[api] Enforce tag range for v8::Object::Wrap [v8/v8 : main]

1 view
Skip to first unread message

Andreas Haas (Gerrit)

unread,
Jun 10, 2026, 3:44:14 AMJun 10
to Michael Lippautz, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, oilpan-r...@chromium.org, cbruni...@chromium.org
Attention needed from Michael Lippautz

Andreas Haas added 1 comment

Patchset-level comments
File-level comment, Patchset 7 (Latest):
Andreas Haas . resolved

PTAL

I don't think we should remove `kDefaultTag`, as it is used by other embedders. For them, a testing tag does not seem correct. But I added a comment that only embedders that don't use the heap sandbox should use it.

Open in Gerrit

Related details

Attention is currently required from:
  • Michael Lippautz
Submit Requirements:
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I42e8a9a0f0ca7c16eb68e44941d1d283af3a7044
Gerrit-Change-Number: 7907082
Gerrit-PatchSet: 7
Gerrit-Owner: Andreas Haas <ah...@chromium.org>
Gerrit-Reviewer: Andreas Haas <ah...@chromium.org>
Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
Gerrit-Attention: Michael Lippautz <mlip...@chromium.org>
Gerrit-Comment-Date: Wed, 10 Jun 2026 07:44:10 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
unsatisfied_requirement
open
diffy

Michael Lippautz (Gerrit)

unread,
Jun 10, 2026, 9:49:38 AMJun 10
to Andreas Haas, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, oilpan-r...@chromium.org, cbruni...@chromium.org
Attention needed from Andreas Haas

Michael Lippautz voted and added 2 comments

Votes added by Michael Lippautz

Code-Review+1

2 comments

Patchset-level comments
Michael Lippautz . resolved

lgtm

File include/v8-sandbox.h
Line 67, Patchset 7 (Latest): kDefaultTag,
Michael Lippautz . unresolved

Can we put this behind !V8_ENABLE_SANDBOX? This should be available on the API and avoid future pitfalls our configurations.

Open in Gerrit

Related details

Attention is currently required from:
  • Andreas Haas
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
  • requirement satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I42e8a9a0f0ca7c16eb68e44941d1d283af3a7044
Gerrit-Change-Number: 7907082
Gerrit-PatchSet: 7
Gerrit-Owner: Andreas Haas <ah...@chromium.org>
Gerrit-Reviewer: Andreas Haas <ah...@chromium.org>
Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
Gerrit-Attention: Andreas Haas <ah...@chromium.org>
Gerrit-Comment-Date: Wed, 10 Jun 2026 13:49:34 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Andreas Haas (Gerrit)

unread,
Jun 11, 2026, 4:01:37 AMJun 11
to Michael Lippautz, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, oilpan-r...@chromium.org, cbruni...@chromium.org

Andreas Haas voted and added 1 comment

Votes added by Andreas Haas

Commit-Queue+2

1 comment

File include/v8-sandbox.h
Line 67, Patchset 7: kDefaultTag,
Michael Lippautz . resolved

Can we put this behind !V8_ENABLE_SANDBOX? This should be available on the API and avoid future pitfalls our configurations.

Andreas Haas

Done

Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: v8/v8
    Gerrit-Branch: main
    Gerrit-Change-Id: I42e8a9a0f0ca7c16eb68e44941d1d283af3a7044
    Gerrit-Change-Number: 7907082
    Gerrit-PatchSet: 8
    Gerrit-Comment-Date: Thu, 11 Jun 2026 08:01:33 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    Comment-In-Reply-To: Michael Lippautz <mlip...@chromium.org>
    satisfied_requirement
    open
    diffy

    v8-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)

    unread,
    Jun 11, 2026, 4:03:35 AMJun 11
    to Andreas Haas, Michael Lippautz, android-bu...@system.gserviceaccount.com, oilpan-r...@chromium.org, cbruni...@chromium.org

    v8-s...@luci-project-accounts.iam.gserviceaccount.com submitted the change with unreviewed changes

    Unreviewed changes

    7 is the latest approved patch-set.
    The change was submitted with unreviewed changes in the following files:

    ```
    The name of the file: include/v8-sandbox.h
    Insertions: 3, Deletions: 2.

    @@ -62,9 +62,10 @@
    kInspectorTaskInfoTag,
    kLastV8InternalTag,

    - // A default tag to be used by embedders that don't use the V8 heap sandbox.
    - // If the sandbox is enabled, type-specific tags should be used instead.
    +#if !V8_ENABLE_SANDBOX
    + // Embedders that use the sandbox should use specific tags for each type.
    kDefaultTag,
    +#endif // !V8_ENABLE_SANDBOX

    kLastObjectWrappableTag = 0x7ffc,
    kZappedEntryTag = 0x7ffd,
    ```

    Change information

    Commit message:
    [api] Enforce tag range for v8::Object::Wrap

    Add static assertions and a DCHECK to ensure that the CppHeapPointerTag
    used in v8::Object::Wrap is always within the kObjectWrappableTagRange.

    Additionally, this CL removes all uses of
    `CppHeapPointerTag::kDefaultTag` in V8.
    Bug: 519655841
    Change-Id: I42e8a9a0f0ca7c16eb68e44941d1d283af3a7044
    Reviewed-by: Michael Lippautz <mlip...@chromium.org>
    Commit-Queue: Andreas Haas <ah...@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#107902}
    Files:
    • M include/v8-object.h
    • M include/v8-sandbox.h
    • M src/api/api.cc
    • M test/benchmarks/cpp/bindings.cc
    • M test/cctest/test-api.cc
    • M test/cctest/test-serialize.cc
    • M test/unittests/heap/cppgc-js/embedder-roots-handler-unittest.cc
    • M test/unittests/heap/cppgc-js/unified-heap-snapshot-unittest.cc
    • M test/unittests/heap/cppgc-js/unified-heap-utils.cc
    Change size: M
    Delta: 9 files changed, 42 insertions(+), 27 deletions(-)
    Branch: refs/heads/main
    Submit Requirements:
    • requirement satisfiedCode-Review: +1 by Michael Lippautz
    Open in Gerrit
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: merged
    Gerrit-Project: v8/v8
    Gerrit-Branch: main
    Gerrit-Change-Id: I42e8a9a0f0ca7c16eb68e44941d1d283af3a7044
    Gerrit-Change-Number: 7907082
    Gerrit-PatchSet: 9
    Gerrit-Owner: Andreas Haas <ah...@chromium.org>
    Gerrit-Reviewer: Andreas Haas <ah...@chromium.org>
    Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
    open
    diffy
    satisfied_requirement
    Reply all
    Reply to author
    Forward
    0 new messages