SpiderMonkey Garbage Collection Tips

  • Revision slug: SpiderMonkey_Garbage_Collection_Tips
  • Revision title: SpiderMonkey Garbage Collection Tips
  • Revision id: 373829
  • Created:
  • Creator: ethertank
  • Is current revision? No
  • Comment lineNumber

Revision Content

Tips on avoiding Garbage Collector pitfalls

  1. Use predefined local roots.

    In a JSNative, the elements of argv are roots for the duration of the call. You can assign temporary values to those array elements; in fact it is very good practice to do so. JS_ConvertArguments does this.

    argv{{mediawiki.external(-1)}} is also a root; it initially roots the obj argument (a.k.a. this) and can be used to root a conversion of obj to a different object, or a new object created to replace obj.

    *rval is also a root.

  2. Define more local roots if you need them.

    Initialize the extra member of JSFunctionSpec to the number of local roots ("extra args") you need, then use argv{{mediawiki.external('argc')}}, argv{{mediawiki.external('argc+1')}}, etc.

    For JSNatives, the nargs member of JSFunctionSpec tells the engine to provide at least that many args, so you can generally hardwire the local root indices (argv{{mediawiki.external(3)}} rather than argv{{mediawiki.external('argc')}}). If more arguments are passed and you don't care (you aren't writing a varargs-style function), you can just overwrite the extra arguments with the locally rooted jsvals.

    JSFastNatives cannot ask for extra local roots, and the nargs guarantee does not apply to them.

  3. Root as you go to avoid newborn pigeon-hole problems:

    JSString *str1, *str2;
    
    /* Bad! */
    str1 = JS_ValueToString(cx, argv[0]);
    if (!str1) return JS_FALSE;
    str2 = JS_ValueToString(cx, argv[1]);
    if (!str2) return JS_FALSE;
    SomethingThatMightCallTheGC();
    
    /* Good! */
    str1 = JS_ValueToString(cx, argv[0]);
    if (!str1) return JS_FALSE;
    argv[0] = STRING_TO_JSVAL(str1);
    
    str2 = JS_ValueToString(cx, argv[1]);
    if (!str2) return JS_FALSE;
    argv[1] = STRING_TO_JSVAL(str2);
    
    SomethingThatMightCallTheGC();
    
  4. Beware {{Bug(438633)}}. Code that uses JS_CompileScript, JS_CompileFile, or JS_CompileFileHandle must root the new script as described in the JSAPI User Guide under Compiled scripts.

  5. Avoid malloc'ing temporary storage that contains unrooted jsvals:

    /* Bad! */
    jsint i, len;
    jsval *vec;
    JSString *str;
    JSObject *myArrayObj;
    
    len = NumberOfNativeStrings();
    vec = JS_malloc(cx, len * sizeof(jsval));
    if (!vec) return JS_FALSE;
    for (i = 0; i < len; i++) {
        str = JS_NewStringCopyZ(cx, GetNativeString(i));
        if (!str) {
            JS_free(cx, vec);
            return JS_FALSE;
        }
        vec[i] = STRING_TO_JSVAL(str);
    }
    myArrayObj = JS_NewArrayObject(cx, len, vec);
    JS_free(cx, vec);
    if (!myArrayObj) return JS_FALSE;
    OtherStuffThatMightGC();
    *rval = OBJECT_TO_JSVAL(myArrayObj);
    
    /* Good! */
    JSObject *myArrayObj;
    jsint i, len;
    JSString *str;
    jsval val;
    
    myArrayObj = JS_NewArrayObject(cx, 0, NULL);
    if (!myArrayObj) return JS_FALSE;
    *rval = OBJECT_TO_JSVAL(myArrayObj);
    len = NumberOfNativeStrings();
    for (i = 0; i < len; i++) {
        str = JS_NewStringCopyZ(cx, GetNativeString(i));
        if (!str) return JS_FALSE;
        val = STRING_TO_JSVAL(str);
        if (!JS_SetElement(cx, myArrayObj, i, &val))
            return JS_FALSE;
    }
    OtherStuffThatMightGC();
    

    Note that this example also shows tip #3 (root as you go).

  6. Follow the request model in multithreaded applications. See JS_THREADSAFE. If you don't follow those rules scrupulously, GC could occur on one thread while another thread is in the JavaScript interpreter or otherwise handling JavaScript pointers. (The GC is not designed to handle that and it will crash.)

  7. Don't run the GC at arbitrary times. You can run the GC after some number of scripts, from a branch callback, or from a "GC thread" that wakes up periodically, for example. Beware realtime effects! Just how sensitive are you to latency?

How to Dump the GC Heap

Using these steps you can find all the GC'able items and what they're linked to.

Note: In SpiderMonkey 1.8, these features are being replaced with a new function, JS_DumpHeap.

Steps

  • Define GC_MARK_DEBUG in the project that builds the SpiderMonkey Files
  • Add code similar to the following around your call to JS_GC
extern "C" FILE* js_DumpGCHeap;

js_DumpGCHeap = fopen("c:\\jsds-roots.txt", "w");

JS_GC((*i)->jsc);

fclose(js_DumpGCHeap);

js_DumpGCHeap = NULL;

Interpreting the results

Results will come out like the following:

061f6810 object 06202ED8 Root via global object(Root @ 0x061f6810).

This points that the JSObject (0x061f6810) with private data (0x06202ED8) and class name "Root" is referenced by the global object (cx->globalObject).

Hints

  • In order to filter results you must edit the function gc_dump_thing in jsgc.c. As an example, adding the following to the top of the method will filter out strings:
if(flags & GCX_STRING)
    return;

Original Document Information

Revision Source

<h2 id="Tips_on_avoiding_Garbage_Collector_pitfalls" name="Tips_on_avoiding_Garbage_Collector_pitfalls">Tips on avoiding Garbage Collector pitfalls</h2>
<ol>
  <li>
    <p><b>Use predefined local roots.</b></p>
    <p>In a <code><a href="/en-US/docs/JSNative">JSNative</a></code>, the elements of <code>argv</code> are roots for the duration of the call. You can assign temporary values to those array elements; in fact it is very good practice to do so. <code><a href="/en-US/docs/JS_ConvertArguments">JS_ConvertArguments</a></code> does this.</p>
    <p><code>argv{{mediawiki.external(-1)}}</code> is also a root; it initially roots the <code>obj</code> argument (a.k.a. <code>this</code>) and can be used to root a conversion of <code>obj</code> to a different object, or a new object created to replace <code>obj</code>.</p>
    <p><code>*rval</code> is also a root.</p>
  </li>
  <li>
    <p><b>Define more local roots if you need them.</b></p>
    <p>Initialize the <code>extra</code> member of <code>JSFunctionSpec</code> to the number of local roots ("extra args") you need, then use <code>argv{{mediawiki.external('argc')}}</code>, <code>argv{{mediawiki.external('argc+1')}}</code>, etc.</p>
    <p>For <code><a href="/en-US/docs/JSNative">JSNative</a></code>s, the <code>nargs</code> member of <code><a href="/en-US/docs/JSFunctionSpec">JSFunctionSpec</a></code> tells the engine to provide at least that many args, so you can generally hardwire the local root indices (argv{{mediawiki.external(3)}} rather than argv{{mediawiki.external('argc')}}). If more arguments are passed and you don't care (you aren't writing a varargs-style function), you can just overwrite the extra arguments with the locally rooted jsvals.</p>
    <p><code><a href="/en-US/docs/JSFastNative">JSFastNative</a></code>s cannot ask for extra local roots, and the <code>nargs</code> guarantee does not apply to them.</p>
  </li>
  <li>
    <p><b>Root as you go</b> to avoid newborn pigeon-hole problems:</p>
<pre class="brush:text">
JSString *str1, *str2;

/* Bad! */
str1 = JS_ValueToString(cx, argv[0]);
if (!str1) return JS_FALSE;
str2 = JS_ValueToString(cx, argv[1]);
if (!str2) return JS_FALSE;
SomethingThatMightCallTheGC();

/* Good! */
str1 = JS_ValueToString(cx, argv[0]);
if (!str1) return JS_FALSE;
argv[0] = STRING_TO_JSVAL(str1);

str2 = JS_ValueToString(cx, argv[1]);
if (!str2) return JS_FALSE;
argv[1] = STRING_TO_JSVAL(str2);

SomethingThatMightCallTheGC();
</pre>
  </li>
  <li>
    <p><b>Beware {{Bug(438633)}}.</b> Code that uses <code><a href="/en-US/docs/JS_CompileScript">JS_CompileScript</a></code>, <code><a href="/en-US/docs/JS_CompileFile">JS_CompileFile</a></code>, or <code><a href="/en-US/docs/JS_CompileFileHandle">JS_CompileFileHandle</a></code> must root the new script as described in the JSAPI User Guide under <a href="/en-US/docs/JSAPI_User_Guide#Compiled_scripts">Compiled scripts</a>.</p>
  </li>
  <li>
    <p>Avoid malloc'ing temporary storage that contains unrooted jsvals:</p>
<pre class="brush:text">
/* Bad! */
jsint i, len;
jsval *vec;
JSString *str;
JSObject *myArrayObj;

len = NumberOfNativeStrings();
vec = JS_malloc(cx, len * sizeof(jsval));
if (!vec) return JS_FALSE;
for (i = 0; i &lt; len; i++) {
    str = JS_NewStringCopyZ(cx, GetNativeString(i));
    if (!str) {
        JS_free(cx, vec);
        return JS_FALSE;
    }
    vec[i] = STRING_TO_JSVAL(str);
}
myArrayObj = JS_NewArrayObject(cx, len, vec);
JS_free(cx, vec);
if (!myArrayObj) return JS_FALSE;
OtherStuffThatMightGC();
*rval = OBJECT_TO_JSVAL(myArrayObj);

/* Good! */
JSObject *myArrayObj;
jsint i, len;
JSString *str;
jsval val;

myArrayObj = JS_NewArrayObject(cx, 0, NULL);
if (!myArrayObj) return JS_FALSE;
*rval = OBJECT_TO_JSVAL(myArrayObj);
len = NumberOfNativeStrings();
for (i = 0; i &lt; len; i++) {
    str = JS_NewStringCopyZ(cx, GetNativeString(i));
    if (!str) return JS_FALSE;
    val = STRING_TO_JSVAL(str);
    if (!JS_SetElement(cx, myArrayObj, i, &amp;val))
        return JS_FALSE;
}
OtherStuffThatMightGC();
</pre>
    <p>Note that this example also shows tip #3 (root as you go).</p>
  </li>
  <li>
    <p><b>Follow the request model in multithreaded applications.</b> See <code><a href="/en-US/docs/JS_THREADSAFE">JS_THREADSAFE</a></code>. If you don't follow those rules scrupulously, GC could occur on one thread while another thread is in the JavaScript interpreter or otherwise handling JavaScript pointers. (The GC is not designed to handle that and it will crash.)</p>
  </li>
  <li>
    <p><b>Don't run the GC at arbitrary times.</b> You can run the GC after some number of scripts, from a <a href="/en-US/docs/JS_SetBranchCallback">branch callback</a>, or from a "GC thread" that wakes up periodically, for example. Beware realtime effects! Just how sensitive are you to latency?</p>
  </li>
</ol>
<h2 id="How_to_Dump_the_GC_Heap" name="How_to_Dump_the_GC_Heap">How to Dump the GC Heap</h2>
<p>Using these steps you can find all the GC'able items and what they're linked to.</p>
<div class="note">
  <b>Note:</b> In SpiderMonkey 1.8, these features are being replaced with a new function, <code><a href="/en-US/docs/JS_DumpHeap">JS_DumpHeap</a></code>.</div>
<h3 id="Steps" name="Steps">Steps</h3>
<ul>
  <li>Define GC_MARK_DEBUG in the project that builds the SpiderMonkey Files</li>
  <li>Add code similar to the following around your call to JS_GC</li>
</ul>
<pre class="brush:text">
extern "C" FILE* js_DumpGCHeap;

js_DumpGCHeap = fopen("c:\\jsds-roots.txt", "w");

JS_GC((*i)-&gt;jsc);

fclose(js_DumpGCHeap);

js_DumpGCHeap = NULL;
</pre>
<h3 id="Interpreting_the_results" name="Interpreting_the_results">Interpreting the results</h3>
<p>Results will come out like the following:</p>

<pre class="brush:text">
061f6810 object 06202ED8 Root via global object(Root @ 0x061f6810).</pre>
<p>This points that the JSObject (0x061f6810) with private data (0x06202ED8) and class name "Root" is referenced by the global object (cx-&gt;globalObject).</p>
<h3 id="Hints" name="Hints">Hints</h3>
<ul>
  <li>In order to filter results you must edit the function gc_dump_thing in jsgc.c. As an example, adding the following to the top of the method will filter out strings:</li>
</ul>

<pre class="brush:text">
if(flags &amp; GCX_STRING)
    return;
</pre>
<div class="originaldocinfo">
  <h2 id="Original_Document_Information" name="Original_Document_Information">Original Document Information</h2>
  <ul>
    <li>Author: <a class="link-mailto" href="mailto:rginda@netscape.com">Robert Ginda</a></li>
    <li>Contributor: <a class="link-mailto" href="mailto:thehesiod@gmail.com">Alex Mohr</a></li>
    <li>Last Updated Date: January 3, 2005</li>
    <li>Copyright Information: Copyright (C) <a class="link-mailto" href="mailto:rginda@netscape.com">Robert Ginda</a></li>
  </ul>
</div>
Revert to this revision