[cppgc] Fix memory ordering race in ObjectStartBitmap [v8/v8 : main]

0 views
Skip to first unread message

chromeperf@appspot.gserviceaccount.com (Gerrit)

unread,
May 12, 2026, 9:03:07 AMMay 12
to Anton Bikineev, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, oilpan-r...@chromium.org, v8-re...@googlegroups.com
Attention needed from Anton Bikineev

Message from chrom...@appspot.gserviceaccount.com

📍 Job mac-m1_mini_2020-perf/speedometer3.crossbench complete.

See results at: https://pinpoint-dot-chromeperf.appspot.com/job/16698f25890000

Open in Gerrit

Related details

Attention is currently required from:
  • Anton Bikineev
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I89e8fa26966daf755380719277be0a1656268940
Gerrit-Change-Number: 7840600
Gerrit-PatchSet: 3
Gerrit-Owner: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Anton Bikineev <biki...@chromium.org>
Gerrit-CC: Hannes Payer <hpa...@chromium.org>
Gerrit-Attention: Anton Bikineev <biki...@chromium.org>
Gerrit-Comment-Date: Tue, 12 May 2026 13:03:04 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

chromeperf@appspot.gserviceaccount.com (Gerrit)

unread,
May 12, 2026, 9:06:09 AMMay 12
to Anton Bikineev, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, oilpan-r...@chromium.org, v8-re...@googlegroups.com
Attention needed from Anton Bikineev

Message from chrom...@appspot.gserviceaccount.com

📍 Job mac-m1_mini_2020-perf/jetstream-main.crossbench complete.

See results at: https://pinpoint-dot-chromeperf.appspot.com/job/10a71c4b890000

Open in Gerrit

Related details

Attention is currently required from:
  • Anton Bikineev
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I89e8fa26966daf755380719277be0a1656268940
Gerrit-Change-Number: 7840600
Gerrit-PatchSet: 3
Gerrit-Owner: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Anton Bikineev <biki...@chromium.org>
Gerrit-CC: Hannes Payer <hpa...@chromium.org>
Gerrit-Attention: Anton Bikineev <biki...@chromium.org>
Gerrit-Comment-Date: Tue, 12 May 2026 13:06:06 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

chromeperf@appspot.gserviceaccount.com (Gerrit)

unread,
May 12, 2026, 9:22:23 AMMay 12
to Anton Bikineev, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, oilpan-r...@chromium.org, v8-re...@googlegroups.com
Attention needed from Anton Bikineev

Message from chrom...@appspot.gserviceaccount.com

📍 Job mac-m4-mini-perf/speedometer3.crossbench complete.

See results at: https://pinpoint-dot-chromeperf.appspot.com/job/12163d18490000

Open in Gerrit

Related details

Attention is currently required from:
  • Anton Bikineev
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I89e8fa26966daf755380719277be0a1656268940
Gerrit-Change-Number: 7840600
Gerrit-PatchSet: 3
Gerrit-Owner: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Anton Bikineev <biki...@chromium.org>
Gerrit-CC: Hannes Payer <hpa...@chromium.org>
Gerrit-Attention: Anton Bikineev <biki...@chromium.org>
Gerrit-Comment-Date: Tue, 12 May 2026 13:22:20 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

chromeperf@appspot.gserviceaccount.com (Gerrit)

unread,
May 12, 2026, 12:12:09 PMMay 12
to Anton Bikineev, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, oilpan-r...@chromium.org, v8-re...@googlegroups.com
Attention needed from Anton Bikineev

Message from chrom...@appspot.gserviceaccount.com

😿 Job android-pixel4_webview-perf/speedometer3.crossbench failed.

See results at: https://pinpoint-dot-chromeperf.appspot.com/job/1053bfcd890000

Open in Gerrit

Related details

Attention is currently required from:
  • Anton Bikineev
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I89e8fa26966daf755380719277be0a1656268940
Gerrit-Change-Number: 7840600
Gerrit-PatchSet: 3
Gerrit-Owner: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Anton Bikineev <biki...@chromium.org>
Gerrit-CC: Hannes Payer <hpa...@chromium.org>
Gerrit-Attention: Anton Bikineev <biki...@chromium.org>
Gerrit-Comment-Date: Tue, 12 May 2026 16:12:06 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

chromeperf@appspot.gserviceaccount.com (Gerrit)

unread,
May 12, 2026, 12:20:54 PMMay 12
to Anton Bikineev, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, oilpan-r...@chromium.org, v8-re...@googlegroups.com
Attention needed from Anton Bikineev

Message from chrom...@appspot.gserviceaccount.com

📍 Job android-pixel6-perf/speedometer3.crossbench complete.

See results at: https://pinpoint-dot-chromeperf.appspot.com/job/122c0450490000

Open in Gerrit

Related details

Attention is currently required from:
  • Anton Bikineev
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I89e8fa26966daf755380719277be0a1656268940
Gerrit-Change-Number: 7840600
Gerrit-PatchSet: 3
Gerrit-Owner: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Anton Bikineev <biki...@chromium.org>
Gerrit-CC: Hannes Payer <hpa...@chromium.org>
Gerrit-Attention: Anton Bikineev <biki...@chromium.org>
Gerrit-Comment-Date: Tue, 12 May 2026 16:20:51 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Anton Bikineev (Gerrit)

unread,
May 12, 2026, 5:57:39 PMMay 12
to Michael Lippautz, chrom...@appspot.gserviceaccount.com, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, oilpan-r...@chromium.org, v8-re...@googlegroups.com
Attention needed from Michael Lippautz

Anton Bikineev voted and added 1 comment

Votes added by Anton Bikineev

Auto-Submit+1

1 comment

Patchset-level comments
File-level comment, Patchset 3 (Latest):
Anton Bikineev . resolved

ptal

Open in Gerrit

Related details

Attention is currently required from:
  • Michael Lippautz
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I89e8fa26966daf755380719277be0a1656268940
Gerrit-Change-Number: 7840600
Gerrit-PatchSet: 3
Gerrit-Owner: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
Gerrit-Attention: Michael Lippautz <mlip...@chromium.org>
Gerrit-Comment-Date: Tue, 12 May 2026 21:57:36 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Michael Lippautz (Gerrit)

unread,
May 13, 2026, 3:19:19 AMMay 13
to Anton Bikineev, chrom...@appspot.gserviceaccount.com, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, oilpan-r...@chromium.org, v8-re...@googlegroups.com
Attention needed from Anton Bikineev

Michael Lippautz voted and added 1 comment

Votes added by Michael Lippautz

Code-Review+1
Commit-Queue+2

1 comment

Patchset-level comments
Michael Lippautz . resolved

lgtm

Open in Gerrit

Related details

Attention is currently required from:
  • Anton Bikineev
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement satisfiedCode-Review
  • requirement satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I89e8fa26966daf755380719277be0a1656268940
Gerrit-Change-Number: 7840600
Gerrit-PatchSet: 3
Gerrit-Owner: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
Gerrit-CC: Hannes Payer <hpa...@chromium.org>
Gerrit-Attention: Anton Bikineev <biki...@chromium.org>
Gerrit-Comment-Date: Wed, 13 May 2026 07:19:14 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
open
diffy

v8-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)

unread,
May 13, 2026, 3:21:34 AMMay 13
to Anton Bikineev, Michael Lippautz, chrom...@appspot.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, oilpan-r...@chromium.org, v8-re...@googlegroups.com

v8-s...@luci-project-accounts.iam.gserviceaccount.com submitted the change

Change information

Commit message:
[cppgc] Fix memory ordering race in ObjectStartBitmap

A memory ordering race on weak memory architectures (like ARM64) between
mutator allocations and the concurrent marker could lead to an integer
underflow in ObjectStartBitmap::FindHeader. This happened because the
concurrent marker could observe a new pointer in a cppgc::Member before
the corresponding bit was set in the ObjectStartBitmap.

The CL fixes it by using a seq-cst OSB write. As a drive-by, it fixes
the issue with conservative object lookup.
Bug: 511218177
Change-Id: I89e8fa26966daf755380719277be0a1656268940
Auto-Submit: Anton Bikineev <biki...@chromium.org>
Commit-Queue: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Michael Lippautz <mlip...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#107284}
Files:
  • M src/heap/cppgc/heap-page.cc
  • M src/heap/cppgc/heap-page.h
  • M src/heap/cppgc/object-start-bitmap.h
Change size: M
Delta: 3 files changed, 28 insertions(+), 24 deletions(-)
Branch: refs/heads/main
Submit Requirements:
  • requirement satisfiedCode-Review: +1 by Michael Lippautz
Open in Gerrit
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: merged
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I89e8fa26966daf755380719277be0a1656268940
Gerrit-Change-Number: 7840600
Gerrit-PatchSet: 4
Gerrit-Owner: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Anton Bikineev <biki...@chromium.org>
Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
open
diffy
satisfied_requirement
Reply all
Reply to author
Forward
0 new messages