Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Garbage Collection as a Joint Venture

Michael Lippautz
March 06, 2018
Research
0
93

Garbage Collection as a Joint Venture

A common problem arising from embedding a virtual machine as a component in a larger software system is the management of references between the VM’s managed heap and the embedder’s heap. Direct references between components allow fast communication, but can result in cycles over component boundaries, making these hybrid systems prone to memory leaks. In this paper we present a design and implementation of a tracing mechanism for effective and efficient garbage collection over component boundaries which is implemented and shipped in Chrome’s JavaScript virtual machine V8 and the Blink rendering engine. Tracing through the C++ heap of Blink poses several challenges on which we elaborate: 1) an abstract visitation mechanism for C++ objects that can be used by the V8 garbage collector, 2) write barriers for C++ objects to reduce pauses through incremental marking, and 3) a mechanism to verify correctness of write barrier usage.

Presented at MoreVMs workshop, Brussels, Belgium, 2017.
https://2017.programming-conference.org/event/morevms-2017-papers-garbage-collection-as-a-joint-venture

Michael Lippautz

March 06, 2018
Tweet

More Decks by Michael Lippautz

See All by Michael Lippautz
Untangling the web: Memory management in Chrome’s web platform implementation
mlippautz
1
410
Cross-Component Garbage Collection
mlippautz
1
36

Other Decks in Research

See All in Research
[Human-AI Decision Making勉強会] 説明の更新はユーザにどのような影響をもたらすか
okoso
1
200
20240209 データを肴に熊本の交通を考える会「車1割削減、渋滞半減、公共交通2倍」をめざし世界に学ぼう
trafficbrain
0
860
Sosiaalisen median katsaus 02/2024
hponka
0
2.7k
20240127_熊本から今いちど真面目に都市交通~めざせ「車1割削減、渋滞半減、公共交通2倍」~ 全国路面電車サミット2024宇都宮
trafficbrain
1
670
継続的な研究費獲得のための考え方
moda0
2
440
リサーチに組織を巻き込むための「準備8割」の話
terasho
0
470
Bridging Continuous and Discrete Spaces: Interpretable Sentence Representation Learning via Compositional Operations
rudorudo11
0
160
インタビューだけじゃない!ユーザーに共感しユーザーの目👀を手に入れるためのインプット
moco1013
0
260
LiDARセキュリティ最前線
kentaroy47
0
280
3D Human Mesh Estimationについていくつかまとめてみた / Survey about 3D Human Mesh Estimation
nttcom
0
220
オープンな日本語埋め込みモデルの選択肢 / Exploring Publicly Available Japanese Embedding Models
nttcom
14
5.6k
Target trial emulationの概要
shuntaros
2
1.2k

Featured

See All Featured
GraphQLとの向き合い方2022年版
quramy
33
12k
10 Git Anti Patterns You Should be Aware of
lemiorhan
649
58k
Building Effective Engineering Teams - LeadDev
addyosmani
32
1.9k
Optimizing for Happiness
mojombo
370
69k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
245
20k
Typedesign – Prime Four
hannesfritz
36
2.1k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
275
13k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
The Mythical Team-Month
searls
216
42k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
Making Projects Easy
brettharned
109
5.5k
Atom: Resistance is Futile
akmur
260
25k

Transcript

  1. Garbage Collection as a Joint Venture Michael Lippautz Ulan Degenbaev,

    Jochen Eisinger, Kentaro Hara, Marcel Hlopko, Hannes Payer Google Inc MoreVMs Workshop, Brussels, 2017

  2. Contents The Web, JavaScript, and Chrome The Cycle Problem Cross-Component

    Garbage Collection Tracing from JS to C++ and back Incremental tracing: Write barriers Correctness Benchmarking / Results

  3. Contents The Web, JavaScript, and Chrome The Cycle Problem Cross-Component

    Garbage Collection Tracing from JS to C++ and back Incremental tracing: Write barriers Correctness Benchmarking / Results- SPOILER: Enabled in Chrome M57 -

  4. The Web, JavaScript, and Chrome

  5. • Document Object Model (DOM) • Cross-platform language-independent representation of

    HTML • Web Interface Definition Language (IDL) • Traditionally encoded as objects in the rendering engine (e.g. Blink) Web - JavaScript - Chrome

  6. Web - JavaScript - Chrome <script type="text/javascript"> var newDiv; function

    createDiv() { newDiv = document.createElement("div"); document.body.appendChild(newDiv); } window.onload = createDiv; </script>

  7. other other V8 (JS VM) other Blink (Renderer) V8 (JS

    VM) Browser Web - JavaScript - Chrome Blink (Renderer) Chrome Idea: Abstraction of the browser into components (and most of the time subcomponents) at runtime

  8. Web - JavaScript - Chrome V8 Embedder / Chrome /

    Blink HTMLDocument HTMLBodyElement HTMLDivElement JSObject (newDiv) String "div" JSObject (document) Bindings JSObject (body)

  9. Bindings: Gluing together V8 and Blink V8 • Managed heap

    for JavaScript objects • Dynamic object layout (shape changes) • Precise GC • Mark-Sweep-Compact Collector ◦ Incremental marking ◦ Concurrent sweeping ◦ Parallel compaction Blink • Managed heap for (most of) the DOM • Static object layout • Precise and conservative GC (until Q1’16 ref counting) • Stop-the-world Mark-Sweep(-Compact) Collector ◦ Incremental sweeping ◦ (Compaction on backing stores of collections)

  10. Bindings: Gluing together V8 and Blink V8 • Managed heap

    for JavaScript objects • Dynamic object layout (shape changes) • Precise GC • Mark-Sweep-Compact Collector ◦ Incremental marking ◦ Concurrent sweeping ◦ Parallel compaction Blink • Managed heap for (most of) the DOM • Static object layout • Precise and conservative GC (until Q1’16 ref counting) • Stop-the-world Mark-Sweep(-Compact) Collector ◦ Incremental sweeping ◦ (Compaction on backing stores of collections) Two very different systems communicating with each other!

  11. The Cycle Problem

  12. The Cycle Problem V8 Embedder / Chrome / Blink HTMLDocument

    HTMLBodyElement HTMLDivElement JSObject (newDiv) String "div" JSObject (document) Bindings JSObject (body)

  13. The Cycle Problem V8 HTMLDivElement Embedder / Chrome / Blink

    JSObject (newDiv)

  14. A B The Cycle Problem

  15. A B The Cycle Problem

  16. A B The Cycle Problem

  17. A B The Cycle Problem cross- component reference

  18. A B The Cycle Problem

  19. B The Cycle Problem A

  20. B The Cycle Problem A root

  21. A B The Cycle Problem

  22. A B The Cycle Problem

  23. A The Cycle Problem B

  24. A The Cycle Problem B

  25. A B The Cycle Problem

  26. The Cycle Problem • Manual breaking of cycles using weak

    references ◦ Not possible when cross-component reference requires object to stay alive Observations • Similar to cycle problem when using reference counts ◦ Lots of algorithms and literature on how to deal with cycles • Cross-component information required to break cycles automatically

  27. Cross-Component Garbage Collection

  28. Cross-Component Garbage Collection Provide and process liveness information across components

    boundaries

  29. Cross-Component Garbage Collection A B It is sufficient to provide

    enough information to break one link of the cycle

  30. Tracing across component boundaries trace :: Object -> [Objects] Return

    all objects that are transitively reachable from a given object

  31. B A Tracing across component boundaries

  32. B A Tracing across component boundaries

  33. B A Tracing across component boundaries

  34. B A Tracing across component boundaries

  35. B A Tracing across component boundaries

  36. V8: Tracing from JavaScript to C++ and back • Batch-based

    communication • Control over when to start tracing V8 exposes an interface that embedders need to implement RegisterReferences([Object]) Allows communicating objects that are entry points into the embedders heap RegisterExternallyReferencedObject(Object) Communicate that Object is reachable through some entry point object AdvanceTracing(deadline, force_completion) Trace objects on the embedder’s heap

  37. Interlude: Incremental Marking • Main thread gets interrupted and marks

    n objects until all live objects are marked • Ingredients: ◦ One marking deque ◦ Three colors ▪ White: unknown ▪ Grey: on marking deque and will be processed ▪ Black: marked ◦ Barriers ensuring consistency ◦ A driver that ensures marking progress Mark JS Mark JS Mark JS Mark JS JS Finalize

  38. Blink: Write Barrier • Preserving strong tri-color invariant ◦ No

    black to white edges • Dijkstra-style write barrier write(Object source, Object value): if (is_tracing && is_marked(source) && !is_marked(value)) mark(value) marking_deque.push(value)

  39. Correctness: C++ Write Barriers Key problem: Not emitting the write

    barrier • Idea: Rely on C++ type system to enforce the barriers • GC pointers: GC-aware smart pointers ◦ Back pointer to object header ◦ Emit barrier on write, (copy) construction, move • Restrict tracing methods to accepting only those GC pointers ◦ Result: Compile failure if raw pointers are used Successfully annotated ~250 fields in the DOM that required a barrier

  40. Benchmarking / Results

  41. Baseline: Object Grouping • Objects are grouped together based on

    rules, e.g., DOM tree • A group is considered as live if one object of the group is alive • Incremental over approximation possible but expensive ◦ Needs to consider live and dead objects • Prone to memory leaks in certain situations

  42. Benchmarking • Real-world workloads using Catapult benchmarking framework • Trace

    every single GC event, e.g. marking, marking finalization, atomic pause • Hypothesis testing using Wilcoxon Rank Sum Test

  43. Average Latency-critical GC Pause significant significant not significant significant not

    significant Wilcoxon Rank Sum Test

  44. Incremental Marking Finalization significant significant significant significant significant Wilcoxon Rank

    Sum Test Potentially last incremental step before atomic pause

  45. Marking Time significant not significant not significant significant not significant

    Wilcoxon Rank Sum Test the tradeoff

  46. Fin. Thank you! chromium.org v8project.org