[execution] Respect isolate stack limit in GetCentralStackView

legendecas · V8 LUCI CQ · commit c24df23717b6 · 2025-03-13T01:28:44.000-07:00
A stack limit can be set for each v8::Isolate. The limit size can be greater than the one specified with --stack-size. `Heap::CollectGarbage` should not crash due to a `CHECK` on `Isolate::IsOnCentralStack()` with an isolate stack limit. Refs: nodejs/node#57114 Fixed: 400996806 Bug: 42202153 Change-Id: I80d0826fcd6a64261b8d745f8f47aa096bc83fb8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6329659 Commit-Queue: Chengzhong Wu <cwu631@bloomberg.net> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#99228}
diff --git a/src/api/api.cc b/src/api/api.cc
@@ -10024,6 +10024,7 @@ void Isolate::Initialize(Isolate* v8_isolate,
     uintptr_t limit =
         reinterpret_cast<uintptr_t>(params.constraints.stack_limit());
     i_isolate->stack_guard()->SetStackLimit(limit);
+    i_isolate->set_stack_size(base::Stack::GetStackStart() - limit);
   }
 
   // TODO(v8:2487): Once we got rid of Isolate::Current(), we can remove this.
@@ -10670,6 +10671,7 @@ void Isolate::SetStackLimit(uintptr_t stack_limit) {
   i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(this);
   CHECK(stack_limit);
   i_isolate->stack_guard()->SetStackLimit(stack_limit);
+  i_isolate->set_stack_size(base::Stack::GetStackStart() - stack_limit);
 }
 
 void Isolate::GetCodeRange(void** start, size_t* length_in_bytes) {
diff --git a/src/execution/isolate.cc b/src/execution/isolate.cc
@@ -4205,14 +4205,13 @@ Isolate::Isolate(IsolateGroup* isolate_group)
       next_unique_sfi_id_(0),
       next_module_async_evaluation_ordinal_(
           SourceTextModule::kFirstAsyncEvaluationOrdinal),
-      cancelable_task_manager_(new CancelableTaskManager())
+      cancelable_task_manager_(new CancelableTaskManager()),
 #if defined(V8_ENABLE_ETW_STACK_WALKING)
-      ,
       etw_tracing_enabled_(false),
       etw_trace_interpreted_frames_(v8_flags.interpreted_frames_native_stack),
-      etw_in_rundown_(false)
+      etw_in_rundown_(false),
 #endif  // V8_ENABLE_ETW_STACK_WALKING
-{
+      stack_size_(v8_flags.stack_size * KB) {
   TRACE_ISOLATE(constructor);
   CheckIsolateLayout();
 
diff --git a/src/execution/isolate.h b/src/execution/isolate.h
@@ -1749,6 +1749,9 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
 
   bool jitless() const { return jitless_; }
 
+  void set_stack_size(size_t v) { stack_size_ = v; }
+  size_t stack_size() { return stack_size_; }
+
   base::RandomNumberGenerator* random_number_generator();
 
   base::RandomNumberGenerator* fuzzer_rng();
@@ -2902,6 +2905,9 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   // The mutex only guards adding pages, the retrieval is signal safe.
   base::Mutex code_pages_mutex_;
 
+  // Stack size set with ResourceConstraints or Isolate::SetStackLimit, in
+  // bytes. This is initialized with value of --stack-size.
+  size_t stack_size_;
 #ifdef V8_ENABLE_WEBASSEMBLY
   wasm::WasmCodeLookupCache* wasm_code_look_up_cache_ = nullptr;
   std::vector<std::unique_ptr<wasm::StackMemory>> wasm_stacks_;
diff --git a/src/execution/simulator.h b/src/execution/simulator.h
@@ -108,7 +108,7 @@ class SimulatorStack : public v8::internal::AllStatic {
       v8::internal::Isolate* isolate) {
     uintptr_t upper_bound = base::Stack::GetStackStart();
     size_t size =
-        v8_flags.stack_size * KB + wasm::StackMemory::kJSLimitOffsetKB * KB;
+        isolate->stack_size() + wasm::StackMemory::kJSLimitOffsetKB * KB;
     uintptr_t lower_bound = upper_bound - size;
     return base::VectorOf(reinterpret_cast<uint8_t*>(lower_bound), size);
   }
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
@@ -17331,6 +17331,86 @@ TEST(SetStackLimitInThread) {
   }
 }
 
+static bool TestStackOverflow(v8::Isolate* isolate) {
+  v8::Isolate::Scope isolate_scope(isolate);
+  v8::HandleScope scope(isolate);
+  LocalContext context(isolate);
+  v8::TryCatch try_catch(isolate);
+  const char* code =
+      "var errored = false;"
+      "function fn(...args) {"
+      "  try { fn(...args); }"
+      "  catch (e) {"
+      // Only trigger GC once the stack is full to speedup the test.
+      "    if (!errored) {"
+      "      gc();"
+      "      errored = true;"
+      "    }"
+      "    throw e;"
+      "  }"
+      "}"
+      "try {"
+      "  fn.apply(null, new Array(10).fill(1).map(() => {}));"
+      "  false;"
+      "} catch (e) {"
+      "  e.name === 'RangeError'"  // StackOverflow is a RangeError
+      "}";
+  Local<Value> value = CompileRun(code);
+
+  // A StackOverflow error is thrown, without crashing.
+  return value->IsTrue();
+}
+
+class StackOverflowThread : public v8::base::Thread {
+ public:
+  explicit StackOverflowThread(int stack_size, int js_stack_size)
+      : Thread(Options("StackOverflowThread", stack_size)),
+        js_stack_size_(js_stack_size),
+        result_(false) {}
+
+  void Run() override {
+    uintptr_t stack_top = v8::base::Stack::GetStackStart();
+    // Compute isolate stack limit by js stack size.
+    uintptr_t stack_base = stack_top - js_stack_size_;
+    v8::Isolate::CreateParams create_params = CreateTestParams();
+    v8::Isolate* isolate = v8::Isolate::New(create_params);
+    isolate->SetStackLimit(stack_base);
+    result_ = TestStackOverflow(isolate);
+    isolate->Dispose();
+  }
+
+  int result() { return result_; }
+
+ private:
+  int js_stack_size_;
+  bool result_;
+};
+
+TEST(SetStackLimitInThreadAndStackOverflow) {
+  // Set a small --stack-size flag.
+  i::FlagScope<int> f_stack_size(&i::v8_flags.stack_size, 100);
+  // Trigger GC aggressively to verify that GC does not crash with stack litmit.
+  i::FlagScope<size_t> f_heap_size(&i::v8_flags.max_heap_size, 8);
+  i::FlagScope<bool> f_expose_gc(&i::v8_flags.expose_gc, true);
+
+  // ASAN requires more stack space.
+#ifdef V8_USE_ADDRESS_SANITIZER
+  constexpr int stack_size = 32 * v8::internal::MB;
+  constexpr int js_stack_size = 2 * v8::internal::MB;
+#else
+  constexpr int stack_size = 2 * v8::internal::MB;
+  constexpr int js_stack_size = 1 * v8::internal::MB;
+#endif
+  // Spawn an Isolate on a thread with larger stack limits than --stack-size.
+  StackOverflowThread thread1(stack_size, js_stack_size);
+
+  CHECK(thread1.Start());
+
+  thread1.Join();
+
+  CHECK(thread1.result());
+}
+
 THREADED_TEST(GetHeapStatistics) {
   LocalContext c1;
   v8::HandleScope scope(c1->GetIsolate());

Original file line number	Diff line number	Diff line change
`@@ -10024,6 +10024,7 @@ void Isolate::Initialize(Isolate* v8_isolate,`
`10024`	`10024`	`uintptr_t limit =`
`10025`	`10025`	`reinterpret_cast<uintptr_t>(params.constraints.stack_limit());`
`10026`	`10026`	`i_isolate->stack_guard()->SetStackLimit(limit);`
	`10027`	`+ i_isolate->set_stack_size(base::Stack::GetStackStart() - limit);`
`10027`	`10028`	`}`
`10028`	`10029`
`10029`	`10030`	`// TODO(v8:2487): Once we got rid of Isolate::Current(), we can remove this.`
`@@ -10670,6 +10671,7 @@ void Isolate::SetStackLimit(uintptr_t stack_limit) {`
`10670`	`10671`	`i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(this);`
`10671`	`10672`	`CHECK(stack_limit);`
`10672`	`10673`	`i_isolate->stack_guard()->SetStackLimit(stack_limit);`
	`10674`	`+ i_isolate->set_stack_size(base::Stack::GetStackStart() - stack_limit);`
`10673`	`10675`	`}`
`10674`	`10676`
`10675`	`10677`	`void Isolate::GetCodeRange(void** start, size_t* length_in_bytes) {`
Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ class SimulatorStack : public v8::internal::AllStatic {`
`108`	`108`	`v8::internal::Isolate* isolate) {`
`109`	`109`	`uintptr_t upper_bound = base::Stack::GetStackStart();`
`110`	`110`	`size_t size =`
`111`		`- v8_flags.stack_size * KB + wasm::StackMemory::kJSLimitOffsetKB * KB;`
	`111`	`+ isolate->stack_size() + wasm::StackMemory::kJSLimitOffsetKB * KB;`
`112`	`112`	`uintptr_t lower_bound = upper_bound - size;`
`113`	`113`	`return base::VectorOf(reinterpret_cast<uint8_t*>(lower_bound), size);`
`114`	`114`	`}`