cloudflare · ketanhwr · Jan 22, 2025 · Feb 5, 2025 · Feb 17, 2025 · Feb 26, 2025
@@ -692,4 +692,9 @@ struct CompatibilityFlags @0x8f8c1b68151b6cef {
       $experimental
       $neededByFl;
   # Enables cache settings specified request in fetch api cf object to override cache rules. (only for user owned or grey-clouded sites)
+
+  jsWeakRef @73 :Bool
+      $compatEnableFlag("enable_weak_ref")
+      $compatDisableFlag("disable_weak_ref");
+  # Enables WeakRefs and FinalizationRegistry API. WebAssembly based projects often rely on this API for wasm memory cleanup
 }
@@ -9,6 +9,7 @@
 #include <workerd/jsg/jsg.h>
 #include <workerd/util/sentry.h>
 #include <workerd/util/uncaught-exception-source.h>
+#include <workerd/jsg/setup.h>
 
 #include <kj/debug.h>
 
@@ -447,6 +448,7 @@ kj::Promise<void> IoContext::IncomingRequest::drain() {
     // For non-actor requests, apply the configured soft timeout, typically 30 seconds.
     timeoutPromise = context->limitEnforcer->limitDrain();
   }
+  context->pumpMessageLoop();
   return context->waitUntilTasks.onEmpty()
       .exclusiveJoin(kj::mv(timeoutPromise))
       .exclusiveJoin(context->abortPromise.addBranch().then([] {}, [](kj::Exception&&) {}));
@@ -466,6 +468,7 @@ kj::Promise<IoContext_IncomingRequest::FinishScheduledResult> IoContext::Incomin
   // Mark ourselves so we know that we made a best effort attempt to wait for waitUntilTasks.
   KJ_ASSERT(context->incomingRequests.size() == 1);
   context->incomingRequests.front().waitedForWaitUntil = true;
+  context->pumpMessageLoop();
 
   auto timeoutPromise = context->limitEnforcer->limitScheduled().then(
       [] { return IoContext_IncomingRequest::FinishScheduledResult::TIMEOUT; });
@@ -1377,6 +1380,73 @@ kj::Promise<void> IoContext::startDeleteQueueSignalTask(IoContext* context) {
   }
 }
 
+void IoContext::pumpMessageLoop() {
+  kj::Promise<Worker::AsyncLock> asyncLockPromise = nullptr;
+  KJ_IF_SOME(a, actor) {
+    asyncLockPromise = worker->takeAsyncLockWhenActorCacheReady(now(), a, getMetrics());
+  } else {
+    asyncLockPromise = worker->takeAsyncLock(getMetrics());
+  }
+
+  addWaitUntil(asyncLockPromise.then([](Worker::AsyncLock lock) {
+    return lock;
+  }).then([this](Worker::AsyncLock lock) mutable {
+    KJ_REQUIRE(threadId == getThreadId(), "IoContext cannot switch threads");
+    IoContext* previousRequest = threadLocalRequest;
+    KJ_DEFER(threadLocalRequest = previousRequest);
+    threadLocalRequest = nullptr;
+
+    worker->runInLockScope(lock, [&](Worker::Lock& workerLock) {
+      workerLock.requireNoPermanentException();
+
+      auto limiterScope = limitEnforcer->enterJs(workerLock, *this);
+
+      bool gotTermination = false;
+
+      KJ_DEFER({
+        jsg::Lock& js = workerLock;
+        if (gotTermination) {
+          js.terminateExecution();
+        }
+      });
+
+      v8::TryCatch tryCatch(workerLock.getIsolate());
+      try {
+        jsg::Lock& js = workerLock;
+        js.pumpMessageLoop();
+      } catch (const jsg::JsExceptionThrown&) {
+        if (tryCatch.HasTerminated()) {
+          gotTermination = true;
+          limiterScope = nullptr;
+
+          limitEnforcer->requireLimitsNotExceeded();
+
+          if (!abortFulfiller->isWaiting()) {
+            KJ_FAIL_ASSERT("request terminated because it was aborted");
+          }
+
+          // That should have thrown, so we shouldn't get here.
+          KJ_FAIL_ASSERT("script terminated for unknown reasons");
+        } else {
+          if (tryCatch.Message().IsEmpty()) {
+            // Should never happen, but check for it because otherwise V8 will crash.
+            KJ_LOG(ERROR, "tryCatch.Message() was empty even when not HasTerminated()??",
+                kj::getStackTrace());
+            JSG_FAIL_REQUIRE(Error, "(JavaScript exception with no message)");
+          } else {
+            auto jsException = tryCatch.Exception();
+
+            workerLock.logUncaughtException(UncaughtExceptionSource::INTERNAL,
+                jsg::JsValue(jsException), jsg::JsMessage(tryCatch.Message()));
+
+            jsg::throwTunneledException(workerLock.getIsolate(), jsException);
+          }
+        }
+      }
+    });
+  }));
+}
+
 // ======================================================================================
 
 WarningAggregator::WarningAggregator(IoContext& context, EmitCallback emitter)

@@ -825,6 +825,8 @@ class IoContext final: public kj::Refcounted, private kj::TaskSet::ErrorHandler
     return *getCurrentIncomingRequest().ioChannelFactory;
   }
 
+  void pumpMessageLoop();
+
  private:
   ThreadContext& thread;
 

@@ -9,6 +9,8 @@
 #include <workerd/jsg/util.h>
 #include <workerd/util/thread-scopes.h>
 
+#include "libplatform/libplatform.h"
+
 namespace workerd::jsg {
 
 kj::String stringifyHandle(v8::Local<v8::Value> value) {
@@ -270,6 +272,11 @@ void Lock::terminateExecution() {
   v8Isolate->TerminateExecution();
 }
 
+void Lock::pumpMessageLoop() {
+  auto& system = const_cast<jsg::V8System&>(this->getV8System());
+  while (v8::platform::PumpMessageLoop(&system.getDefaultPlatform(), v8Isolate)) {}
+}
+
 Name Lock::newSymbol(kj::StringPtr symbol) {
   return Name(*this, v8::Symbol::New(v8Isolate, v8StrIntern(v8Isolate, symbol)));
 }

@@ -2276,6 +2276,8 @@ class ExternalMemoryAdjustment final {
 // Isolate<TypeWrapper>::Lock. Usually this is only done in top-level code, and the Lock is
 // passed down to everyone else from there. See setup.h for details.
 
+class V8System;
+
 class Lock {
  public:
   // The underlying V8 isolate, useful for directly calling V8 APIs. Hopefully, this is rarely
@@ -2674,11 +2676,15 @@ class Lock {
 
   void runMicrotasks();
   void terminateExecution();
+  void pumpMessageLoop();
 
   // Logs and reports the error to tail workers (if called within an request),
   // the inspector (if attached), or to KJ_LOG(Info).
   virtual void reportError(const JsValue& value) = 0;
 
+protected:
+  virtual const V8System& getV8System() = 0;
+
  private:
   // Mark the jsg::Lock as being disallowed from being passed as a parameter into
   // a kj promise coroutine. Note that this only blocks directly passing the Lock

@@ -1285,6 +1285,7 @@ class ModuleRegistryBase {
 
 struct NewContextOptions {
   kj::Maybe<ModuleRegistryBase&> newModuleRegistry = kj::none;
+  bool enableWeakRef = false;
 };
 
 // TypeWrapper mixin for resource types (application-defined C++ classes declared with a
@@ -1428,10 +1429,10 @@ class ResourceWrapper {
     // "skip callback and just allow".)
     context->AllowCodeGenerationFromStrings(false);
 
-    // We do not allow use of WeakRef or FinalizationRegistry because they introduce
-    // non-deterministic behavior.
-    check(global->Delete(context, v8StrIntern(isolate, "WeakRef"_kj)));
-    check(global->Delete(context, v8StrIntern(isolate, "FinalizationRegistry"_kj)));
+    if (!options.enableWeakRef) {
+      check(global->Delete(context, v8StrIntern(isolate, "WeakRef"_kj)));
+      check(global->Delete(context, v8StrIntern(isolate, "FinalizationRegistry"_kj)));
+    }
 
     // Store a pointer to this object in slot 1, to be extracted in callbacks.
     context->SetAlignedPointerInEmbedderData(1, ptr.get());

@@ -76,11 +76,14 @@ static kj::Own<v8::Platform> userPlatform(v8::Platform& platform) {
 V8System::V8System(): V8System(defaultPlatform(0), nullptr) {}
 V8System::V8System(kj::ArrayPtr<const kj::StringPtr> flags): V8System(defaultPlatform(0), flags) {}
 V8System::V8System(v8::Platform& platformParam): V8System(platformParam, nullptr) {}
-V8System::V8System(v8::Platform& platformParam, kj::ArrayPtr<const kj::StringPtr> flags)
-    : V8System(userPlatform(platformParam), flags) {}
-V8System::V8System(kj::Own<v8::Platform> platformParam, kj::ArrayPtr<const kj::StringPtr> flags)
+V8System::V8System(v8::Platform& platformParam, kj::ArrayPtr<const kj::StringPtr> flags, v8::Platform* defaultPlatformPtr)
+    : V8System(userPlatform(platformParam), flags, defaultPlatformPtr) {}
+V8System::V8System(kj::Own<v8::Platform> platformParam, kj::ArrayPtr<const kj::StringPtr> flags, v8::Platform* defaultPlatformPtr)
     : platformInner(kj::mv(platformParam)),
-      platformWrapper(*platformInner) {
+      platformWrapper(*platformInner), defaultPlatformPtr_{defaultPlatformPtr} {
+    if (!defaultPlatformPtr_) {
+      defaultPlatformPtr_ = platformInner.get();
+    }
 #if V8_HAS_STACK_START_MARKER
   v8::StackStartMarker::EnableForProcess();
 #endif

@@ -52,19 +52,22 @@ class V8System {
   explicit V8System(v8::Platform& platform);
 
   // Use a possibly-custom v8::Platform implementation, and apply flags.
-  explicit V8System(v8::Platform& platform, kj::ArrayPtr<const kj::StringPtr> flags);
+  explicit V8System(v8::Platform& platform, kj::ArrayPtr<const kj::StringPtr> flags, v8::Platform* defaultPlatformPtr = nullptr);
 
   ~V8System() noexcept(false);
 
   typedef void FatalErrorCallback(kj::StringPtr location, kj::StringPtr message);
   static void setFatalErrorCallback(FatalErrorCallback* callback);
 
+  auto& getDefaultPlatform() { return *defaultPlatformPtr_; }
+
  private:
   kj::Own<v8::Platform> platformInner;
   V8PlatformWrapper platformWrapper;
   friend class IsolateBase;
+  v8::Platform* defaultPlatformPtr_;
 
-  explicit V8System(kj::Own<v8::Platform>, kj::ArrayPtr<const kj::StringPtr>);
+  explicit V8System(kj::Own<v8::Platform>, kj::ArrayPtr<const kj::StringPtr>, v8::Platform* defaultPlatformPtr = nullptr);
 };
 
 // Base class of Isolate<T> containing parts that don't need to be templated, to avoid code
@@ -73,6 +76,10 @@ class IsolateBase {
  public:
   static IsolateBase& from(v8::Isolate* isolate);
 
+  auto& getV8System() {
+    return system;
+  }
+
   // Unwraps a JavaScript exception as a kj::Exception.
   virtual kj::Exception unwrapException(
       v8::Local<v8::Context> context, v8::Local<v8::Value> exception) = 0;
@@ -673,6 +680,10 @@ class Isolate: public IsolateBase {
             *this, value.toString(*this), value, JsMessage::create(*this, value));
       }
     }
+  protected:
+    virtual const V8System& getV8System() override {
+      return jsgIsolate.getV8System();
+    }
 
    private:
     Isolate& jsgIsolate;

@@ -271,7 +271,10 @@ struct WorkerdApi::Impl final {
         auto version = getPythonBundleName(pythonRelease);
         auto bundle = KJ_ASSERT_NONNULL(
             fetchPyodideBundle(pythonConfig, version), "Failed to get Pyodide bundle");
-        auto context = lock.newContext<api::ServiceWorkerGlobalScope>(lock.v8Isolate);
+        jsg::NewContextOptions options{
+          .enableWeakRef = features->getJsWeakRef()
+        };
+        auto context = lock.newContext<api::ServiceWorkerGlobalScope>(options, lock.v8Isolate);
         v8::Context::Scope scope(context.getHandle(lock));
         // Init emscripten synchronously, the python script will import setup-emscripten and
         // call setEmscriptenModele
@@ -343,6 +346,7 @@ CompatibilityFlags::Reader WorkerdApi::getFeatureFlags() const {
 jsg::JsContext<api::ServiceWorkerGlobalScope> WorkerdApi::newContext(jsg::Lock& lock) const {
   jsg::NewContextOptions options{
     .newModuleRegistry = impl->tryGetModuleRegistry(),
+    .enableWeakRef = getFeatureFlags().getJsWeakRef()
   };
   return kj::downcast<JsgWorkerdIsolate::Lock>(lock).newContext<api::ServiceWorkerGlobalScope>(
       kj::mv(options), lock.v8Isolate);

@@ -1329,7 +1329,7 @@ class CliMain final: public SchemaFileImpl::ErrorReporter {
       auto platform = jsg::defaultPlatform(0);
       WorkerdPlatform v8Platform(*platform);
       jsg::V8System v8System(
-          v8Platform, KJ_MAP(flag, config.getV8Flags()) -> kj::StringPtr { return flag; });
+          v8Platform, KJ_MAP(flag, config.getV8Flags()) -> kj::StringPtr { return flag; }, platform.get());
       auto promise = func(v8System, config);
       KJ_IF_SOME(w, watcher) {
         promise = promise.exclusiveJoin(waitForChanges(w).then([this]() {