fix(v8-runtime): create snapshot blobs in a helper subprocess to contain a V8 isolate-lifecycle crash#198
Merged
Conversation
…ain a V8 isolate-lifecycle crash rusty_v8 130.0.7 (V8 13.0) can corrupt V8's process-wide wasm code-pointer table when snapshot-creator isolates are created and torn down in-process; the next Isolate::New then SIGSEGVs in WasmCodePointerTable::AllocateUninitializedEntry (root-caused via core dump — this is what killed the full service test suite at the crypto tests). - Snapshot blob creation re-execs the current binary in a hidden helper mode (pre-main ctor on linux/android/macos) and returns the blob over a framed stdio pipe; sessions still restore isolates from cached snapshots (warm spawn latency stays at parity — the interim fresh-isolate mitigation cost +74%). - If the helper fails (unsupported platform, spawn error), sessions degrade to a fresh isolate that evaluates the bridge in-context instead of failing. - Process-wide isolate create/drop serialization + explicit drop_isolate routing; isolate-churn regression test; the V8-heavy TLS pending-write test runs in the isolated subprocess runner. - rusty_v8 upgrade (which supersedes this containment) tracked in ~/.agents/todo/rusty-v8-upgrade.md — the pinned V8 is >1 year behind security releases. Full service suite now completes: 131 passed, 1 environmental failure (/lost+found host-shadow permission), previously SIGSEGV.
Member
Author
|
Stack for rivet-dev/secure-exec
Get stack: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
rusty_v8 130.0.7 (V8 13.0) can corrupt V8's process-wide wasm code-pointer
table when snapshot-creator isolates are created and torn down in-process;
the next Isolate::New then SIGSEGVs in
WasmCodePointerTable::AllocateUninitializedEntry (root-caused via core dump —
this is what killed the full service test suite at the crypto tests).
(pre-main ctor on linux/android/macos) and returns the blob over a framed
stdio pipe; sessions still restore isolates from cached snapshots (warm
spawn latency stays at parity — the interim fresh-isolate mitigation cost
+74%).
a fresh isolate that evaluates the bridge in-context instead of failing.
routing; isolate-churn regression test; the V8-heavy TLS pending-write test
runs in the isolated subprocess runner.
~/.agents/todo/rusty-v8-upgrade.md — the pinned V8 is >1 year behind
security releases.
Full service suite now completes: 131 passed, 1 environmental failure
(/lost+found host-shadow permission), previously SIGSEGV.