To be perfectly honest, this seems rather pointless to terminate the process in this way.
If, in fact, a process were legitimately using too much memory, the underlying operating system should be entirely capable of killing it anyways. Having v8 do so of its own accord instead of simply returning an error condition that could be detected by an embedded application as an out of memory condition with the v8 engine seems superfluous at best, and completely unusable for many purposes at worst. On Tuesday, October 24, 2017 at 1:44:59 PM UTC-7, Ben Noordhuis wrote: > > On Tue, Oct 24, 2017 at 10:17 PM, 'Kenton Varda' via v8-users > <v8-u...@googlegroups.com <javascript:>> wrote: > > Hi v8-users, > > > > It appears that in some cases V8 will abort the process when it runs out > of > > heap space rather than throw a JS exception. The behavior can be > overridden > > by registering an OOM callback, but if that callback returns without > > aborting, it seems V8 promptly crashes. > > > > It seems like some code paths are designed to handle OOM gracefully, but > > others aren't. > > > > For my use case, it's pretty important that a malicious script cannot > cause > > the process to abort, since our processes are multi-tenant. Ideally OOM > > would throw an exception, but terminating the isolate is also > acceptable, as > > long as other isolates can keep going. > > > > Is there any way to accomplish this? > > No. Graceful handling of OOM conditions is not one of V8's design goals. > > > For example, what if I compile with C++ exceptions enabled, and have my > OOM > > handler throw an exception, hence unwinding the stack back to where I > > entered V8. Then, I promptly destroy the isolate. Would that work? > > No. It would end very badly. V8 is not exception-safe. > > > Or, is there some trick to making V8 less crashy on OOM, aside from > going > > through and fixing all the code paths that crash (which probably isn't > > feasible for me)? > > No tricks, no. The best you can do is monitor memory usage and call > `Isolate::TerminateExecution()` when it gets too high but that won't > be 100% reliable; OOM conditions in C++ code will still be fatal. > > Probably not the answers you were hoping for but there it is. > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
