fix(swingset): fix GC handling of orphaned objects #3379
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There were two bugs in the kernel's garbage-collection handling of orphaned objects (exports of a vat which is later terminated). * Sending a message to an orphaned vat caused the object's refcount to be incremented, but never decremented again, preventing it from being collected. The root cause was `kernelKeeper.kernelObjectExists` using `.owner` to decide whether the object still exists. Orphaned objects have a `.refcount` but no `.owner`. The fix is to just test `.refcount` instead of `.owner`. #3376 * `kernelKeeper.processRefcounts()` wants to check the `isReachable` flag of the exporting vat, to know whether they need a dropExport message, but orphaned objects have no exporting vat anymore. The check crashed the kernel when it attempted to get a vatKeeper for `undefined`. The immediate fix is to skip this check for orphaned objects, which avoids the crash (#3377). But we still need a fix to delete the refcount=0,0 entry (#3378). closes #3376 closes #3377 refs #3378
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There were two bugs in the kernel's garbage-collection handling of orphaned
objects (exports of a vat which is later terminated).
incremented, but never decremented again, preventing it from being collected.
The root cause was
kernelKeeper.kernelObjectExistsusing.ownerto decidewhether the object still exists. Orphaned objects have a
.refcountbut no.owner. The fix is to just test.refcountinstead of.owner. message to orphaned export causes unbalanced refcount increment #3376kernelKeeper.processRefcounts()wants to check theisReachableflag ofthe exporting vat, to know whether they need a dropExport message, but
orphaned objects have no exporting vat anymore. The check crashed the kernel
when it attempted to get a vatKeeper for
undefined. The immediate fix is toskip this check for orphaned objects, which avoids the crash (decref of orphaned object causes kernel crash #3377). But we
still need a fix to delete the refcount=0,0 entry (orphaned objects are not fully GCed: one refcount key is left in the DB #3378).
closes #3376
closes #3377
refs #3378