Run FinalizationRegistry callback in the job queue #500
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bnoordhuis
reviewed
Sep 6, 2024
saghul
force-pushed
the
finrec-enqueue-job
branch
5 times, most recently
from
96f3f72 to
59d1dda
Compare
|
@bnoordhuis THis one should be ready now. I had to dig deep, so pl let me know what you think! |
bnoordhuis
reviewed
Sep 9, 2024
The spec says HostMakeJobCallback has to be used on the callback: https://tc39.es/ecma262/multipage/managing-memory.html#sec-finalization-registry-cleanup-callback That makes the following (arguably contrived) example run forever until memory is exhausted. ```js let count = 0; function main() { console.log(`main! ${++count}`); const registry = new FinalizationRegistry(() => { globalThis.foo = main(); }); registry.register([]); registry.register([]); return registry; } main(); console.log(count); ``` That is unlike V8, which runs 0 times. This can be explained by the difference in GC implementations and since FinRec makes GC observable, here we are! Fixes: #432
saghul
force-pushed
the
finrec-enqueue-job
branch
from
59d1dda to
5cb2c21
Compare
bnoordhuis
reviewed
Nov 6, 2024
Comment on lines
+53325
to
53332
| if (!rt->in_free && (!JS_IsObject(fre->held_val) || JS_IsLiveObject(rt, fre->held_val))) { | ||
| JSValue args[2]; | ||
| args[0] = frd->cb; | ||
| args[1] = fre->held_val; | ||
| JS_EnqueueJob(frd->ctx, js_finrec_job, 2, args); | ||
| } | ||
| JS_FreeValueRT(rt, fre->token); | ||
| js_free_rt(rt, fre); |
There was a problem hiding this comment.
This appears to cause #648 and now that I'm looking at it more closely, I believe a spot a bug:
If the branch is not taken (i.e. no job is enqueued), shouldn't it JS_FreeValueRT(rt, fre->held_val)? fre is freed here.
There was a problem hiding this comment.
Possibly yeah. The object might not be live so I think we need to check for that.
There was a problem hiding this comment.
Figured it out just now: it should call JS_FreeValueRT(rt, fre->held_val) because JS_EnqueueJob increments the ref count, and js_finrec_job should not call JS_FreeValue(ctx, argv[1]). Pull request incoming.
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The spec says HostMakeJobCallback has to be used on the callback: https://tc39.es/ecma262/multipage/managing-memory.html#sec-finalization-registry-cleanup-callback
That makes the following (arguably contrived) example run forever until memory is exhausted.
That is unlike V8, which runs 0 times. This can be explained by the difference in GC implementations and since FinRec makes GC observable, here we are!
Fixes: #432