bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob

[joyeecheung]

This patch introduces --build-snapshot and --snapshot-blob options for creating and using user land snapshots.

For the initial iteration, user land CJS modules and ESM are not yet supported in the snapshot, so only one single file can be snapshotted (users can bundle their applications into a single script with their bundler of choice to build a snapshot though).

A subset of builtins should already work, and support for more builtins are being added. This PR includes tests checking that the TypeScript compiler and the marked markdown renderer (and the builtins they use) can be snapshotted and deserialized.

To generate a snapshot using snapshot.js as entry point and write the snapshot blob to snapshot.blob:

$ echo "globalThis.foo = 'I am from the snapshot'" > snapshot.js
$ node --snapshot-blob snapshot.blob --build-snapshot snapshot.js 

To restore application state from snapshot.blob, with index.js as the entry point script for the deserialized application:

$ echo "console.log(globalThis.foo)" > index.js
$ node --snapshot-blob snapshot.blob index.js
I am from the snapshot

Users can also use the v8.startupSnapshot API to specify an entry point at snapshot building time, thus avoiding the need of an additional entry script at deserialization time:

$ echo "require('v8').startupSnapshot.setDeserializeMainFunction(() => console.log('I am from the snapshot'))" > snapshot.js
$ node --snapshot-blob snapshot.blob --build-snapshot snapshot.js 
$ node --snapshot-blob snapshot.blob
I am from the snapshot

Note that this patch only adds functionality to the node executable for building run-time user-land snapshots, the generated snapshot is stored into a separate file on disk. Building a single binary with both Node.js and an embedded snapshot has already been possible with the --node-snapshot-main option to the configure script if the user compiles Node.js from source. It would be a different task to enable the node executable to produce a single binary that contains both Node.js and an embedded snapshot without building Node.js from source, which should be layered on top of the SEA (Single Executable Apps) initiative.

Known limitations/bugs that are being fixed in the V8 upstream:

• V8 hits a DCHECK when deserializing certain mutated globals, e.g. Error.stackTraceLimit (it should work fine in the release build, however): https://chromium-review.googlesource.com/c/v8/v8/+/3319481
• Layout of V8's read-only heap can be inconsistent after deserialization, resulting in memory corruption: https://bugs.chromium.org/p/v8/issues/detail?id=12921

More known limitations/bugs in the tracking issue: #44014

Refs: #35711

[bl-ue]

Wow, that's really cool. Can't wait! ❤️

[addaleax]

👍

[targos]

What is the compatibility of the snapshot blob WRT V8/Node version, other CLI flags, etc?

[targos]

And what happens if you try to load a snapshot with the wrong version of the runtime?

[joyeecheung]

What is the compatibility of the snapshot blob WRT V8/Node version, other CLI flags, etc?

@targos The blob requires the version of V8/Node to be the same between build time and load time - V8 checks the versions explicitly, and abort if there is a mismatch, while at the moment Node.js should work as long as the number/kind/order of external references etc. match between the binaries used to build and load the snapshot (what happens when there is a mismatch depends on what the mismatch actually is, I would say it's most likely that the process would abort when some V8 casting type check fails e.g. casting e.g. a String to a Function, because one version expects value at blob index n to be a String and the other expects value at blob index n to be a Function). Maybe we could explicitly check the Node.js versions as well so when there is a mismatch users can understand what's wrong immediately.

The CLI flags can vary between between build time and load time, to some extent, it depends on the actual flags being used.

[targos]

Maybe we could explicitly check the Node.js versions as well so when there is a mismatch users can understand what's wrong immediately.

Seems like a good idea.

[joyeecheung]

Also that reminded me that we need to regenerate process.argv and friends when the process is restored from a user land snapshot, otherwise they will be part of the JS state being captured and stay that way..

[joyeecheung]

Another thing that we need to watch out for: right now some modules cache access to getOptionValue() which means they would ignore the values of these flags at snapshot restoration time (if passed differently). Same goes for process.env. It's hard to say whether always dynamically querying the values of these things internally is a good idea for user land snapshots, depending on what exactly the flags are, but I think for the initial version of this we just need to make sure that if the user uses the same flags to build and restore snapshots then they are fine. We can think about how to allow users to configure the flag behaviors in later iterations. (I think one approach that might work is to have two sets of flags available, one for the flags used at snapshot building time and one for the flags actually used to launch the instance, and allow code to access both to adjust based on their needs).

[addaleax]

It's hard to say whether always dynamically querying the values of these things

Fwiw, I think it’s generally a good idea not to cache these values, so that they become configurable – independently of snapshot support.

[joyeecheung]

Fwiw, I think it’s generally a good idea not to cache these values, so that they become configurable – independently of snapshot support.

At the source code level I agree - not caching it directly via the form of something like const value = getOptionValue('--some-flag') gives us the opportunity to refresh them should we choose to. If a flag shouldn't be dynamically configurable for some reason (maybe security) we can just warn or error from the function that returns these values, but I think those should be the rare case.

[joyeecheung]

Updated the prototype a bit, now it loads the snapshot entry point from JS (the snapshot would only be generated when it runs to completion), this gives us more control in e.g. warning about unsupported modules. I've split some smaller commits to other PRs, there's also a small V8 debuggability thing that I'll upstream later.

Some issues I discovered:

• After src: set PromiseHooks by Environment #38821 the environment keeps a list of weak references to all vm contexts created in it. Right now in the V8 API there is no way to record a weak reference to a context in the snapshot, so building user land snapshots with any vm contexts not yet GC'ed would crash right now (even if promise hooks aren't enabled, because the implementation always track the contexts so that it can add hooks to them on demand later). We could probably work around this for now by always tracking the contexts in the snapshot and setting the references to weak when restoring them, and let V8 GC them later if necessary. In the long term we can add an API in V8 to track weak references in snapshots.
• For some reason spinning the loop at snapshot building time results in inconsistencies in the JS land so e.g. REPL would stop working. There are still a bunch of refactoring to be done to make those runtime stuff queried lazily, but I guess we can just spin the loop for the experimental version, even if it breaks when there are runtime differences between snapshot building time and loading time?

(Also, I realized that many modules just require the CJS module loader at the top level, which would in turn require the ESM loader at the top level, which leaves a promise immediately. Not sure how to work around that promise yet but I guess for now we could just make sure that other modules only load those loaders when they actually need to...)

[jasnell]

At the source code level I agree - not caching it directly via the form of something like const value = getOptionValue('--some-flag') gives us the opportunity to refresh them should we choose to. If a flag shouldn't be dynamically configurable for some reason (maybe security) we can just warn or error from the function that returns these values, but I think those should be the rare case.

It's likely worth opening a separate issue for this particular piece. I agree that getting away from caching as a module-scope const would be a good thing.

[ruyadorno]

Note to releasers: this needs to be backported after the two PRs mentioned above #38905 (comment) or there would be conflicts

That worked! thanks @joyeecheung!

Removing the backport-blocked-v18.x label here and in other commits that depended on this one.

[gajus]

It would be a different task to enable the node executable to produce a single binary that contains both Node.js and an embedded snapshot without building Node.js from source, which should be layered on top of the SEA (Single Executable Apps) initiative.

Where can I track progress of this?

[joyeecheung]

@gajus The SEA effort is tracked in https://github.com/nodejs/single-executable and currently most activities take place in https://github.com/nodejs/single-executable/discussions