> >> >>> >>> >> v8-users mailing list > >>> >> >>> >>> >> [email protected] > >>> >> >>> >>> >> http://groups.google.com/group/v8-users > >>> >> >>> >>> > > >>> >> >>> >>> > -- > >>> >> >>> >>> > v8-users mailing list > >>> >> >>> >>> > [email protected] > >>> >> >>> >>> > http://groups.google.com/group/v8-users > >>> >> >>> >>> > >>> >> >>> >>> -- > >>> >> >>> >>> v8-users mailing list > >>> >> >>> >>> [email protected] > >>> >> >>> >>> http://groups.google.com/group/v8-users > >>> >> >>> >> > >>> >> >>> >> -- > >>> >> >>> >> v8-users mailing list > >>> >> >>> >> [email protected] > >>> >> >>> >> http://groups.google.com/group/v8-users > >>> >> >>> > > >>> >> >>> > >>> >> >>> -- > >>> >> >>> v8-users mailing list > >>> >> >>> [email protected] > >>> >> >>> http://groups.google.com/group/v8-users > >>> >> > > >>> >> > > >>> > > >>> > > >>> > >>> -- > >>> v8-users mailing list > >>> [email protected] > >>> http://groups.google.com/group/v8-users > > > > > -- v8-users mailing list [email protected] http://groups.google.com/group/v8-users
