On Tue, Oct 24, 2017 at 10:17 PM, 'Kenton Varda' via v8-users <v8-users@googlegroups.com> wrote: > Hi v8-users, > > It appears that in some cases V8 will abort the process when it runs out of > heap space rather than throw a JS exception. The behavior can be overridden > by registering an OOM callback, but if that callback returns without > aborting, it seems V8 promptly crashes. > > It seems like some code paths are designed to handle OOM gracefully, but > others aren't. > > For my use case, it's pretty important that a malicious script cannot cause > the process to abort, since our processes are multi-tenant. Ideally OOM > would throw an exception, but terminating the isolate is also acceptable, as > long as other isolates can keep going. > > Is there any way to accomplish this?
No. Graceful handling of OOM conditions is not one of V8's design goals. > For example, what if I compile with C++ exceptions enabled, and have my OOM > handler throw an exception, hence unwinding the stack back to where I > entered V8. Then, I promptly destroy the isolate. Would that work? No. It would end very badly. V8 is not exception-safe. > Or, is there some trick to making V8 less crashy on OOM, aside from going > through and fixing all the code paths that crash (which probably isn't > feasible for me)? No tricks, no. The best you can do is monitor memory usage and call `Isolate::TerminateExecution()` when it gets too high but that won't be 100% reliable; OOM conditions in C++ code will still be fatal. Probably not the answers you were hoping for but there it is. -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
