Skip to content

Loading…

Cleanup vm module memory leakage #3090

Closed
wants to merge 2 commits into from

4 participants

@laverdet

There are some paths here that led to dangling contexts. By being
smarter with handle management we can get rid of all the cleanup code
and fix those issues.

@laverdet laverdet Cleanup vm module memory leakage
There are some paths here that led to dangling contexts. By being
smarter with handle management we can get rid of all the cleanup code
and fix those issues.
6c748cd
@isaacs

It seems like this should either be a Persistent<Context>, and explicitly disposed at some point, or a Local<Context>, and used in the presence of a HandleScope.

This function makes use of both temporary one-time use Context's and persistent Context's.

Oh, you're right. Gah. That's unfortunate.

@isaacs

Why make a Persistent, if you're just going to Dispose it on the next line? This seems a bit unnecessary.

Because Context::New() returns a Persistent and there's nothing I can do about it. You assign it to a Local and then dispose the Persistent so that the HandleScope now controls it.

Forgot to mention that I was tipped off to this by Vyacheslav Egorov:
http://groups.google.com/group/v8-users/browse_thread/thread/c8cdf453ecd3057a

Right, but won't this work just the same, without the extra stuff?

Local<Context> context;

// ...

context = Local<Context>::New(Context::New());

Then you'd have a dangling Persistent reference that was never Dispose()'d

Unless I'm terribly mistaken about how Persistent handles work..

Oh, I see, yes. That's correct.

@isaacs

Well, looks fine to me and doesn't seem to break anything too badly.

@bnoordhuis care to comment? You've also been in and around the vm code somewhat, if memory serves.

@laverdet If it seems like I'm being overly nitpicky, it's only because the vm module is one of the most grimy areas of node, and it's easy for small missteps to result in really subtle issues in other places (as we saw!)

@laverdet

Yeah I understand being picky. I'm not 100% confident about the robustness of this patch, but I feel pretty good about it. All the unit tests pass, but this function does SO MANY THINGS that it's easy to mess up.

@bnoordhuis bnoordhuis commented on an outdated diff
src/node_script.cc
((6 lines not shown))
Local<Array> keys;
if (context_flag == newContext) {
// Create the new context
- context = Context::New();
+ Persistent<Context> tmp = Context::New();
+ context = Local<Context>::New(tmp);
+ tmp.Dispose();
@bnoordhuis Node.js Foundation member

Can you add a comment here explaining why the code looks like that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@isaacs

So, this fixes the errors we were seeing in debug mode. I'm going to land it.

However, @laverdet, test/pummel/test-vm-memleak.js is still failing with this patch. That's not so bad, since it was failing on master without the patch, so it's not making it any worse. But was the intent to make that test pass? Or was this another thing, and I'm mis-remembering?

@isaacs

Landed on 7063575

@isaacs isaacs closed this
@laverdet

@isaacs: This commit was to fix another bug. In some cases when you used the vm module there would be memory leaks, and sometimes those leaks would lead to crashes; those are gone now.

The crash in the pummel test is a different issue. I looked into it and it appears to be a v8 bug which has already been fixed. You can reproduce this easily in v8 3.9.24 (current v8 version in node master) with this quick program:

#include <v8.h>
using namespace v8;

static Handle<Value> thrower(const Arguments& args) {
    TryCatch try_catch;
    Local<Script> script = Script::Compile(String::New("throw 1;"));
    Local<Value> result = script->Run();
    return try_catch.HasCaught() ? try_catch.ReThrow() : result;
}

int main() {
    HandleScope scope;
    Persistent<Context> context = Context::New();
    Context::Scope context_scope(context);
    context->Global()->Set(String::New("thrower"), FunctionTemplate::New(thrower)->GetFunction());
    Local<Script> script = Script::Compile(String::New("for (var ii = 0; ii < 200; ++ii) try { thrower(); } catch(e) {}"));
    script->Run();
    context.Dispose();
    return 0;
}

The same program will not raise errors on bleeding_edge. I stopped researching it when I realized it's fixed in bleeding_edge so I don't know if there's a v8 ticket for it or not, or when it will land in a release. I believe it's a bug in the way v8 handles some AST walking. You can easily "fix" the unit test by changing require('vm').runInNewContext('throw 1;'); to require('vm').runInNewContext('new function() { throw 1; }');. Just putting the throw in a self-calling function is enough to workaround the bug.

@laverdet laverdet referenced this pull request
Closed

Fix top-level v8::Locker #3038

@mfncooper

Any chance we can get the vm memory leak fix back-ported to v0.6? We just ran into this issue in a production system, where the context leaks pile up over time and periodically cause the process to crash. Let me know if there's anything we can do to help get it back-ported.

@bnoordhuis
Node.js Foundation member

@mfncooper I backported the patch in 7865c5c. It'll be in the next v0.6 release.

@mfncooper

Thanks!

@richardlau richardlau pushed a commit to andrewlow/node that referenced this pull request
@rvagg rvagg 2015-10-29, Version 5.0.0 (Stable)
Notable changes:

* buffer: (Breaking) Removed both 'raw' and 'raws' encoding types from Buffer,
  these have been deprecated for a long time (Sakthipriyan Vairamani) #2859.
* console: (Breaking) Values reported by console.time() now have 3 decimals of
  accuracy added (Michaël Zasso) #3166.
* fs:
  - fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also accept a file
    descriptor as their first argument (Johannes Wüller) #3163.
  - (Breaking) In fs.readFile(), if an encoding is specified and the internal
    toString() fails the error is no longer thrown but is passed to the callback
    (Evan Lucas) #3485.
  - (Breaking) In fs.read() (using the fs.read(fd, length, position, encoding,
    callback) form), if the internal toString() fails the error is no longer
    thrown but is passed to the callback (Evan Lucas) #3503.
* http:
  - Fixed a bug where pipelined http requests would stall (Fedor Indutny) #3342.
  - (Breaking) When parsing HTTP, don't add duplicates of the following headers:
    Retry-After, ETag, Last-Modified, Server, Age, Expires. This is in addition
    to the following headers which already block duplicates: Content-Type,
    Content-Length, User-Agent, Referer, Host, Authorization,
    Proxy-Authorization, If-Modified-Since, If-Unmodified-Since, From, Location,
    Max-Forwards (James M Snell) #3090.
  - (Breaking) The callback argument to OutgoingMessage#setTimeout() must be a
    function or a TypeError is thrown (James M Snell) #3090.
  - (Breaking) HTTP methods and header names must now conform to the RFC 2616
    "token" rule, a list of allowed characters that excludes control characters
    and a number of separator characters. Specifically, methods and header names
    must now match /^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/ or a TypeError will be thrown
    (James M Snell) #2526.
* node:
  - (Breaking) Deprecated the _linklist module (Rich Trott) #3078.
  - (Breaking) Removed require.paths and require.registerExtension(), both had
    been previously set to throw Error when accessed
    (Sakthipriyan Vairamani) #2922.
* npm: Upgraded to version 3.3.6 from 2.14.7, see
  https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a
  major version bump for npm and it has seen a significant amount of change.
  Please see the original npm v3.0.0 release notes for a list of major changes
  (Rebecca Turner) #3310.
* src: (Breaking) Bumped NODE_MODULE_VERSION to 47 from 46, this is necessary
  due to the V8 upgrade. Native add-ons will need to be recompiled
  (Rod Vagg) #3400.
* timers: Attempt to reuse the timer handle for setTimeout().unref(). This fixes
  a long-standing known issue where unrefed timers would perviously hold
  beforeExit open (Fedor Indutny) #3407.
* tls:
  - Added ALPN Support (Shigeki Ohtsu) #2564.
  - TLS options can now be passed in an object to createSecurePair()
    (Коренберг Марк) #2441.
  - (Breaking) The default minimum DH key size for tls.connect() is now 1024
    bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new minDHSize TLS
    option can be used to override the default. (Shigeki Ohtsu) #1831.
* util:
  - (Breaking) util.p() was deprecated for years, and has now been removed
    (Wyatt Preul) #3432.
  - (Breaking) util.inherits() can now work with ES6 classes. This is considered
    a breaking change because of potential subtle side-effects caused by a
    change from directly reassigning the prototype of the constructor using
    `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })`
    to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)`
    (Michaël Zasso) #3455.
* v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) #3351.
  - Implements the spread operator, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator
    for further information.
  - Implements new.target, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target
    for further information.
* zlib: Decompression now throws on truncated input (e.g. unexpected end of
  file) (Yuval Brik) #2595.

PR-URL: nodejs/node#3466
837b174
@richardlau richardlau pushed a commit to andrewlow/node that referenced this pull request
@rvagg rvagg 2015-10-29, Version 5.0.0 (Stable)
Notable changes:

* buffer: (Breaking) Removed both 'raw' and 'raws' encoding types from Buffer,
  these have been deprecated for a long time (Sakthipriyan Vairamani) #2859.
* console: (Breaking) Values reported by console.time() now have 3 decimals of
  accuracy added (Michaël Zasso) #3166.
* fs:
  - fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also accept a file
    descriptor as their first argument (Johannes Wüller) #3163.
  - (Breaking) In fs.readFile(), if an encoding is specified and the internal
    toString() fails the error is no longer thrown but is passed to the callback
    (Evan Lucas) #3485.
  - (Breaking) In fs.read() (using the fs.read(fd, length, position, encoding,
    callback) form), if the internal toString() fails the error is no longer
    thrown but is passed to the callback (Evan Lucas) #3503.
* http:
  - Fixed a bug where pipelined http requests would stall (Fedor Indutny) #3342.
  - (Breaking) When parsing HTTP, don't add duplicates of the following headers:
    Retry-After, ETag, Last-Modified, Server, Age, Expires. This is in addition
    to the following headers which already block duplicates: Content-Type,
    Content-Length, User-Agent, Referer, Host, Authorization,
    Proxy-Authorization, If-Modified-Since, If-Unmodified-Since, From, Location,
    Max-Forwards (James M Snell) #3090.
  - (Breaking) The callback argument to OutgoingMessage#setTimeout() must be a
    function or a TypeError is thrown (James M Snell) #3090.
  - (Breaking) HTTP methods and header names must now conform to the RFC 2616
    "token" rule, a list of allowed characters that excludes control characters
    and a number of separator characters. Specifically, methods and header names
    must now match /^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/ or a TypeError will be thrown
    (James M Snell) #2526.
* node:
  - (Breaking) Deprecated the _linklist module (Rich Trott) #3078.
  - (Breaking) Removed require.paths and require.registerExtension(), both had
    been previously set to throw Error when accessed
    (Sakthipriyan Vairamani) #2922.
* npm: Upgraded to version 3.3.6 from 2.14.7, see
  https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a
  major version bump for npm and it has seen a significant amount of change.
  Please see the original npm v3.0.0 release notes for a list of major changes
  (Rebecca Turner) #3310.
* src: (Breaking) Bumped NODE_MODULE_VERSION to 47 from 46, this is necessary
  due to the V8 upgrade. Native add-ons will need to be recompiled
  (Rod Vagg) #3400.
* timers: Attempt to reuse the timer handle for setTimeout().unref(). This fixes
  a long-standing known issue where unrefed timers would perviously hold
  beforeExit open (Fedor Indutny) #3407.
* tls:
  - Added ALPN Support (Shigeki Ohtsu) #2564.
  - TLS options can now be passed in an object to createSecurePair()
    (Коренберг Марк) #2441.
  - (Breaking) The default minimum DH key size for tls.connect() is now 1024
    bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new minDHSize TLS
    option can be used to override the default. (Shigeki Ohtsu) #1831.
* util:
  - (Breaking) util.p() was deprecated for years, and has now been removed
    (Wyatt Preul) #3432.
  - (Breaking) util.inherits() can now work with ES6 classes. This is considered
    a breaking change because of potential subtle side-effects caused by a
    change from directly reassigning the prototype of the constructor using
    `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })`
    to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)`
    (Michaël Zasso) #3455.
* v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) #3351.
  - Implements the spread operator, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator
    for further information.
  - Implements new.target, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target
    for further information.
* zlib: Decompression now throws on truncated input (e.g. unexpected end of
  file) (Yuval Brik) #2595.

PR-URL: nodejs/node#3466
384e6c2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 11, 2012
  1. @laverdet

    Cleanup vm module memory leakage

    laverdet committed
    There are some paths here that led to dangling contexts. By being
    smarter with handle management we can get rid of all the cleanup code
    and fix those issues.
Commits on Apr 19, 2012
  1. @laverdet
Showing with 10 additions and 20 deletions.
  1. +10 −20 src/node_script.cc
View
30 src/node_script.cc
@@ -348,12 +348,18 @@ Handle<Value> WrappedScript::EvalMachine(const Arguments& args) {
display_error = true;
}
- Persistent<Context> context;
+ Handle<Context> context = Context::GetCurrent();
Local<Array> keys;
if (context_flag == newContext) {
// Create the new context
- context = Context::New();
+ // Context::New returns a Persistent<Context>, but we only need it for this
+ // function. Here we grab a temporary handle to the new context, assign it
+ // to a local handle, and then dispose the persistent handle. This ensures
+ // that when this function exits the context will be disposed.
+ Persistent<Context> tmp = Context::New();
+ context = Local<Context>::New(tmp);
+ tmp.Dispose();
} else if (context_flag == userContext) {
// Use the passed in context
@@ -361,11 +367,10 @@ Handle<Value> WrappedScript::EvalMachine(const Arguments& args) {
context = nContext->GetV8Context();
}
+ Context::Scope context_scope(context);
+
// New and user context share code. DRY it up.
if (context_flag == userContext || context_flag == newContext) {
- // Enter the context
- context->Enter();
-
// Copy everything from the passed in sandbox (either the persistent
// context for runInContext(), or the sandbox arg to runInNewContext()).
CloneObject(args.This(), sandbox, context->Global()->GetPrototype());
@@ -407,11 +412,6 @@ Handle<Value> WrappedScript::EvalMachine(const Arguments& args) {
if (output_flag == returnResult) {
result = script->Run();
if (result.IsEmpty()) {
- if (context_flag == newContext) {
- context->DetachGlobal();
- context->Exit();
- context.Dispose();
- }
return try_catch.ReThrow();
}
} else {
@@ -429,16 +429,6 @@ Handle<Value> WrappedScript::EvalMachine(const Arguments& args) {
CloneObject(args.This(), context->Global()->GetPrototype(), sandbox);
}
- if (context_flag == newContext) {
- // Clean up, clean up, everybody everywhere!
- context->DetachGlobal();
- context->Exit();
- context.Dispose();
- } else if (context_flag == userContext) {
- // Exit the passed in context.
- context->Exit();
- }
-
return result == args.This() ? result : scope.Close(result);
}
Something went wrong with that request. Please try again.