calling isolate.get_heap_statistics from an interrupt segfaults on 140.0 or above

[svix-jbrown]

I'm upgrading an application that uses v8 from v8 137.3.0 to 140.0. We use request_interrupt to periodically sample the memory usage of the Isolate. In 137.x, this works; in 140.x, it segfaults.

Minified sample program, which segfaults in 142.0, but passes in 139.0:

use std::ffi::c_void;

const CODE: &str = r#"
    function busy() {
        for (var i = 0; i < 5000000000 ; ++i) {
            ;;
        }
    }
    busy()
"#;

extern "C" fn v8_interrupt_fn(isolate: &mut v8::Isolate, _data: *mut c_void) {
    let heap_stats = isolate.get_heap_statistics();

    let heap_size = heap_stats.used_heap_size();
    println!("{:?}", heap_size);
}

fn main() {
    let platform = v8::new_default_platform(0, false).make_shared();
    v8::V8::initialize_platform(platform);
    v8::V8::initialize();

    let isolate = &mut v8::Isolate::new(Default::default());
    let handle = isolate.thread_safe_handle();
    handle.request_interrupt(v8_interrupt_fn, std::ptr::null_mut());

    /* this version for <140.0 */
    //let scope = &mut v8::HandleScope::new(isolate);
    /* this version for >= 140.0 */
    let scope = std::pin::pin!(v8::HandleScope::new(isolate));
    let scope = &mut scope.init();
    let context = v8::Context::new(scope, Default::default());
    let scope = &mut v8::ContextScope::new(scope, context);

    let code = v8::String::new(scope, CODE).unwrap();
    println!("javascript code: {}", code.to_rust_string_lossy(scope));

    let script = v8::Script::compile(scope, code, None).unwrap();
    let result = script.run(scope).unwrap();
    let result = result.to_string(scope).unwrap();
    println!("result: {}", result.to_rust_string_lossy(scope));
}

traceback

  * frame #0: 0x0000000100251730 repro-v8-issue`::FreeMainThreadLinearAllocationAreas() at heap.cc:3710:3 [opt]
    frame #1: 0x000000010008c0c0 repro-v8-issue`::GetHeapStatistics() at api.cc:10372:9 [opt]
    frame #2: 0x0000000100005d80 repro-v8-issue`v8::isolate::Isolate::get_heap_statistics::h019b1ff3cf1a1fdb(self=0x0000000140008000) at isolate.rs:1222:7
    frame #3: 0x0000000100005d48 repro-v8-issue`repro_v8_issue::v8_interrupt_fn::h80a46865facae6f2(isolate=0x0000000140008000, _data=0x0000000000000000) at main.rs:13:30
    frame #4: 0x00000001001b2d00 repro-v8-issue`::InvokeApiInterruptCallbacks() at isolate.cc:2036:5 [opt]
    frame #5: 0x00000001001cff48 repro-v8-issue`::HandleInterrupts() at stack-guard.cc:385:15 [opt]
    frame #6: 0x0000000100651afc repro-v8-issue`::Runtime_StackGuard() at runtime-internal.cc:331:1 [opt]
    frame #7: 0x00000001015d07b4 repro-v8-issue`Builtins_CEntry_Return1_ArgvOnStack_NoBuiltinExit + 84
    frame #8: 0x0000000101531670 repro-v8-issue`Builtins_InterpreterEntryTrampoline + 432
    frame #9: 0x000000010152e90c repro-v8-issue`Builtins_JSEntryTrampoline + 172
    frame #10: 0x000000010152e5b0 repro-v8-issue`Builtins_JSEntry + 176
    frame #11: 0x00000001001a0df4 repro-v8-issue`::Invoke() at execution.cc:442:22 [opt]
    frame #12: 0x00000001001a13e4 repro-v8-issue`::CallScript() at execution.cc:542:10 [opt]
    frame #13: 0x0000000100085010 repro-v8-issue`::Run() at api.cc:1953:7 [opt]
    frame #14: 0x0000000100005594 repro-v8-issue`v8::script::_$LT$impl$u20$v8..data..Script$GT$::run::_$u7b$$u7b$closure$u7d$$u7d$::h0029f083922e612d((null)={closure_env#0} @ 0x000000016fdfdc68, sd=0x000000016fdfdd10) at script.rs:96:29
    frame #15: 0x00000001000040c4 repro-v8-issue`v8::scope::PinnedRef$LT$v8..scope..HandleScope$LT$$LP$$RP$$GT$$GT$::cast_local::h2a09eaa9b3f9c688(self=0x000000016fdfe1e0, _f={closure_env#0} @ 0x000000016fdfdd30) at scope.rs:690:15
    frame #16: 0x000000010000403c repro-v8-issue`v8::script::_$LT$impl$u20$v8..data..Script$GT$::run::haca42d5da85fab6b(self=0x000000013d02be48, scope=0x000000016fdfe1e0) at script.rs:96:13
    frame #17: 0x0000000100006b84 repro-v8-issue`repro_v8_issue::main::h5166e804cf311a29 at main.rs:40:25
    frame #18: 0x000000010000429c repro-v8-issue`core::ops::function::FnOnce::call_once::he7e708fd4f3795fd((null)=(repro-v8-issue`repro_v8_issue::main::h5166e804cf311a29 at main.rs:19), (null)=<unavailable>) at function.rs:253:5
    frame #19: 0x00000001000049d0 repro-v8-issue`std::sys::backtrace::__rust_begin_short_backtrace::h19ac56e1b67a0b10(f=(repro-v8-issue`repro_v8_issue::main::h5166e804cf311a29 at main.rs:19)) at backtrace.rs:158:18
    frame #20: 0x00000001000049a0 repro-v8-issue`std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::he8b228c5e17083f5 at rt.rs:206:18
    frame #21: 0x000000010182ddbc repro-v8-issue`core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_once::hbb2eb0e6976088d9 at function.rs:290:21 [opt] [inlined]
    frame #22: 0x000000010182ddb4 repro-v8-issue`std::panicking::catch_unwind::do_call::h93858ce5ba09f3d9 at panicking.rs:589:40 [opt] [inlined]
    frame #23: 0x000000010182ddb0 repro-v8-issue`std::panicking::catch_unwind::h129a241a010f1b76 at panicking.rs:552:19 [opt] [inlined]
    frame #24: 0x000000010182ddb0 repro-v8-issue`std::panic::catch_unwind::h5ca6b885cfe10586 at panic.rs:359:14 [opt] [inlined]
    frame #25: 0x000000010182ddb0 repro-v8-issue`std::rt::lang_start_internal::_$u7b$$u7b$closure$u7d$$u7d$::hed6353a412388a00 at rt.rs:175:24 [opt] [inlined]
    frame #26: 0x000000010182da34 repro-v8-issue`std::panicking::catch_unwind::do_call::h6579b7caa3691f01 at panicking.rs:589:40 [opt] [inlined]
    frame #27: 0x000000010182da34 repro-v8-issue`std::panicking::catch_unwind::h4557f88752b89087 at panicking.rs:552:19 [opt] [inlined]
    frame #28: 0x000000010182da34 repro-v8-issue`std::panic::catch_unwind::h82809ba82b8374af at panic.rs:359:14 [opt] [inlined]
    frame #29: 0x000000010182da34 repro-v8-issue`std::rt::lang_start_internal::hdb28e94b6865fa11 at rt.rs:171:5 [opt]
    frame #30: 0x0000000100004978 repro-v8-issue`std::rt::lang_start::hddc927408c68c248(main=(repro-v8-issue`repro_v8_issue::main::h5166e804cf311a29 at main.rs:19), argc=1, argv=0x000000016fdff0d0, sigpipe='\0') at rt.rs:205:5
    frame #31: 0x0000000100006f2c repro-v8-issue`main + 36
    frame #32: 0x00000001954aeb98 dyld`start + 6076

I'm not sure if this is a rusty_v8 issue or a v8 issue or a "you're holding it wrong" issue, but figured I'd start here.