Skip to content

fix(v8-runtime): create snapshot blobs in a helper subprocess to contain a V8 isolate-lifecycle crash#198

Merged
NathanFlurry merged 1 commit into
mainfrom
stack/fix-v8-runtime-create-snapshot-blobs-in-a-helper-subprocess-to-contain-a-v8-isolate-lifecycle-crash-rlxoqqpy
Jul 2, 2026
Merged

fix(v8-runtime): create snapshot blobs in a helper subprocess to contain a V8 isolate-lifecycle crash#198
NathanFlurry merged 1 commit into
mainfrom
stack/fix-v8-runtime-create-snapshot-blobs-in-a-helper-subprocess-to-contain-a-v8-isolate-lifecycle-crash-rlxoqqpy

Conversation

@NathanFlurry

Copy link
Copy Markdown
Member

rusty_v8 130.0.7 (V8 13.0) can corrupt V8's process-wide wasm code-pointer
table when snapshot-creator isolates are created and torn down in-process;
the next Isolate::New then SIGSEGVs in
WasmCodePointerTable::AllocateUninitializedEntry (root-caused via core dump —
this is what killed the full service test suite at the crypto tests).

  • Snapshot blob creation re-execs the current binary in a hidden helper mode
    (pre-main ctor on linux/android/macos) and returns the blob over a framed
    stdio pipe; sessions still restore isolates from cached snapshots (warm
    spawn latency stays at parity — the interim fresh-isolate mitigation cost
    +74%).
  • If the helper fails (unsupported platform, spawn error), sessions degrade to
    a fresh isolate that evaluates the bridge in-context instead of failing.
  • Process-wide isolate create/drop serialization + explicit drop_isolate
    routing; isolate-churn regression test; the V8-heavy TLS pending-write test
    runs in the isolated subprocess runner.
  • rusty_v8 upgrade (which supersedes this containment) tracked in
    ~/.agents/todo/rusty-v8-upgrade.md — the pinned V8 is >1 year behind
    security releases.

Full service suite now completes: 131 passed, 1 environmental failure
(/lost+found host-shadow permission), previously SIGSEGV.

…ain a V8 isolate-lifecycle crash

rusty_v8 130.0.7 (V8 13.0) can corrupt V8's process-wide wasm code-pointer
table when snapshot-creator isolates are created and torn down in-process;
the next Isolate::New then SIGSEGVs in
WasmCodePointerTable::AllocateUninitializedEntry (root-caused via core dump —
this is what killed the full service test suite at the crypto tests).

- Snapshot blob creation re-execs the current binary in a hidden helper mode
  (pre-main ctor on linux/android/macos) and returns the blob over a framed
  stdio pipe; sessions still restore isolates from cached snapshots (warm
  spawn latency stays at parity — the interim fresh-isolate mitigation cost
  +74%).
- If the helper fails (unsupported platform, spawn error), sessions degrade to
  a fresh isolate that evaluates the bridge in-context instead of failing.
- Process-wide isolate create/drop serialization + explicit drop_isolate
  routing; isolate-churn regression test; the V8-heavy TLS pending-write test
  runs in the isolated subprocess runner.
- rusty_v8 upgrade (which supersedes this containment) tracked in
  ~/.agents/todo/rusty-v8-upgrade.md — the pinned V8 is >1 year behind
  security releases.

Full service suite now completes: 131 passed, 1 environmental failure
(/lost+found host-shadow permission), previously SIGSEGV.
@NathanFlurry

Copy link
Copy Markdown
Member Author

Stack for rivet-dev/secure-exec

Get stack: forklift get 198
Push local edits: forklift submit
Merge when ready: forklift merge 198

@railway-app railway-app Bot temporarily deployed to secure-exec / secure-exec-pr-198 July 2, 2026 10:20 Destroyed
@NathanFlurry NathanFlurry merged commit 57b56b4 into main Jul 2, 2026
0 of 2 checks passed
@railway-app railway-app Bot temporarily deployed to secure-exec / preview July 2, 2026 10:20 Inactive
@NathanFlurry NathanFlurry deleted the stack/fix-v8-runtime-create-snapshot-blobs-in-a-helper-subprocess-to-contain-a-v8-isolate-lifecycle-crash-rlxoqqpy branch July 2, 2026 10:20
@railway-app railway-app Bot temporarily deployed to secure-exec / production July 2, 2026 10:20 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant