Running in a separate process space doesn't work very well if you want any custom function callbacks you might have hooked into v8 to be able to access or manipulate data that might be used by the rest of your application, since each process has no access to your main application's data space.
On Monday, June 4, 2018 at 7:15:48 PM UTC-7, Zac Hansen wrote: > > Every time this question is asked, the answer always seems to be "run it > in a separate process space." There is no way to reliably protect / > detect and recover from memory issues in V8. There's usually a "patches > welcome as long as it has no affect on performance" at the end. > > > > On Monday, June 4, 2018 at 3:35:58 AM UTC-7, Prakash Bailkeri wrote: >> >> Hello V8-Experts, >> >> I am working on a project where I need to run untrusted user provided >> javascript. I am worried about faulty user script bringing down the entire >> application by hogging memory. So, idea is to implement budgeting of heap >> memory for each javascript. >> >> I looked at different projects that tried to solve the process exit due >> to OOM error. Few ideas that collected are >> 1. Running separate thread and RequestInterrupt. In interrupt >> routine, using GetHeapStatistics to check heap usage. >> https://github.com/phpv8/v8js/blob/php7/v8js_timer.cc#L36:13 >> 2. Using AddGCEpilogueCallback and GetHeapStatistics >> >> https://github.com/discourse/mini_racer/blob/master/ext/mini_racer_extension/mini_racer_extension.cc#L194:13 >> >> I am worried about the overhead and performance impact of these >> approaches. >> >> Recently, following commit introduced "AddNearHeapLimitCallback". >> >> Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=824214 >> Commit: >> https://chromium.googlesource.com/v8/v8/+/84a80e103b090f35334fe2d168ece17489395417 >> >> I tried using this API in my sample program to detect OOM and dispose the >> isolate executing faulty script. [Please see below for the sample program] >> My experiment *detected* the OOM error and terminated the faulty script. >> >> I have few questions regarding this API: >> 1. Are there any caveats in using this API? How reliably it detects the >> OOM condition? Are there scenarios in which it will fail to detect the OOM? >> 2. In the sample code below, in function, "MyNearHeapLimitCallback": I >> am terminating the execution and returning the new heap limit by adding >> 5MB. If I return the initial_heap_limit as is (i.e. without adding 5 >> MB), the faulty script will make my application crash with OOM. Why? >> 3. When the AddNearHeapLimitCallback is being called, I assume that the >> javascript execution is paused. Is this a correct understanding? >> >> Thanks, Prakash >> >> >> ==== Sample program == >> >> size_t MyNearHeapLimitCallback(void* data, size_t current_heap_limit, >> size_t initial_heap_limit) { >> v8::Isolate *isolate = (v8::Isolate *)data; >> isolate->TerminateExecution(); >> return initial_heap_limit + 5 * 1024 * 1024; >> } >> >> >> int main(int argc, char* argv[]) { >> v8::V8::InitializeICUDefaultLocation(argv[0]); >> v8::V8::InitializeExternalStartupData(argv[0]); >> std::unique_ptr<v8::Platform> platform = >> v8::platform::NewDefaultPlatform(); >> v8::V8::InitializePlatform(platform.get()); >> v8::V8::Initialize(); >> while(true) { >> v8::Isolate::CreateParams create_params; >> create_params.array_buffer_allocator = >> v8::ArrayBuffer::Allocator::NewDefaultAllocator(); >> v8::ResourceConstraints constraints; >> constraints.set_max_old_space_size(10); >> create_params.constraints = constraints; >> v8::Isolate* isolate = v8::Isolate::New(create_params); >> isolate->AddNearHeapLimitCallback(MyNearHeapLimitCallback, isolate); >> { >> v8::Isolate::Scope isolate_scope(isolate); >> v8::HandleScope handle_scope(isolate); >> v8::Local<v8::Context> context = v8::Context::New(isolate); >> v8::Context::Scope context_scope(context); >> v8::Local<v8::String> source = >> v8::String::NewFromUtf8(isolate, "a = []; for (;;) { >> a.push('hello'); }", >> v8::NewStringType::kNormal) >> .ToLocalChecked(); >> >> v8::Local<v8::Script> script = v8::Script::Compile(context, >> source).ToLocalChecked(); >> >> v8::TryCatch try_catch(isolate); >> v8::MaybeLocal<v8::Value> result; >> result = script->Run(context); >> if (try_catch.HasCaught() && try_catch.HasTerminated()) { >> isolate->CancelTerminateExecution(); >> } >> } >> delete create_params.array_buffer_allocator; >> isolate->Dispose(); >> } >> v8::V8::Dispose(); >> v8::V8::ShutdownPlatform(); >> return 0; >> } >> > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
