[sandbox] Use SafeHeapObjectSize for WeakArrayList::length [v8/v8 : main]

[Arash Kazemi (Gerrit)]

Attention needed from Maksim Ivanov

Arash Kazemi voted and added 1 comment

Votes added by Arash Kazemi

Commit-Queue

+1

1 comment

File src/objects/object-list-macros.h

Line 296, Patchset 18:// LINT.ThenChange(/src/objects/map.cc:get_visitor_id, /src/objects/js-objects.cc:get_header_size, /src/compiler/turbofan-types.cc:bitset_type_lub)

Arash Kazemi . unresolved

Unless I am mistaken, WeakArrayList is already present in all of those.

Open in Gerrit

Related details

Attention is currently required from:

• Maksim Ivanov

Submit Requirements:

• Code-Owners
• Code-Review
• No-Unresolved-Comments
• Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: v8/v8

Gerrit-Branch: main

Gerrit-Change-Id: If0ca2b4a5625013194ac87fa8258e568b2e3c7db

Gerrit-Change-Number: 7594381

Gerrit-PatchSet: 19

Gerrit-Owner: Arash Kazemi <ara...@chromium.org>

Gerrit-Reviewer: Arash Kazemi <ara...@chromium.org>

Gerrit-Reviewer: Maksim Ivanov <em...@chromium.org>

Gerrit-CC: AyeAye <android-bu...@system.gserviceaccount.com>

Gerrit-CC: Hannes Payer <hpa...@chromium.org>

Gerrit-CC: V8 LUCI CQ <v8-s...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Attention: Maksim Ivanov <em...@chromium.org>

Gerrit-Comment-Date: Thu, 12 Mar 2026 16:19:47 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: Yes

[Maksim Ivanov (Gerrit)]

Attention needed from Arash Kazemi

Maksim Ivanov voted and added 3 comments

Votes added by Maksim Ivanov

Code-Review

+1

3 comments

Patchset-level comments

File-level comment, Patchset 21 (Latest):

Maksim Ivanov . resolved

I see some potentially dangerous arithmetics done, but I couldn't spot any specific flaws (and new CHECKing will likely be expensive). So LGTM % nit.

File src/diagnostics/objects-debug.cc

Line 1020, Patchset 21 (Latest): const uint32_t len = length().value();

Maksim Ivanov . unresolved

nit: `length` or `ulength`? It's unclear which naming convention this chain of CLs want to follow.

File src/objects/prototype-info-inl.h

Line 45, Patchset 21 (Latest): const uint32_t derived_length = derived_list->length().value();

Maksim Ivanov . unresolved

nit: I think the variable isn't needed here, as the length can be calculated inside the `DCHECK`. And then `#ifdef` won't be required.

Ditto in the next function below.

Open in Gerrit

Related details

Attention is currently required from:

• Arash Kazemi

Submit Requirements:

• Code-Owners

• Code-Review

• No-Unresolved-Comments

• Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: v8/v8

Gerrit-Branch: main

Gerrit-Change-Id: If0ca2b4a5625013194ac87fa8258e568b2e3c7db

Gerrit-Change-Number: 7594381

Gerrit-PatchSet: 21

Gerrit-Owner: Arash Kazemi <ara...@chromium.org>

Gerrit-Reviewer: Arash Kazemi <ara...@chromium.org>

Gerrit-Reviewer: Maksim Ivanov <em...@chromium.org>

Gerrit-CC: AyeAye <android-bu...@system.gserviceaccount.com>

Gerrit-CC: Hannes Payer <hpa...@chromium.org>

Gerrit-CC: V8 LUCI CQ <v8-s...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Attention: Arash Kazemi <ara...@chromium.org>

Gerrit-Comment-Date: Mon, 16 Mar 2026 15:24:35 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: Yes

[Arash Kazemi (Gerrit)]

Attention needed from Maksim Ivanov

Arash Kazemi added 2 comments

File src/diagnostics/objects-debug.cc

Line 1020, Patchset 21: const uint32_t len = length().value();

Maksim Ivanov . unresolved

nit: `length` or `ulength`? It's unclear which naming convention this chain of CLs want to follow.

Arash Kazemi

My plan is to remove `ulength` in a follow-up CL: crrev.com/c/7643769. We could also remove `length` and change all instances to `ulength`. I don't have a preference since either way we would be returning `SafeHeapObjectSize`, `ulength` would possibly make it even more explicit that it should be treated as unsigned.

File src/objects/prototype-info-inl.h

Line 45, Patchset 21: const uint32_t derived_length = derived_list->length().value();

Maksim Ivanov . resolved

nit: I think the variable isn't needed here, as the length can be calculated inside the `DCHECK`. And then `#ifdef` won't be required.

Ditto in the next function below.

Arash Kazemi

Done

Open in Gerrit

Related details

Attention is currently required from:

• Maksim Ivanov

Submit Requirements:

• Code-Owners
• Code-Review
• No-Unresolved-Comments
• Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: v8/v8

Gerrit-Branch: main

Gerrit-Change-Id: If0ca2b4a5625013194ac87fa8258e568b2e3c7db

Gerrit-Change-Number: 7594381

Gerrit-PatchSet: 22

Gerrit-Owner: Arash Kazemi <ara...@chromium.org>

Gerrit-Reviewer: Arash Kazemi <ara...@chromium.org>

Gerrit-Reviewer: Maksim Ivanov <em...@chromium.org>

Gerrit-CC: AyeAye <android-bu...@system.gserviceaccount.com>

Gerrit-CC: Hannes Payer <hpa...@chromium.org>

Gerrit-CC: V8 LUCI CQ <v8-s...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Attention: Maksim Ivanov <em...@chromium.org>

Gerrit-Comment-Date: Mon, 16 Mar 2026 17:24:03 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: No

Comment-In-Reply-To: Maksim Ivanov <em...@chromium.org>