3eb6b7aca6
The debugger maintains a stack of promises used for catch prediction
with promise builtins and async functions. Previously this stack would
hold on to the individual promises strongly, and subtle bugs that lead
to not properly cleaning up the stack in some corner cases would often
lead to significant memory issues (e.g. leaking whole iframes).
This refactors the PromiseOnStack to be
(a) on the V8 heap, rather than allocating C++ structs with global
handles pointing to the promises, and
(b) hold on to the promises only weakly.
While this will not guarantee proper promise stack management, it will
at least ensure that edge cases don't lead to catastrophic (debugger
only) leaks.
Bug: chromium:1292063
Change-Id: I9c293ca2032de3a59e1e9624f132d37187805567
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545176
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79594}
|
||
|---|---|---|
| .. | ||
| bazel | ||
| cfi | ||
| clusterfuzz | ||
| cppgc | ||
| debug_helper | ||
| dev | ||
| gcmole | ||
| generate_shim_headers | ||
| heap-layout | ||
| heap-stats | ||
| ignition | ||
| js | ||
| jsfunfuzz | ||
| link_clicker.extension | ||
| mb | ||
| memory | ||
| msan | ||
| perf | ||
| profview | ||
| release | ||
| sanitizers | ||
| snapshot | ||
| system-analyzer | ||
| testrunner | ||
| toolchain | ||
| torque | ||
| tracing/proto-converter | ||
| turbolizer | ||
| ubsan | ||
| unittests | ||
| v8.xcodeproj | ||
| v8windbg | ||
| valgrind/asan | ||
| vim | ||
| visual_studio | ||
| wasm | ||
| wasm-compilation-hints | ||
| zone-stats | ||
| __init__.py | ||
| adb-d8.py | ||
| android-build.sh | ||
| android-ll-prof.sh | ||
| android-run.py | ||
| android-sync.sh | ||
| arguments.mjs | ||
| avg.py | ||
| bash-completion.sh | ||
| bigint-tester.py | ||
| BUILD.gn | ||
| callstats_groups.py | ||
| callstats-from-telemetry.sh | ||
| callstats.html | ||
| callstats.py | ||
| callstats.py.vpython | ||
| check-inline-includes.sh | ||
| check-static-initializers.sh | ||
| check-unused-bailouts.sh | ||
| check-unused-symbols.sh | ||
| codemap.mjs | ||
| collect_deprecation_stats.sh | ||
| compare_torque_output.py | ||
| compare-table-gen.js | ||
| consarray.mjs | ||
| cpu.sh | ||
| cross_build_gcc.sh | ||
| csvparser.mjs | ||
| DEPS | ||
| detect-builtins.js | ||
| disasm.py | ||
| draw_instruction_graph.sh | ||
| dump-cpp.py | ||
| dumpcpp-driver.mjs | ||
| dumpcpp.mjs | ||
| eval_gc_nvp.py | ||
| eval_gc_time.sh | ||
| find_depot_tools.py | ||
| find-builtin | ||
| find-commit-for-patch.py | ||
| freebsd-tick-processor | ||
| fuzz-harness.sh | ||
| gc_nvp_common.py | ||
| gc-nvp-to-csv.py | ||
| gc-nvp-trace-processor.py | ||
| gdb-v8-support.py | ||
| gdbinit | ||
| gen-inlining-tests.py | ||
| gen-keywords-gen-h.py | ||
| gen-postmortem-metadata.py | ||
| gen-v8-gn.py | ||
| generate-builtins-tests.py | ||
| generate-header-include-checks.py | ||
| generate-runtime-call-stats.py | ||
| generate-ten-powers.scm | ||
| get_landmines.py | ||
| grokdump.py | ||
| ic-processor | ||
| ic-processor-driver.mjs | ||
| index.html | ||
| linux-tick-processor | ||
| ll_prof.py | ||
| lldb_commands.py | ||
| locs.py | ||
| logreader.mjs | ||
| mac-nm | ||
| mac-tick-processor | ||
| Makefile.tags | ||
| objdump-v8 | ||
| OWNERS | ||
| package-lock.json | ||
| package.json | ||
| parse-processor | ||
| parse-processor-driver.mjs | ||
| parse-processor.html | ||
| parse-processor.mjs | ||
| perf-compare.py | ||
| predictable_wrapper.py | ||
| PRESUBMIT.py | ||
| process-wasm-compilation-times.py | ||
| profile_view.js | ||
| profile_view.mjs | ||
| profile.mjs | ||
| README.md | ||
| regexp-sequences.py | ||
| run_perf.py | ||
| run-clang-tidy.py | ||
| run-llprof.sh | ||
| run-num-fuzzer.py | ||
| run-perf.sh | ||
| run-tests.py | ||
| run-wasm-api-tests.py | ||
| run.py | ||
| shell-utils.h | ||
| sourcemap.mjs | ||
| splaytree.mjs | ||
| stats-viewer.py | ||
| test262-results-parser.js | ||
| tickprocessor-driver.mjs | ||
| tickprocessor.mjs | ||
| try_perf.py | ||
| turbolizer-perf.py | ||
| update-object-macros-undef.py | ||
| v8_presubmit.py | ||
| v8heapconst.py | ||
| whitespace.txt | ||
| windbg.js | ||
| windows-tick-processor.bat | ||
| wpr.wprp | ||
TOOLS
This directory contains debugging and investigation tools for V8.
The contents are regularly mirrored to http://v8.dev/tools.
Local Development
For local development you have to start a local webserver under http://localhost:8000:
cd tools/;
npm install;
ws;
Local Symbol Server
The system-analyzer can symbolize profiles for local binaries by running a local symbol server
cd tools/;
ws --stack system-analyzer/lws-middleware.js lws-static cors;
Note that the local symbol server will run nm and objdump and has access to
your files.