[M149] [cppgc] Fix memory ordering race in ObjectStartBitmap [v8/v8 : refs/branch-heads/14.9]
0 views
Skip to first unread message
Anton Bikineev (Gerrit)
May 26, 2026, 7:33:49 AM (5 days ago) May 26
to chrome-che...@chops-service-accounts.iam.gserviceaccount.com, Hannes Payer, android-bu...@system.gserviceaccount.com, oilpan-r...@chromium.org, mlippau...@chromium.org, v8-m...@googlegroups.com
Anton Bikineev added 1 comment![]( "Open in Gerrit")
File src/heap/cppgc/heap-page.cc
Line 110, Patchset 2:
<<<<<<< HEAD (7edc94f50895bffb4394f42b4b8fdc641593399e Version 14.9.207.15)
||||||| BASE (66d9915a709bf2b03c66cb6359ec855b1849edc1 Update fuzztest (trusted))
}
=======
}
return LargePage::From(this)->ObjectHeader();
>>>>>>> CHANGE (c055ccbcde8ea8c6f5356fd9f5fb3d6a6b73a9ee [cppgc] Fix memory ordering race in ObjectStartBitmap)Anton Bikineev . resolved
Please fix this ERROR reported by Conflict Markers: Complete set of diff3 style conflict markers found. If this is a false alarm, ad...
Complete set of diff3 style conflict markers found. If this is a false alarm, add IGNORE_MERGE_CONFLICT_CHECK==<reason> to your commit message.
Related details
Attention set is empty
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Anton Bikineev (Gerrit)
May 26, 2026, 7:34:45 AM (5 days ago) May 26
to chrome-che...@chops-service-accounts.iam.gserviceaccount.com, Hannes Payer, android-bu...@system.gserviceaccount.com, oilpan-r...@chromium.org, mlippau...@chromium.org, v8-m...@googlegroups.com
Anton Bikineev voted![]( "Open in Gerrit")
| Code-Review | +1 |
| Commit-Queue | +2 |
Related details
Attention set is empty
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Michael Lippautz (Gerrit)
May 27, 2026, 6:39:18 AM (4 days ago) May 27
to chrome-che...@chops-service-accounts.iam.gserviceaccount.com, Anton Bikineev, v8-s...@luci-project-accounts.iam.gserviceaccount.com, Hannes Payer, android-bu...@system.gserviceaccount.com, oilpan-r...@chromium.org, mlippau...@chromium.org, v8-m...@googlegroups.com
Attention needed from Anton Bikineev
Michael Lippautz voted Code-Review+1![]( "Open in Gerrit")
| Code-Review | +1 |
Related details
Attention is currently required from:
- Anton Bikineev
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Anton Bikineev (Gerrit)
May 27, 2026, 7:40:42 AM (4 days ago) May 27
to chrome-che...@chops-service-accounts.iam.gserviceaccount.com, Michael Lippautz, v8-s...@luci-project-accounts.iam.gserviceaccount.com, Hannes Payer, android-bu...@system.gserviceaccount.com, oilpan-r...@chromium.org, mlippau...@chromium.org, v8-m...@googlegroups.com
Anton Bikineev voted Commit-Queue+2![]( "Open in Gerrit")
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
v8-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)
May 27, 2026, 8:19:04 AM (4 days ago) May 27
to chrome-che...@chops-service-accounts.iam.gserviceaccount.com, Anton Bikineev, Michael Lippautz, Hannes Payer, android-bu...@system.gserviceaccount.com, oilpan-r...@chromium.org, mlippau...@chromium.org, v8-m...@googlegroups.com
v8-s...@luci-project-accounts.iam.gserviceaccount.com submitted the change![]( "Open in Gerrit")
Change information
Commit message:
[M149] [cppgc] Fix memory ordering race in ObjectStartBitmap
Original change's description:
> [cppgc] Fix memory ordering race in ObjectStartBitmap
>
> A memory ordering race on weak memory architectures (like ARM64) between
> mutator allocations and the concurrent marker could lead to an integer
> underflow in ObjectStartBitmap::FindHeader. This happened because the
> concurrent marker could observe a new pointer in a cppgc::Member before
> the corresponding bit was set in the ObjectStartBitmap.
>
> The CL fixes it by using a seq-cst OSB write. As a drive-by, it fixes
> the issue with conservative object lookup.
>
> Bug: 511218177
> Change-Id: I89e8fa26966daf755380719277be0a1656268940
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7840600
> Auto-Submit: Anton Bikineev <biki...@chromium.org>
> Commit-Queue: Michael Lippautz <mlip...@chromium.org>
> Reviewed-by: Michael Lippautz <mlip...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#107284}
(cherry picked from commit c055ccbcde8ea8c6f5356fd9f5fb3d6a6b73a9ee)
Bug: 515275150,511218177
Change-Id: I89e8fa26966daf755380719277be0a1656268940
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Commit-Queue: Anton Bikineev <biki...@chromium.org>
Reviewed-by: Anton Bikineev <biki...@chromium.org>
Cr-Commit-Position: refs/branch-heads/14.9@{#36}
Cr-Branched-From: 8f08364a351ad38a60421137a09ef23953ecdd56-refs/heads/14.9.207@{#1}
Cr-Branched-From: 8de67b11924d5e8c0032029165a52d800cf05f1f-refs/heads/main@{#106999}
Files:
- M src/heap/cppgc/heap-page.cc
- M src/heap/cppgc/heap-page.h
- M src/heap/cppgc/object-start-bitmap.h
Change size: M
Delta: 3 files changed, 30 insertions(+), 25 deletions(-)
Branch: refs/branch-heads/14.9
Submit Requirements:
Code-Review: +1 by Michael Lippautz, +1 by Anton Bikineev
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages