Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory management #5

Closed
koops opened this issue May 17, 2016 · 3 comments
Closed

Memory management #5

koops opened this issue May 17, 2016 · 3 comments

Comments

@koops
Copy link

koops commented May 17, 2016

Hi, this project looks exciting. I'm a long-time therubyracer user and I use it for long-running contexts. Memory management is an open issue with trr, see issue.

So I'd like to know, is there any reason to believe that mini_racer might do better than trr at conserving memory?
@SamSaffron
Copy link
Collaborator

Yes mini_racer is designed to hold almost no refs between VMs. The only refs allowed are an array of procs it is allowed to call.

By avoiding transparently holding references and weak refs to objects between VMS (everything is moved by copy) risk of memory issues goes way down.

@koops
Copy link
Author

koops commented May 19, 2016

Thanks, that's good news. One other, related thing: do you plan on supposing dispose on a context?

@SamSaffron
Copy link
Collaborator

Yes going to add a mechanism to run a context in a block and dispose of all
v8 resources once block is over "burning" the context,

Also maybe simply add a reset method to clear

On Friday, 20 May 2016, koops [email protected] wrote:

Thanks, that's good news. One other, related thing: do you plan on
supposing dispose on a context?


You are receiving this because you modified the open/close state.
Reply to this email directly or view it on GitHub
#5 (comment)

@pan pan mentioned this issue Mar 2, 2019
Closed
cataphract added a commit to cataphract/mini_racer that referenced this issue May 6, 2020
@cataphract
Merge pull request rubyjs#5 from sqreen/alpine
0d47262 
Support alpine
cataphract added a commit to cataphract/mini_racer that referenced this issue May 6, 2020
@cataphract
Fix shutdown crashes, make cleanup threads detached
b2d875d 
Can be reproduced just by running the tests:

while /home/glopes/ruby/bin/ruby -Ilib:test:lib -I/home/glopes/ruby/lib/ruby/gems/2.7.0/gems/rake-10.5.0/lib /home/glopes/ruby/lib/ruby/gems/2.7.0/gems/rake-10.5.0/lib/rake/rake_test_loader.rb test/mini_racer_test.rb; do echo not yet; done

...

You have skipped tests. Run with --verbose for details.
Segmentation fault (core dumped)
glopes ~/repos/mini_racer ((b32ca19...) %) $ coredumpctl gdb
           PID: 29454 (ruby)
           UID: 1000 (glopes)
           GID: 1000 (glopes)
        Signal: 11 (SEGV)
     Timestamp: Tue 2020-05-05 15:24:40 WEST (11s ago)
  Command Line: /home/glopes/ruby/bin/ruby -Ilib:test:lib -I/home/glopes/ruby/lib/ruby/gems/2.7.0/gems/rake-10.5.0/lib /home/glopes/ruby/lib/ruby/gems/2.7.0/gems/rake-10.5.0/lib/rake/rake_test_loader.rb test/mini_racer_test.rb
    Executable: /home/glopes/ruby/bin/ruby
 Control Group: /user.slice/user-1000.slice/session-c2.scope
          Unit: session-c2.scope
         Slice: user-1000.slice
       Session: c2
     Owner UID: 1000 (glopes)
       Boot ID: 64a5c179f6764f5f95498c75fd17be8e
    Machine ID: 82e2fca72c474b2591af0e380dc4cead
      Hostname: aorus
       Storage: /var/lib/systemd/coredump/core.ruby.1000.64a5c179f6764f5f95498c75fd17be8e.29454.1588688680000000.lz4
       Message: Process 29454 (ruby) of user 1000 dumped core.

                Stack trace of thread 29491:
                #0  0x0000563082fe9e60 n/a (n/a)
                rubyjs#1  0x00007fc11080ae2c n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)
                rubyjs#2  0x00007fc110794b03 n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)
                rubyjs#3  0x00007fc11082829e n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)
                rubyjs#4  0x00007fc110827f76 n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)
                rubyjs#5  0x00007fc1105e3560 n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)

GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/glopes/ruby/bin/ruby...done.
[New LWP 29491]
[New LWP 29455]
[New LWP 29456]
[New LWP 29454]
[New LWP 29468]
[New LWP 29469]
[New LWP 29465]
[New LWP 29467]
[New LWP 29471]
[New LWP 29470]
[New LWP 29472]
[New LWP 29474]
[New LWP 29473]
[New LWP 29475]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/home/glopes/ruby/bin/ruby -Ilib:test:lib -I/home/glopes/ruby/lib/ruby/gems/2.7'.
Program terminated with signal SIGSEGV, Segmentation fault.
[Current thread is 1 (Thread 0x7fc0b0ff9700 (LWP 29491))]
 #0  0x0000563082fe9e60 in ?? ()
 rubyjs#1  0x00007fc110b9ea6c in v8::internal::VirtualMemory::Free() () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 rubyjs#2  0x00007fc11080ae2c in v8::internal::StoreBuffer::TearDown() () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 rubyjs#3  0x00007fc110794b03 in v8::internal::Heap::TearDown() () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 rubyjs#4  0x00007fc11082829e in v8::internal::Isolate::Deinit() () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 rubyjs#5  0x00007fc110827f76 in v8::internal::Isolate::Delete(v8::internal::Isolate*) () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 rubyjs#6  0x00007fc1105e3560 in free_isolate (isolate_info=isolate_info@entry=0x563083e7db70) at ../../../../ext/mini_racer_extension/mini_racer_extension.cc:1194
 rubyjs#7  0x00007fc1105e03c8 in IsolateInfo::~IsolateInfo (this=0x563083e7db70, __in_chrg=<optimized out>)
    at ../../../../ext/mini_racer_extension/mini_racer_extension.cc:52
 rubyjs#8  IsolateInfo::release (this=0x563083e7db70) at ../../../../ext/mini_racer_extension/mini_racer_extension.cc:71
 rubyjs#9  free_context_raw (arg=0x5630832a7d90) at ../../../../ext/mini_racer_extension/mini_racer_extension.cc:1221
 rubyjs#10 0x00007fc116c5f6db in start_thread (arg=0x7fc0b0ff9700) at pthread_create.c:463
 rubyjs#11 0x00007fc115d2588f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
SamSaffron pushed a commit that referenced this issue May 8, 2020
@cataphract
Fix a use-after-free and a shutdown crash (#162)
2b1ee80 
* Fix use-after-free

This can easily glanced on valgrind:

$ cat a.rb
require 'mini_racer'

puts 'before context new'
context = MiniRacer::Context.new
puts 'after context new'
context.dispose
puts 'after dispose'

glopes ~/repos/mini_racer ((b32ca19...) %) $ valgrind --max-stackframe=8379104 /home/glopes/ruby/bin/ruby -Ilib:test:lib a.rb
==29861== Memcheck, a memory error detector
==29861== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==29861== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==29861== Command: /home/glopes/ruby/bin/ruby -Ilib:test:lib a.rb
==29861==
before context new
after context new
==29861== Invalid read of size 8
==29861==    at 0xC301450: free_context(ContextInfo*) (mini_racer_extension.cc:1247)
==29861==    by 0xC301516: rb_context_dispose(unsigned long) (mini_racer_extension.cc:1439)
==29861==    by 0x2F5B39: vm_call_cfunc_with_frame (vm_insnhelper.c:2514)
==29861==    by 0x2F5B39: vm_call_cfunc (vm_insnhelper.c:2539)
==29861==    by 0x30FF4D: vm_call_method (vm_insnhelper.c:3053)
==29861==    by 0x307CD4: vm_sendish (vm_insnhelper.c:4023)
==29861==    by 0x307CD4: vm_exec_core (insns.def:801)
==29861==    by 0x2FF7E7: rb_vm_exec (vm.c:1920)
==29861==    by 0x3004DD: invoke_iseq_block_from_c (vm.c:1116)
==29861==    by 0x3004DD: invoke_block_from_c_bh (vm.c:1134)
==29861==    by 0x3004DD: vm_yield (vm.c:1179)
==29861==    by 0x3004DD: rb_yield_0 (vm_eval.c:1227)
==29861==    by 0x3004DD: rb_yield_1 (vm_eval.c:1233)
==29861==    by 0x3004DD: rb_yield (vm_eval.c:1243)
==29861==    by 0x136F60: rb_ensure (eval.c:1129)
==29861==    by 0x2F5B39: vm_call_cfunc_with_frame (vm_insnhelper.c:2514)
==29861==    by 0x2F5B39: vm_call_cfunc (vm_insnhelper.c:2539)
==29861==    by 0x30FF4D: vm_call_method (vm_insnhelper.c:3053)
==29861==    by 0x307D8A: vm_sendish (vm_insnhelper.c:4023)
==29861==    by 0x307D8A: vm_exec_core (insns.def:782)
==29861==    by 0x2FFE8E: rb_vm_exec (vm.c:1929)
==29861==  Address 0xbd6e520 is 0 bytes inside a block of size 48 free'd
==29861==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29861==    by 0x157D09: objspace_xfree (gc.c:10071)
==29861==    by 0x157D09: ruby_sized_xfree (gc.c:10164)
==29861==    by 0x157D09: ruby_xfree (gc.c:10171)
==29861==    by 0xC3013CF: operator delete (mini_racer_extension.cc:84)
==29861==    by 0xC3013CF: release (mini_racer_extension.cc:71)
==29861==    by 0xC3013CF: free_context_raw(void*) (mini_racer_extension.cc:1221)
==29861==    by 0xC301448: free_context(ContextInfo*) (mini_racer_extension.cc:1244)
==29861==    by 0xC301516: rb_context_dispose(unsigned long) (mini_racer_extension.cc:1439)
==29861==    by 0x2F5B39: vm_call_cfunc_with_frame (vm_insnhelper.c:2514)
==29861==    by 0x2F5B39: vm_call_cfunc (vm_insnhelper.c:2539)
==29861==    by 0x30FF4D: vm_call_method (vm_insnhelper.c:3053)
==29861==    by 0x307CD4: vm_sendish (vm_insnhelper.c:4023)
==29861==    by 0x307CD4: vm_exec_core (insns.def:801)
==29861==    by 0x2FF7E7: rb_vm_exec (vm.c:1920)
==29861==    by 0x3004DD: invoke_iseq_block_from_c (vm.c:1116)
==29861==    by 0x3004DD: invoke_block_from_c_bh (vm.c:1134)
==29861==    by 0x3004DD: vm_yield (vm.c:1179)
==29861==    by 0x3004DD: rb_yield_0 (vm_eval.c:1227)
==29861==    by 0x3004DD: rb_yield_1 (vm_eval.c:1233)
==29861==    by 0x3004DD: rb_yield (vm_eval.c:1243)
==29861==    by 0x136F60: rb_ensure (eval.c:1129)
==29861==    by 0x2F5B39: vm_call_cfunc_with_frame (vm_insnhelper.c:2514)
==29861==    by 0x2F5B39: vm_call_cfunc (vm_insnhelper.c:2539)
==29861==  Block was alloc'd at
==29861==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29861==    by 0x154BE3: objspace_xmalloc0 (gc.c:9860)
==29861==    by 0xC3041D1: operator new (mini_racer_extension.cc:80)
==29861==    by 0xC3041D1: rb_context_init_unsafe(unsigned long, unsigned long, unsigned long) (mini_racer_extension.cc:777)
==29861==    by 0x2F5B39: vm_call_cfunc_with_frame (vm_insnhelper.c:2514)
==29861==    by 0x2F5B39: vm_call_cfunc (vm_insnhelper.c:2539)
==29861==    by 0x30FF4D: vm_call_method (vm_insnhelper.c:3053)
==29861==    by 0x307CD4: vm_sendish (vm_insnhelper.c:4023)
==29861==    by 0x307CD4: vm_exec_core (insns.def:801)
==29861==    by 0x2FF7E7: rb_vm_exec (vm.c:1920)
==29861==    by 0x3037B6: vm_call0_body (vm_eval.c:136)
==29861==    by 0x303F7E: rb_vm_call0 (vm_eval.c:52)
==29861==    by 0x3042CC: rb_vm_call_kw (vm_eval.c:268)
==29861==    by 0x3048CF: rb_call0 (vm_eval.c:392)
==29861==    by 0x304D73: rb_call (vm_eval.c:718)
==29861==    by 0x304D73: rb_funcallv_kw (vm_eval.c:965)
==29861==
after dispose

* Fix shutdown crashes, make cleanup threads detached

Can be reproduced just by running the tests:

while /home/glopes/ruby/bin/ruby -Ilib:test:lib -I/home/glopes/ruby/lib/ruby/gems/2.7.0/gems/rake-10.5.0/lib /home/glopes/ruby/lib/ruby/gems/2.7.0/gems/rake-10.5.0/lib/rake/rake_test_loader.rb test/mini_racer_test.rb; do echo not yet; done

...

You have skipped tests. Run with --verbose for details.
Segmentation fault (core dumped)
glopes ~/repos/mini_racer ((b32ca19...) %) $ coredumpctl gdb
           PID: 29454 (ruby)
           UID: 1000 (glopes)
           GID: 1000 (glopes)
        Signal: 11 (SEGV)
     Timestamp: Tue 2020-05-05 15:24:40 WEST (11s ago)
  Command Line: /home/glopes/ruby/bin/ruby -Ilib:test:lib -I/home/glopes/ruby/lib/ruby/gems/2.7.0/gems/rake-10.5.0/lib /home/glopes/ruby/lib/ruby/gems/2.7.0/gems/rake-10.5.0/lib/rake/rake_test_loader.rb test/mini_racer_test.rb
    Executable: /home/glopes/ruby/bin/ruby
 Control Group: /user.slice/user-1000.slice/session-c2.scope
          Unit: session-c2.scope
         Slice: user-1000.slice
       Session: c2
     Owner UID: 1000 (glopes)
       Boot ID: 64a5c179f6764f5f95498c75fd17be8e
    Machine ID: 82e2fca72c474b2591af0e380dc4cead
      Hostname: aorus
       Storage: /var/lib/systemd/coredump/core.ruby.1000.64a5c179f6764f5f95498c75fd17be8e.29454.1588688680000000.lz4
       Message: Process 29454 (ruby) of user 1000 dumped core.

                Stack trace of thread 29491:
                #0  0x0000563082fe9e60 n/a (n/a)
                #1  0x00007fc11080ae2c n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)
                #2  0x00007fc110794b03 n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)
                #3  0x00007fc11082829e n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)
                #4  0x00007fc110827f76 n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)
                #5  0x00007fc1105e3560 n/a (/home/glopes/repos/mini_racer/lib/mini_racer_extension.so)

GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/glopes/ruby/bin/ruby...done.
[New LWP 29491]
[New LWP 29455]
[New LWP 29456]
[New LWP 29454]
[New LWP 29468]
[New LWP 29469]
[New LWP 29465]
[New LWP 29467]
[New LWP 29471]
[New LWP 29470]
[New LWP 29472]
[New LWP 29474]
[New LWP 29473]
[New LWP 29475]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/home/glopes/ruby/bin/ruby -Ilib:test:lib -I/home/glopes/ruby/lib/ruby/gems/2.7'.
Program terminated with signal SIGSEGV, Segmentation fault.
[Current thread is 1 (Thread 0x7fc0b0ff9700 (LWP 29491))]
 #0  0x0000563082fe9e60 in ?? ()
 #1  0x00007fc110b9ea6c in v8::internal::VirtualMemory::Free() () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 #2  0x00007fc11080ae2c in v8::internal::StoreBuffer::TearDown() () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 #3  0x00007fc110794b03 in v8::internal::Heap::TearDown() () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 #4  0x00007fc11082829e in v8::internal::Isolate::Deinit() () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 #5  0x00007fc110827f76 in v8::internal::Isolate::Delete(v8::internal::Isolate*) () from /home/glopes/repos/mini_racer/lib/mini_racer_extension.so
 #6  0x00007fc1105e3560 in free_isolate (isolate_info=isolate_info@entry=0x563083e7db70) at ../../../../ext/mini_racer_extension/mini_racer_extension.cc:1194
 #7  0x00007fc1105e03c8 in IsolateInfo::~IsolateInfo (this=0x563083e7db70, __in_chrg=<optimized out>)
    at ../../../../ext/mini_racer_extension/mini_racer_extension.cc:52
 #8  IsolateInfo::release (this=0x563083e7db70) at ../../../../ext/mini_racer_extension/mini_racer_extension.cc:71
 #9  free_context_raw (arg=0x5630832a7d90) at ../../../../ext/mini_racer_extension/mini_racer_extension.cc:1221
 #10 0x00007fc116c5f6db in start_thread (arg=0x7fc0b0ff9700) at pthread_create.c:463
 #11 0x00007fc115d2588f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
SamSaffron added a commit that referenced this issue Sep 15, 2020
@SamSaffron
FEATURE: warn more loudly about forked environments
86bdc6d 
In single_threaded mode MiniRacer will behave far more reasonably if platform
is initialized in the master process.

Sadly this is only a partial solution since we will hang at:

```
#0  0x00007fe6f037e34d in pthread_cond_broadcast@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fe6ebc15c05 in v8::platform::DelayedTaskQueue::Terminate() ()
   from /home/sam/Source/mini_racer/lib/mini_racer_extension.so
#2  0x00007fe6ebc14dfd in v8::platform::DefaultWorkerThreadsTaskRunner::Terminate() ()
   from /home/sam/Source/mini_racer/lib/mini_racer_extension.so
#3  0x00007fe6ebc13bd6 in v8::platform::DefaultPlatform::~DefaultPlatform() ()
   from /home/sam/Source/mini_racer/lib/mini_racer_extension.so
#4  0x00007fe6ebc13cde in v8::platform::DefaultPlatform::~DefaultPlatform() ()
   from /home/sam/Source/mini_racer/lib/mini_racer_extension.so
#5  0x00007fe6effb0db7 in __run_exit_handlers () from /usr/lib/libc.so.6
```

Likely some more v8 changes are needed to mitigate the heavily forked use
case.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SamSaffron @koops