Run FinalizationRegistry callback in the job queue #500
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
bnoordhuis reviewed Sep 6, 2024
saghul force-pushed the finrec-enqueue-job branch 5 times, most recently from 96f3f72 to 59d1dda Compare | @bnoordhuis THis one should be ready now. I had to dig deep, so pl let me know what you think! |
bnoordhuis reviewed Sep 9, 2024
The spec says HostMakeJobCallback has to be used on the callback: https://tc39.es/ecma262/multipage/managing-memory.html#sec-finalization-registry-cleanup-callback That makes the following (arguably contrived) example run forever until memory is exhausted. ```js let count = 0; function main() { console.log(`main! ${++count}`); const registry = new FinalizationRegistry(() => { globalThis.foo = main(); }); registry.register([]); registry.register([]); return registry; } main(); console.log(count); ``` That is unlike V8, which runs 0 times. This can be explained by the difference in GC implementations and since FinRec makes GC observable, here we are! Fixes: #432
saghul force-pushed the finrec-enqueue-job branch from 59d1dda to 5cb2c21 Compare 
bnoordhuis reviewed Nov 6, 2024
Comment on lines +53325 to 53332
| if (!rt->in_free && (!JS_IsObject(fre->held_val) || JS_IsLiveObject(rt, fre->held_val))) { | ||
| JSValue args[2]; | ||
| args[0] = frd->cb; | ||
| args[1] = fre->held_val; | ||
| JS_EnqueueJob(frd->ctx, js_finrec_job, 2, args); | ||
| } | ||
| JS_FreeValueRT(rt, fre->token); | ||
| js_free_rt(rt, fre); |
There was a problem hiding this comment.
This appears to cause #648 and now that I'm looking at it more closely, I believe a spot a bug:
If the branch is not taken (i.e. no job is enqueued), shouldn't it JS_FreeValueRT(rt, fre->held_val)? fre is freed here.
There was a problem hiding this comment.
Possibly yeah. The object might not be live so I think we need to check for that.
There was a problem hiding this comment.
Figured it out just now: it should call JS_FreeValueRT(rt, fre->held_val) because JS_EnqueueJob increments the ref count, and js_finrec_job should not call JS_FreeValue(ctx, argv[1]). Pull request incoming.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
The spec says HostMakeJobCallback has to be used on the callback: https://tc39.es/ecma262/multipage/managing-memory.html#sec-finalization-registry-cleanup-callback
That makes the following (arguably contrived) example run forever until memory is exhausted.
That is unlike V8, which runs 0 times. This can be explained by the difference in GC implementations and since FinRec makes GC observable, here we are!
Fixes: #432