bindings/heap: Shutdown GCs do not consider wrappers

Teardown garbage collections do not consider V8 wrappers as roots. Previously this was achieved by clearing out the internal wrapper fields of JS objects which caused a bailout during visitation. This is not necessary, as V8 ignores outgoing references once no more tracer is attached (see V8PerIsolateData::WillBeDestroyed). Blink can then just ignore DOM wrappers by not considering them in first place for termination garbage collections. Change-Id: I4b698b809e5eeb10a5a6f1fa9bdde9c133fec320 Reviewed-on: https://chromium-review.googlesource.com/c/1448216Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#627976}

bindings/heap: Shutdown GCs do not consider wrappers
Teardown garbage collections do not consider V8 wrappers as roots. Previously this was achieved by clearing out the internal wrapper fields of JS objects which caused a bailout during visitation. This is not necessary, as V8 ignores outgoing references once no more tracer is attached (see V8PerIsolateData::WillBeDestroyed). Blink can then just ignore DOM wrappers by not considering them in first place for termination garbage collections. Change-Id: I4b698b809e5eeb10a5a6f1fa9bdde9c133fec320 Reviewed-on: https://chromium-review.googlesource.com/c/1448216Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#627976}
cd5c4f96 · Michael Lippautz · Commit Bot · 2093e103 · cd5c4f96 · cd5c4f96
Commit cd5c4f96 authored Jan 31, 2019 by Michael Lippautz Committed by Commit Bot Jan 31, 2019
3 changed files
--- a/third_party/blink/renderer/bindings/core/v8/v8_gc_controller.cc
+++ b/third_party/blink/renderer/bindings/core/v8/v8_gc_controller.cc
@@ -335,46 +335,6 @@ class DOMWrapperForwardingVisitor final
  Visitor* const visitor_;
 };
-// Visitor purging all DOM wrapper handles.
-class DOMWrapperPurgingVisitor final
-    : public v8::PersistentHandleVisitor,
-      public v8::EmbedderHeapTracer::TracedGlobalHandleVisitor {
- public:
-  explicit DOMWrapperPurgingVisitor(v8::Isolate* isolate)
-      : isolate_(isolate), scope_(isolate) {}
-  void VisitPersistentHandle(v8::Persistent<v8::Value>* value,
-                             uint16_t class_id) final {
-    // TODO(mlippautz): There should be no more v8::Persistent that have a class
-    // id set.
-    VisitHandle(value, class_id);
-  }
-  void VisitTracedGlobalHandle(const v8::TracedGlobal<v8::Value>& value) final {
-    VisitHandle(&value, value.WrapperClassId());
-  }
- private:
-  template <typename T>
-  void VisitHandle(T* value, uint16_t class_id) {
-    if (!IsDOMWrapperClassId(class_id))
-      return;
-    // Clear out wrapper type information, essentially disconnecting the Blink
-    // wrappable from the V8 wrapper. This way, V8 cannot find the C++ object
-    // anymore.
-    int indices[] = {kV8DOMWrapperObjectIndex, kV8DOMWrapperTypeIndex};
-    void* values[] = {nullptr, nullptr};
-    v8::Local<v8::Object> wrapper =
-        v8::Local<v8::Object>::New(isolate_, value->template As<v8::Object>());
-    wrapper->SetAlignedPointerInInternalFields(base::size(indices), indices,
-                                               values);
-  }
-  v8::Isolate* const isolate_;
-  v8::HandleScope scope_;
-};
 }  // namespace
 void V8GCController::TraceDOMWrappers(v8::Isolate* isolate,
@@ -389,15 +349,4 @@ void V8GCController::TraceDOMWrappers(v8::Isolate* isolate,
    tracer->IterateTracedGlobalHandles(&visitor);
 }
-void V8GCController::ClearDOMWrappers(v8::Isolate* isolate) {
-  DOMWrapperPurgingVisitor visitor(isolate);
-  isolate->VisitHandlesWithClassIds(&visitor);
-  v8::EmbedderHeapTracer* tracer =
-      V8PerIsolateData::From(isolate)->GetEmbedderHeapTracer();
-  // There may be no tracer during tear down garbage collections.
-  // Not all threads have a tracer attached.
-  if (tracer)
-    tracer->IterateTracedGlobalHandles(&visitor);
-}
 }  // namespace blink
--- a/third_party/blink/renderer/core/workers/worker_backing_thread.cc
+++ b/third_party/blink/renderer/core/workers/worker_backing_thread.cc
@@ -107,7 +107,6 @@ void WorkerBackingThread::ShutdownOnBackingThread() {
  DCHECK(backing_thread_->IsCurrentThread());
  Platform::Current()->WillStopWorkerThread();
-  V8GCController::ClearDOMWrappers(isolate_);
  V8PerIsolateData::WillBeDestroyed(isolate_);
  backing_thread_->ShutdownOnThread();

--- a/third_party/blink/renderer/platform/heap/thread_state.cc
+++ b/third_party/blink/renderer/platform/heap/thread_state.cc
@@ -1740,10 +1740,13 @@ void ThreadState::MarkPhaseVisitRoots() {
  VisitPersistents(visitor);
-  // Unified garbage collections do not consider DOM wrapper references as
+  // DOM wrapper references from V8 are considered as roots. Exceptions are:
-  // roots. The cross-component references between V8<->Blink are found using
+  // - Unified garbage collections: The cross-component references between
-  // collaborative tracing where both GCs report live references to each other.
+  //   V8<->Blink are found using collaborative tracing where both GCs report
-  if (!IsUnifiedGCMarkingInProgress()) {
+  //   live references to each other.
+  // - Termination GCs that do not care about V8 any longer.
+  if (!IsUnifiedGCMarkingInProgress() &&
+      current_gc_data_.reason != BlinkGC::GCReason::kThreadTerminationGC) {
    VisitDOMWrappers(visitor);
  }