Help needed for a GC issue
9 views
Skip to first unread message
Xida Chen
Aug 16, 2021, 6:40:47 AM8/16/21
to memory-dev, Robert Flack, Michael Lippautz
Hello memory-dev,
I am trying to make a small change to our code base, the CL is here: https://chromium-review.googlesource.com/c/chromium/src/+/3088776.
With that CL, I get a crash when I ran:
out/Default/chrome --enable-blink-features=CompositeBGColorAnimation https://output.jsbin.com/xocoroh/4
Here is the full stack trace. It seems that something went wrong during the marking phase. Could you offer suggestions?
#
# Fatal error in ../../v8/src/heap/cppgc/marking-state.h, line 202
# Debug check failed: &heap_ == &BasePage::FromPayload(&header)->heap() (0x14e200059010 vs. 0x14e200bc7a90).
#
#
#
#FailureMessage Object: 0x7f427050dc00#0 0x55e6fbd17cb9 base::debug::CollectStackTrace()
#1 0x55e6fbc41ac3 base::debug::StackTrace::StackTrace()
#2 0x55e6ff78ccbd gin::(anonymous namespace)::PrintStackTrace()
#3 0x55e6fd741e28 V8_Fatal()
#4 0x55e6fd741a35 v8::base::(anonymous namespace)::DefaultDcheckHandler()
#5 0x55e6f9fd787c cppgc::internal::MarkingStateBase::MarkAndPush()
#6 0x55e6fa8f0d9d cppgc::internal::(anonymous namespace)::ConcurrentMarkingTask::Run()
#7 0x55e6ff78dd65 base::internal::Invoker<>::Run()
#8 0x55e6fed44fa9 base::internal::Invoker<>::Run()
#9 0x55e6fbcb90fd base::TaskAnnotator::RunTask()
#10 0x55e6fbced5b7 base::internal::TaskTracker::RunSkipOnShutdown()
#11 0x55e6fbcece21 base::internal::TaskTracker::RunTask()
#12 0x55e6fbd2ed37 base::internal::TaskTrackerPosix::RunTask()
#13 0x55e6fbcec7c4 base::internal::TaskTracker::RunAndPopNextTask()
#14 0x55e6fbcf62d9 base::internal::WorkerThread::RunWorker()
#15 0x55e6fbcf5ecd base::internal::WorkerThread::RunPooledWorker()
#16 0x55e6fbd2f77b base::(anonymous namespace)::ThreadFunc()
#17 0x7f427584bea7 start_thread
#18 0x7f427487adef clone
Received signal 4 ILL_ILLOPN 55e6fd754e73
#0 0x55e6fbd17cb9 base::debug::CollectStackTrace()
#1 0x55e6fbc41ac3 base::debug::StackTrace::StackTrace()
#2 0x55e6fbd17741 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f4275857140 (/usr/lib/x86_64-linux-gnu/libpthread-2.31.so+0x1413f)
#4 0x55e6fd754e73 v8::base::OS::Abort()
#5 0x55e6fd741e35 V8_Fatal()
#6 0x55e6fd741a35 v8::base::(anonymous namespace)::DefaultDcheckHandler()
#7 0x55e6f9fd787c cppgc::internal::MarkingStateBase::MarkAndPush()
#8 0x55e6fa8f0d9d cppgc::internal::(anonymous namespace)::ConcurrentMarkingTask::Run()
#9 0x55e6ff78dd65 base::internal::Invoker<>::Run()
#10 0x55e6fed44fa9 base::internal::Invoker<>::Run()
#11 0x55e6fbcb90fd base::TaskAnnotator::RunTask()
#12 0x55e6fbced5b7 base::internal::TaskTracker::RunSkipOnShutdown()
#13 0x55e6fbcece21 base::internal::TaskTracker::RunTask()
#14 0x55e6fbd2ed37 base::internal::TaskTrackerPosix::RunTask()
#15 0x55e6fbcec7c4 base::internal::TaskTracker::RunAndPopNextTask()
#16 0x55e6fbcf62d9 base::internal::WorkerThread::RunWorker()
#17 0x55e6fbcf5ecd base::internal::WorkerThread::RunPooledWorker()
#18 0x55e6fbd2f77b base::(anonymous namespace)::ThreadFunc()
#19 0x7f427584bea7 start_thread
#20 0x7f427487adef clone
# Fatal error in ../../v8/src/heap/cppgc/marking-state.h, line 202
# Debug check failed: &heap_ == &BasePage::FromPayload(&header)->heap() (0x14e200059010 vs. 0x14e200bc7a90).
#
#
#
#FailureMessage Object: 0x7f427050dc00#0 0x55e6fbd17cb9 base::debug::CollectStackTrace()
#1 0x55e6fbc41ac3 base::debug::StackTrace::StackTrace()
#2 0x55e6ff78ccbd gin::(anonymous namespace)::PrintStackTrace()
#3 0x55e6fd741e28 V8_Fatal()
#4 0x55e6fd741a35 v8::base::(anonymous namespace)::DefaultDcheckHandler()
#5 0x55e6f9fd787c cppgc::internal::MarkingStateBase::MarkAndPush()
#6 0x55e6fa8f0d9d cppgc::internal::(anonymous namespace)::ConcurrentMarkingTask::Run()
#7 0x55e6ff78dd65 base::internal::Invoker<>::Run()
#8 0x55e6fed44fa9 base::internal::Invoker<>::Run()
#9 0x55e6fbcb90fd base::TaskAnnotator::RunTask()
#10 0x55e6fbced5b7 base::internal::TaskTracker::RunSkipOnShutdown()
#11 0x55e6fbcece21 base::internal::TaskTracker::RunTask()
#12 0x55e6fbd2ed37 base::internal::TaskTrackerPosix::RunTask()
#13 0x55e6fbcec7c4 base::internal::TaskTracker::RunAndPopNextTask()
#14 0x55e6fbcf62d9 base::internal::WorkerThread::RunWorker()
#15 0x55e6fbcf5ecd base::internal::WorkerThread::RunPooledWorker()
#16 0x55e6fbd2f77b base::(anonymous namespace)::ThreadFunc()
#17 0x7f427584bea7 start_thread
#18 0x7f427487adef clone
Received signal 4 ILL_ILLOPN 55e6fd754e73
#0 0x55e6fbd17cb9 base::debug::CollectStackTrace()
#1 0x55e6fbc41ac3 base::debug::StackTrace::StackTrace()
#2 0x55e6fbd17741 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f4275857140 (/usr/lib/x86_64-linux-gnu/libpthread-2.31.so+0x1413f)
#4 0x55e6fd754e73 v8::base::OS::Abort()
#5 0x55e6fd741e35 V8_Fatal()
#6 0x55e6fd741a35 v8::base::(anonymous namespace)::DefaultDcheckHandler()
#7 0x55e6f9fd787c cppgc::internal::MarkingStateBase::MarkAndPush()
#8 0x55e6fa8f0d9d cppgc::internal::(anonymous namespace)::ConcurrentMarkingTask::Run()
#9 0x55e6ff78dd65 base::internal::Invoker<>::Run()
#10 0x55e6fed44fa9 base::internal::Invoker<>::Run()
#11 0x55e6fbcb90fd base::TaskAnnotator::RunTask()
#12 0x55e6fbced5b7 base::internal::TaskTracker::RunSkipOnShutdown()
#13 0x55e6fbcece21 base::internal::TaskTracker::RunTask()
#14 0x55e6fbd2ed37 base::internal::TaskTrackerPosix::RunTask()
#15 0x55e6fbcec7c4 base::internal::TaskTracker::RunAndPopNextTask()
#16 0x55e6fbcf62d9 base::internal::WorkerThread::RunWorker()
#17 0x55e6fbcf5ecd base::internal::WorkerThread::RunPooledWorker()
#18 0x55e6fbd2f77b base::(anonymous namespace)::ThreadFunc()
#19 0x7f427584bea7 start_thread
#20 0x7f427487adef clone
Michael Lippautz
Aug 16, 2021, 7:01:10 AM8/16/21
to Xida Chen, memory-dev, Robert Flack, Michael Lippautz
Thanks for reaching out.
Is `BackgroundColorPaintDefinition::Paint()` running on a different thread? It looks like it's allocating and storing an object as a reference on a different thread (and thus belonging to a different heap). Oilpan provides per-thread heaps with CrossThreadPersistent and CrossThreadWeakPersistent being the reference types that should refer to objects on different heaps.
Xida Chen
Aug 16, 2021, 7:04:53 AM8/16/21
to Michael Lippautz, memory-dev, Robert Flack
Hi Michael,
Yes, 'BackgroundColorPaintDefinition::Paint()' runs on a 'WorkerBackingThread'.
Just to make sure I understand what you said:
With my change, the "PaintRenderingContext2D" is initialized on the main thread when the BackgroundColorPaintDefinition is created. But then I am trying to use it on a different thread, and that caused the problem. Is that correct? Is there a way to work around this, so that I can still keep it as a member variable?
Xida Chen
Aug 16, 2021, 7:11:12 AM8/16/21
to Michael Lippautz, memory-dev, Robert Flack
Sorry, my bad. I think you already mentioned it, with using CrossThreadPersistent or CrossThreadWeakPersistent.
Thank you for the help, I will try that.
Michael Lippautz
Aug 16, 2021, 10:12:11 AM8/16/21
to Xida Chen, Michael Lippautz, memory-dev, Robert Flack
On Mon, Aug 16, 2021 at 1:11 PM Xida Chen <xida...@google.com> wrote:
Sorry, my bad. I think you already mentioned it, with using CrossThreadPersistent or CrossThreadWeakPersistent.
Yes, or alternatively set up everything on the main thread and only process on the background thread?
Thank you for the help, I will try that.On Mon, Aug 16, 2021 at 7:04 AM Xida Chen <xida...@google.com> wrote:Hi Michael,Yes, 'BackgroundColorPaintDefinition::Paint()' runs on a 'WorkerBackingThread'.Just to make sure I understand what you said:With my change, the "PaintRenderingContext2D" is initialized on the main thread when the BackgroundColorPaintDefinition is created. But then I am trying to use it on a different thread, and that caused the problem. Is that correct? Is there a way to work around this, so that I can still keep it as a member variable?
The problem is that you have cross-thread (== cross-heap) references behind the regular Member<> managed references which are only meant to be used on the same thread (and are thus faster). CrossThread(Weak)Persistent is the way to go, or ideally a setup where the whole state is created on the main thread.
Reply all
Reply to author
Forward
0 new messages