[o11y] Deallocate STW handle early to manage its lifetime #5422
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Needed for this to compile now that the customEvent keeps a reference to this.
fhanau force-pushed the felix/102725-stw-handle-lifetime branch from 1a94882 to 0cb66ed Compare 
Contributor
| Is there a strong reason to go with destroying the js ref when CustomEventImpl dies (which should happen before isolate destruction) over destroying the js ref when IoContext dies, before the isolate is destroyed? That may help decide if the additional maintenance burden over something like #5425 would be justified. Is there some additional explicit control or error handling opportunity that's gained here? |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Hack: When the tail stream customEvent gets deallocated, we must also deallocate any JsRefs
allocated by it so that they are not outliving the tail worker isolate (they are not allowed
to be deallocated afterwards/by a different isolate). The JSG handler used for tail events
after the Onset event (maybeHandler) is owned by TailStreamTarget and must be deallocated as
part of the tail worker isolate. However, TailStreamTarget is both attached to the tail worker
customEvent and co-owned by the tailed worker (through capability in
TailStreamWriterState::Active). For the handler to be deallocated in the right isolate, we'd
accordingly need the tailed worker isolate to be deallocated before the tail worker isolate,
but this doesn't always seem to happen. Deallocate the handler so that the handler never
outlives the isolate here to ensure memory safety. The TailStreamTarget will report an error
if any events are reported after the handler has been deallocated.
TODO(o11y): See if we can enforce that the tail worker isolate lives longer than the tailed
worker isolate so that TailStreamTarget is always destroyed within this isolate. Alternatively,
we could forcibly disconnect the capnp RPC connection here to deallocate TailStreamTarget, but
this would result in exceptions on the tailed worker side if we try to deliver any events after
the connection has been disconnected; with the current approach this merely results in errors
being logged on the tail worker side.
Reviewers: The first commit (much smaller) is what matters, the second commit merely moves a class declaration to the header which is needed after adding the customEvent -> TailStreamTarget reference; compare using
git diff -w.