Prevent CppGC from calling finalizer on object when creating snapshot

[Ronald Fenner]

I know I'm probably missing something but How to I prevent CppGC from calling the finalizer on a Object wrapped in a JS Object.

The object I create through the Cpp Heap is set to one of the JS Object's internal fields for reference for normal method callback.

When I go to create the snapshot blob the Cpp Heap calls the finalizer on the object however the JS object is still alive as the Internal field serializer gets called though the pointer to the cpp object has now been destroyed and the value was I was expecting to serialize is reset.

Thanks

 

[Omer Katz (chromium.org)]

CppGC should not be calling a finalizer of an object that is still reachable.

From your description it's hard to determine whether this is a bug in CppGC or in your code.

Can you file a bug with all details and a repro?

Thanks.

--
--
v8-dev mailing list
v8-...@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/v8-dev/104775f1-ee50-47cf-a5c3-7f0043eb8fe7n%40googlegroups.com.

[Ronald Fenner]

Not sure if it's a bug. The basics of the code is to create the cpp instance of the class and then attach the pointer to the JS object's internal field. So I'm not sure that the heap knows it's attached.

I did setup the wrapper info so I'm wondering if it's setup wrong. I create the heap like this

V8CppHeapUniquePtr heap = V8CppHeap::Create(

V8AppPlatform::Get().get(),

v8::CppHeapCreateParams({}, v8::WrapperDescriptor(

(int)V8CppObjDataIntField::ObjInfo, (int)V8CppObjDataIntField::ObjInstance, m_CppHeapID)));

I creat the instance like this

T *gcObject = cppgc::MakeGarbageCollected<T>(

heap->GetAllocationHandle(), std::forward<Args>(inArgs)...);

Then setup the fields like this

int indexes[] = {(int)V8CppObjDataIntField::CppHeapID,

(int)V8CppObjDataIntField::ObjInfo, (int)V8CppObjDataIntField::ObjInstance};

void *values[] = {runtime->GetCppHeapID(), inInfo, this};

inObject->SetAlignedPointerInInternalFields(

(int)V8CppObjDataIntField::MaxInternalFields, indexes, values);

I kinda got around the issue by adding a cppgc::Persistent variable in the object itself that holds itself and this worked to keep around and does get deleted when the heap is finally torn down but not sure if this is the proper way or if the object is deleted in JS code if it'd get gced and I'm not in a state with the code at the moment to test that out.

[Ronald Fenner]

Where can I file a bug report. I've created a sample that repros the problem. 

It might be a useful sample to include in V8 showing how to use cppgc, snapshot and serialize/deserialize objects though may to be cleaned up a little.

On Wednesday, November 27, 2024 at 12:54:08 AM UTC+8 omer...@chromium.org wrote:

[Omer Katz (chromium.org)]

Hi Ronald,

Do you still need the link to file a bug report?

You can do that at https://issues.chromium.org/new.

Please use "Chromium > Blink > JavaScript > GarbageCollection > Oilpan" for the component.

Omer

To view this discussion visit https://groups.google.com/d/msgid/v8-dev/3c2bdcd5-ce7b-4e93-9aa3-a8602c49d0a7n%40googlegroups.com.

[Ronald Fenner]

No I. found the reporter and filed a bug was told it was dead code as there have been updates but updating above 12.5.96 I get crash in mksnapshot during the build. Have a conversation started on that one.