[heap] Run phantom handle callbacks on tear down

Pending phantom handle callbacks are not reliably executed if the heap shuts down. This can cause to memory leaks or other unwanted behaviour, like in wasm where the NativeModules (held in Managed objects implemented via phantom handles) unregister from the WasmEngine in the second-pass callback. This must be executed before tearing down the WasmEngine. This CL fixes this by running pending callback synchronously on heap tear down. R=ulan@chromium.org, mlippautz@chromium.org Bug: v8:8208 Change-Id: I27b630c4d8f1fb12309040ea2179b64eed38710a Reviewed-on: https://chromium-review.googlesource.com/1249101 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#56286}

[heap] Run phantom handle callbacks on tear down
Pending phantom handle callbacks are not reliably executed if the heap shuts down. This can cause to memory leaks or other unwanted behaviour, like in wasm where the NativeModules (held in Managed objects implemented via phantom handles) unregister from the WasmEngine in the second-pass callback. This must be executed before tearing down the WasmEngine. This CL fixes this by running pending callback synchronously on heap tear down. R=ulan@chromium.org, mlippautz@chromium.org Bug: v8:8208 Change-Id: I27b630c4d8f1fb12309040ea2179b64eed38710a Reviewed-on: https://chromium-review.googlesource.com/1249101 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#56286}
fa65063a · Clemens Hammacher · Commit Bot · 4bba0ea7 · fa65063a · fa65063a
Commit fa65063a authored Sep 27, 2018 by Clemens Hammacher Committed by Commit Bot Sep 28, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 8 deletions

global-handles.cc src/global-handles.cc +1 -1

heap.cc src/heap/heap.cc +4 -3

isolate.cc src/isolate.cc +4 -4

No files found.
--- a/src/global-handles.cc
+++ b/src/global-handles.cc
@@ -1088,7 +1088,7 @@ void GlobalHandles::Print() {

 #endif

-void GlobalHandles::TearDown() {}
+void GlobalHandles::TearDown() { DispatchPendingPhantomCallbacks(true); }

 EternalHandles::EternalHandles() : size_(0) {
  for (unsigned i = 0; i < arraysize(singleton_handles_); i++) {

--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -4551,7 +4551,10 @@ void Heap::RegisterExternallyReferencedObject(Object** object) {
  }
 }

-void Heap::StartTearDown() { SetGCState(TEAR_DOWN); }
+void Heap::StartTearDown() {
+  SetGCState(TEAR_DOWN);
+  isolate_->global_handles()->TearDown();
+}

 void Heap::TearDown() {
  DCHECK_EQ(gc_state_, TEAR_DOWN);
@@ -4652,8 +4655,6 @@ void Heap::TearDown() {
  delete scavenge_job_;
  scavenge_job_ = nullptr;

-  isolate_->global_handles()->TearDown();
-
  external_string_table_.TearDown();

  // Tear down all ArrayBuffers before tearing down the heap since  their

--- a/src/isolate.cc
+++ b/src/isolate.cc
@@ -2618,6 +2618,10 @@ void Isolate::Deinit() {
    optimizing_compile_dispatcher_ = nullptr;
  }

+  // We start with the heap tear down so that releasing managed objects does
+  // not cause a GC.
+  heap_.StartTearDown();
+
  heap_.mark_compact_collector()->EnsureSweepingCompleted();
  heap_.memory_allocator()->unmapper()->EnsureUnmappingCompleted();

@@ -2634,10 +2638,6 @@ void Isolate::Deinit() {
  FreeThreadResources();
  logger_->StopProfilerThread();

-  // We start with the heap tear down so that releasing managed objects does
-  // not cause a GC.
-  heap_.StartTearDown();
-
  ReleaseSharedPtrs();

  delete deoptimizer_data_;