On 2020-06-16 19:20, Guido van Rossum wrote:
Has anybody brought up the problem yet that if one subinterpreter encounters a hard crash (say, it segfaults due to a bug in a C extension module), all subinterpreters active at that moment in the same process are likely to lose all their outstanding work, without a chance of recovery?
(Of course once we have locks in shared memory, a crashed process leaving a lock behind may also screw up everybody else, though perhaps less severely.)
Not really. Asyncio has the same problem; has anyone brought this issue up there? (Granted, asyncio probably didn't uncover too many issues in extension modules, but if it did, I assume they would get fixed.) If you're worried about segfaults, then you should use multiple processes. That will always give you better isolation. But I don't think it's a reason to stop improving interpreter isolation.