CCF icon indicating copy to clipboard operation
CCF copied to clipboard

Published 20 hours ago verified publisher icon microsoft

V8: Enforce runtime constraints (max stack and heap size)

Open letmaik opened this issue 3 years ago • 0 comments

In QuickJS, we currently set hard-coded values per runtime for maximum stack size (1M) and heap size (100M). Ideally, this should be controllable by the app, but in any case we need something similar for V8.

V8 similarly supports resource constraints per isolate (part of CreateParams): https://v8.github.io/api/head/classv8_1_1ResourceConstraints.html

Setting the max heap size is as expected, but the stack size is expressed in terms of an upper memory address and would have to be per-thread and kept up-to-date since the stacks will differ in CCF between rpc calls. Updating the stack limit is done through v8::Isolate::SetStackLimit().

This is how Chrome initializes an isolate and sets the stack size: https://github.com/chromium/chromium/blob/b5fce3b7a9fd1a3d17c49ab753e045bc50b607c2/third_party/blink/renderer/bindings/core/v8/v8_initializer.cc#L825-L837

// Stack size for workers is limited to 500KB because default stack size for
// secondary threads is 512KB on Mac OS X. See GetDefaultThreadStackSize() in
// base/threading/platform_thread_mac.mm for details.
static const int kWorkerMaxStackSize = 500 * 1024;
...
isolate->SetStackLimit(WTF::GetCurrentStackPosition() - kWorkerMaxStackSize);

// WTF:
uintptr_t GetCurrentStackPosition() {
  return reinterpret_cast<uintptr_t>(__builtin_frame_address(0));
}

letmaik avatar Dec 15 '21 14:12 letmaik