kill actor when abusive

source/runtime.c

@@ -1836,6 +1836,17 @@ int ctx_gc (JSContext *ctx, int allow_grow, size_t alloc_size) {
   }
 #endif
 
+  /* Check memory limit — kill actor if heap exceeds cap */
+  if (ctx->heap_memory_limit > 0 && ctx->current_block_size > ctx->heap_memory_limit) {
+#ifdef ACTOR_TRACE
+    void *crt = ctx->user_opaque;
+    if (crt)
+      fprintf(stderr, "[ACTOR_TRACE] heap %zu > limit %zu, OOM\n",
+              ctx->current_block_size, ctx->heap_memory_limit);
+#endif
+    return -1;
+  }
+
   return 0;
 }
 
@@ -1873,6 +1884,14 @@ void JS_SetInterruptHandler (JSContext *ctx, JSInterruptHandler *cb, void *opaqu
   ctx->interrupt_opaque = opaque;
 }
 
+int JS_GetVMCallDepth(JSContext *ctx) {
+  return ctx->vm_call_depth;
+}
+
+void JS_SetHeapMemoryLimit(JSContext *ctx, size_t limit) {
+  ctx->heap_memory_limit = limit;
+}
+
 /* Allocate a string using bump allocation from context heap.
    Note: the string contents are uninitialized */
 JSText *js_alloc_string (JSContext *ctx, int max_len) {
@@ -1943,6 +1962,14 @@ JSContext *JS_NewContextRawWithHeapSize (JSRuntime *rt, size_t heap_size) {
   ctx->reg_current_frame = JS_NULL;
   ctx->c_call_root = NULL;
 
+  /* Initialize VM suspend/resume state */
+  ctx->suspended = 0;
+  ctx->suspended_pc = 0;
+  ctx->vm_call_depth = 0;
+  ctx->heap_memory_limit = 0;
+  JS_AddGCRef(ctx, &ctx->suspended_frame_ref);
+  ctx->suspended_frame_ref.val = JS_NULL;
+
   /* Initialize per-context execution state (moved from JSRuntime) */
   ctx->current_exception = JS_NULL;
   ctx->actor_sym = JS_NULL;
@@ -2051,6 +2078,8 @@ void JS_FreeContext (JSContext *ctx) {
   JSRuntime *rt = ctx->rt;
   int i;
 
+  JS_DeleteGCRef(ctx, &ctx->suspended_frame_ref);
+
   for (i = 0; i < JS_NATIVE_ERROR_COUNT; i++) {
   }
   for (i = 0; i < ctx->class_count; i++) {