Python: Add autogate to call abortIsolate on a fatal error (#6708)

hoodmane · web-flow · commit d092243db599 · 2026-05-01T11:30:43.000-07:00
diff --git a/src/cloudflare/internal/workers.d.ts b/src/cloudflare/internal/workers.d.ts
@@ -62,5 +62,9 @@ export interface CacheContext {
 
 export function getCtxCache(): CacheContext | undefined;
 
-// Only defined when the `workerd_experimental` compat flag is enabled.
 export function abortIsolate(reason?: string): never;
+
+// True when the workerd_experimental compat flag is enabled. Use this for gating experimental
+// re-exports in user-facing wrappers; Cloudflare.compatibilityFlags filters out experimental
+// flags themselves so it cannot be used to detect this.
+export const isExperimental: boolean;
diff --git a/src/cloudflare/workers.ts b/src/cloudflare/workers.ts
@@ -439,18 +439,12 @@ export const cache = new Proxy(
 
 export const tracing = innerTracing;
 
-// `abortIsolate` is only defined on `entrypoints` when the
-// `workerd_experimental` compat flag is enabled. When the flag is disabled,
-// calling it throws a clear error rather than a cryptic
-// "undefined is not a function".
-const rawAbortIsolate: ((reason?: string) => never) | undefined = (
-  entrypoints as { abortIsolate?: (reason?: string) => never }
-).abortIsolate;
-export const abortIsolate: (reason?: string) => never =
-  rawAbortIsolate !== undefined
-    ? rawAbortIsolate.bind(entrypoints)
-    : (_reason?: string): never => {
-        throw new Error(
-          'abortIsolate() requires the "experimental" compatibility flag.'
-        );
-      };
+export function abortIsolate(reason?: string): never {
+  if (entrypoints.isExperimental) {
+    entrypoints.abortIsolate(reason);
+  } else {
+    throw new Error(
+      'abortIsolate() requires the "experimental" compatibility flag.'
+    );
+  }
+}
diff --git a/src/pyodide/internal/metadata.ts b/src/pyodide/internal/metadata.ts
@@ -7,6 +7,8 @@ import { default as ArtifactBundler } from 'pyodide-internal:artifacts';
 
 export const IS_WORKERD = MetadataReader.isWorkerd();
 export const IS_TRACING = MetadataReader.isTracing();
+export const SHOULD_ABORT_ISOLATE_ON_FATAL_ERROR =
+  MetadataReader.shouldAbortIsolateOnFatalError();
 
 // Snapshots
 export const SHOULD_SNAPSHOT_TO_DISK = MetadataReader.shouldSnapshotToDisk();
diff --git a/src/pyodide/internal/python.ts b/src/pyodide/internal/python.ts
@@ -24,9 +24,11 @@ import {
 import {
   LEGACY_VENDOR_PATH,
   PROCESS_PTH_FILES,
+  SHOULD_ABORT_ISOLATE_ON_FATAL_ERROR,
   setCpuLimitNearlyExceededCallback,
 } from 'pyodide-internal:metadata';
 import { default as FatalReporter } from 'pyodide-internal:fatal-reporter';
+import { default as cloudflareWorkers } from 'cloudflare-internal:workers';
 
 import { default as UnsafeEval } from 'internal:unsafe-eval';
 import {
@@ -283,6 +285,11 @@ export async function loadPyodide(
       } catch (_e) {
         FatalReporter.reportFatal('Internal error reporting fatal error');
       }
+      if (SHOULD_ABORT_ISOLATE_ON_FATAL_ERROR) {
+        cloudflareWorkers.abortIsolate(
+          `Python worker fatal error: ${String(error)}`
+        );
+      }
     };
     return pyodide;
   } catch (e) {
diff --git a/src/pyodide/types/cloudflare-internal/workers.d.ts b/src/pyodide/types/cloudflare-internal/workers.d.ts
@@ -0,0 +1,9 @@
+// Copyright (c) 2026 Cloudflare, Inc.
+// Licensed under the Apache 2.0 license found in the LICENSE file or at:
+//     https://opensource.org/licenses/Apache-2.0
+
+declare const cloudflareWorkers: {
+  abortIsolate: (reason?: string) => never;
+};
+
+export default cloudflareWorkers;
diff --git a/src/pyodide/types/runtime-generated/metadata.d.ts b/src/pyodide/types/runtime-generated/metadata.d.ts
@@ -19,6 +19,7 @@ declare namespace MetadataReader {
   const isTracing: () => boolean;
   const shouldSnapshotToDisk: () => boolean;
   const isCreatingBaselineSnapshot: () => boolean;
+  const shouldAbortIsolateOnFatalError: () => boolean;
   const getRequirements: () => string[];
   const getMainModule: () => string;
   const hasMemorySnapshot: () => boolean;
diff --git a/src/workerd/api/pyodide/pyodide.c++ b/src/workerd/api/pyodide/pyodide.c++
@@ -8,6 +8,7 @@
 #include <workerd/io/compatibility-date.h>
 #include <workerd/io/features.h>
 #include <workerd/io/io-context.h>
+#include <workerd/util/autogate.h>
 #include <workerd/util/strings.h>
 
 #include <pyodide/generated/pyodide_extra.capnp.h>
@@ -415,6 +416,10 @@ kj::Array<kj::StringPtr> PyodideMetadataReader::getBaselineSnapshotImports() {
   return kj::heapArray(snapshotImports.begin(), snapshotImports.size());
 }
 
+bool PyodideMetadataReader::shouldAbortIsolateOnFatalError() {
+  return util::Autogate::isEnabled(util::AutogateKey::PYTHON_ABORT_ISOLATE_ON_FATAL_ERROR);
+}
+
 jsg::JsObject PyodideMetadataReader::getCompatibilityFlags(jsg::Lock& js) {
   auto flags = FeatureFlags::get(js);
   auto obj = js.objNoProto();
diff --git a/src/workerd/api/pyodide/pyodide.h b/src/workerd/api/pyodide/pyodide.h
@@ -189,6 +189,10 @@ class PyodideMetadataReader: public jsg::Object {
     return state->createBaselineSnapshot;
   }
 
+  // Returns whether the python-abort-isolate-on-fatal-error autogate is enabled. When true, the
+  // Python on_fatal handler should call abortIsolate() to terminate the isolate after reporting.
+  bool shouldAbortIsolateOnFatalError();
+
   kj::StringPtr getMainModule() {
     return state->mainModule;
   }
@@ -268,6 +272,7 @@ class PyodideMetadataReader: public jsg::Object {
     JSG_METHOD(getPackagesVersion);
     JSG_METHOD(getPackagesLock);
     JSG_METHOD(isCreatingBaselineSnapshot);
+    JSG_METHOD(shouldAbortIsolateOnFatalError);
     JSG_METHOD(getTransitiveRequirements);
     JSG_METHOD(getCompatibilityFlags);
     JSG_STATIC_METHOD(getBaselineSnapshotImports);
diff --git a/src/workerd/api/workers-module.c++ b/src/workerd/api/workers-module.c++
@@ -6,6 +6,7 @@
 
 #include <workerd/api/actor-state.h>
 #include <workerd/api/global-scope.h>
+#include <workerd/io/features.h>
 
 namespace workerd::api {
 
@@ -76,4 +77,8 @@ void EntrypointsModule::abortIsolate(jsg::Lock& js, jsg::Optional<kj::String> re
   js.terminateExecutionNow();
 }
 
+bool EntrypointsModule::getIsExperimental(jsg::Lock& js) {
+  return FeatureFlags::get(js).getWorkerdExperimental();
+}
+
 }  // namespace workerd::api
diff --git a/src/workerd/api/workers-module.h b/src/workerd/api/workers-module.h
@@ -90,6 +90,11 @@ class EntrypointsModule: public jsg::Object {
   // process.
   void abortIsolate(jsg::Lock& js, jsg::Optional<kj::String> reason);
 
+  // Returns whether the workerd_experimental compat flag is enabled. Exposed on the internal
+  // module so user-facing wrappers in cloudflare:workers can gate experimental APIs without
+  // relying on Cloudflare.compatibilityFlags (which filters out experimental flags themselves).
+  bool getIsExperimental(jsg::Lock& js);
+
   JSG_RESOURCE_TYPE(EntrypointsModule, CompatibilityFlags::Reader flags) {
     JSG_NESTED_TYPE(WorkerEntrypoint);
     JSG_NESTED_TYPE(WorkflowEntrypoint);
@@ -103,9 +108,18 @@ class EntrypointsModule: public jsg::Object {
     JSG_METHOD(waitUntil);
     JSG_METHOD(getCtxCache);
 
-    if (flags.getWorkerdExperimental()) {
-      JSG_METHOD(abortIsolate);
-    }
+    // abortIsolate:
+    //
+    // From user code only usable with experimental set for now.
+    // The Python runtime wants to use it directly.
+    //
+    // So we always expose it to internal JS for the Python runtime, but the
+    // version exposed to user code checks this isExperimental flag and throws
+    // if it returns false.
+    //
+    // TODO: Clean up when we remove the experimental gate on abortIsolate.
+    JSG_METHOD(abortIsolate);
+    JSG_READONLY_PROTOTYPE_PROPERTY(isExperimental, getIsExperimental);
   }
 };
 
diff --git a/src/workerd/server/tests/python/BUILD.bazel b/src/workerd/server/tests/python/BUILD.bazel
@@ -1,3 +1,4 @@
+load("@rules_shell//shell:sh_test.bzl", "sh_test")
 load("//src/workerd/server/tests/python:import_tests.bzl", "gen_rust_import_tests")
 load("//src/workerd/server/tests/python:py_wd_test.bzl", "py_wd_test", "python_test_setup")
 load("//src/workerd/server/tests/python/vendor_pkg_tests:vendor_test.bzl", "vendored_py_wd_test")
@@ -85,3 +86,33 @@ py_wd_test(
 py_wd_test("python-compat-flag")
 
 py_wd_test("pth-file")
+
+# Shell-driven test for the python-abort-isolate-on-fatal-error autogate. The Python worker
+# triggers a fatal error which (with the autogate enabled) calls abortIsolate(), terminating the
+# workerd process. The shell script verifies the expected fatal output and non-zero exit.
+sh_test(
+    name = "python-abort-isolate-on-fatal-test",
+    size = "enormous",
+    srcs = ["python-abort-isolate-on-fatal/python-abort-isolate-on-fatal.sh"],
+    args = [
+        "$(location //src/workerd/server:workerd_cross)",
+        "$(location python-abort-isolate-on-fatal/python-abort-isolate-on-fatal.wd-test)",
+        "$(location //src/workerd/server/tests/python:pyodide_dev.capnp.bin@rule)",
+        "../+pyodide+all_pyodide_wheels_20250808",
+    ],
+    data = [
+        "python-abort-isolate-on-fatal/python-abort-isolate-on-fatal.wd-test",
+        "python-abort-isolate-on-fatal/worker.py",
+        "//src/workerd/server:workerd_cross",
+        "//src/workerd/server/tests/python:pyodide_dev.capnp.bin@rule",
+        "@all_pyodide_wheels_20250808//:whls",
+    ],
+    tags = [
+        "no-coverage",
+        "python",
+    ],
+    target_compatible_with = select({
+        "@platforms//os:windows": ["@platforms//:incompatible"],
+        "//conditions:default": [],
+    }),
+)
diff --git a/src/workerd/server/tests/python/python-abort-isolate-on-fatal/python-abort-isolate-on-fatal.sh b/src/workerd/server/tests/python/python-abort-isolate-on-fatal/python-abort-isolate-on-fatal.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# Test that when the python-abort-isolate-on-fatal-error autogate is enabled,
+# triggering a Python fatal error causes the workerd process to abort.
+
+set -uo pipefail
+
+WORKERD=$1
+CONFIG=$2
+PYODIDE_BUNDLE=$3
+WHEELS_DIR=$4
+
+TEST_TMPDIR="${TEST_TMPDIR:-/tmp}"
+
+# Pyodide bundle directory is the parent of the .capnp.bin file.
+BUNDLE_DIR=$(dirname "$PYODIDE_BUNDLE")
+
+output=$("$WORKERD" test \
+  "$CONFIG" \
+  --experimental \
+  --compat-date=2000-01-01 \
+  --pyodide-bundle-disk-cache-dir "$BUNDLE_DIR" \
+  --pyodide-package-disk-cache-dir "$WHEELS_DIR" \
+  -dTEST_TMPDIR="$TEST_TMPDIR" 2>&1)
+exit_code=$?
+
+echo "--- captured output ---" >&2
+echo "$output" >&2
+echo "--- end captured output ---" >&2
+
+if [ "$exit_code" -eq 0 ]; then
+  echo "FAIL: expected nonzero exit code from abortIsolate" >&2
+  exit 1
+fi
+
+if ! echo "$output" | grep -qF "abortIsolate() called, terminating process"; then
+  echo "FAIL: expected abortIsolate fatal message not found" >&2
+  exit 1
+fi
+
+if ! echo "$output" | grep -qF "Python worker fatal error"; then
+  echo "FAIL: expected Python worker fatal error reason not found" >&2
+  exit 1
+fi
+
+echo "Success"
+exit 0
diff --git a/src/workerd/server/tests/python/python-abort-isolate-on-fatal/python-abort-isolate-on-fatal.wd-test b/src/workerd/server/tests/python/python-abort-isolate-on-fatal/python-abort-isolate-on-fatal.wd-test
@@ -0,0 +1,18 @@
+using Workerd = import "/workerd/workerd.capnp";
+
+const config :Workerd.Config = (
+  autogates = ["workerd-autogate-python-abort-isolate-on-fatal-error"],
+  services = [
+    ( name = "python-abort-isolate-on-fatal",
+      worker = (
+        modules = [
+          (name = "worker.py", pythonModule = embed "worker.py"),
+        ],
+        compatibilityFlags = [
+          "python_workers",
+          "python_workers_development",
+        ],
+      )
+    ),
+  ],
+);
diff --git a/src/workerd/server/tests/python/python-abort-isolate-on-fatal/worker.py b/src/workerd/server/tests/python/python-abort-isolate-on-fatal/worker.py
@@ -0,0 +1,12 @@
+# Copyright (c) 2026 Cloudflare, Inc.
+# Licensed under the Apache 2.0 license found in the LICENSE file or at:
+#     https://opensource.org/licenses/Apache-2.0
+
+
+async def test(ctrl, env, ctx):
+    # _pyodide_core.trigger_fatal_error() invokes Pyodide's on_fatal handler. With the
+    # python-abort-isolate-on-fatal-error autogate enabled, the on_fatal handler calls
+    # abortIsolate() which terminates the workerd process.
+    from _pyodide_core import trigger_fatal_error
+
+    trigger_fatal_error()
diff --git a/src/workerd/util/autogate.c++ b/src/workerd/util/autogate.c++
@@ -45,6 +45,8 @@ kj::StringPtr KJ_STRINGIFY(AutogateKey key) {
       return "user-span-context-propagation"_kj;
     case AutogateKey::UPDATED_AUTO_ALLOCATE_CHUNK_SIZE:
       return "updated-auto-allocate-chunk-size"_kj;
+    case AutogateKey::PYTHON_ABORT_ISOLATE_ON_FATAL_ERROR:
+      return "python-abort-isolate-on-fatal-error"_kj;
     case AutogateKey::NumOfKeys:
       KJ_FAIL_ASSERT("NumOfKeys should not be used in getName");
   }
diff --git a/src/workerd/util/autogate.h b/src/workerd/util/autogate.h
@@ -50,6 +50,8 @@ enum class AutogateKey {
   USER_SPAN_CONTEXT_PROPAGATION,
   // Apply an updated default autoAllocateChunkSize for ReadableStreams
   UPDATED_AUTO_ALLOCATE_CHUNK_SIZE,
+  // Call abortIsolate() when a Python worker encounters a fatal error.
+  PYTHON_ABORT_ISOLATE_ON_FATAL_ERROR,
   NumOfKeys  // Reserved for iteration.
 };
 
