[heap] Fix CodeRange red zone allocation for contiguous RO space [v8/v8 : main]
0 views
Skip to first unread message
Michael Lippautz (Gerrit)
Sep 4, 2025, 4:58:33 AM (3 days ago) Sep 4
to Dominik Inführ, V8 LUCI CQ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
Attention needed from Dominik Inführ
New activity on the change![]( "Open in Gerrit")
Related details
Attention is currently required from:
- Dominik Inführ
Submit Requirements:
Code-Owners
Code-Review
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Dominik Inführ (Gerrit)
Sep 4, 2025, 5:14:15 AM (3 days ago) Sep 4
to Michael Lippautz, V8 LUCI CQ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
Attention needed from Michael Lippautz
Dominik Inführ added 3 comments![]( "Open in Gerrit")
File src/heap/code-range.cc
Line 255, Patchset 2 (Latest):
// red_zone_start ^ ^ red_zone_endDominik Inführ . unresolved
Nit: I think the "red zone" should go to both (or either of) data_cage_ro_start/data_cage_ro_end. And those variables don't exist anymore, so probably should be renamed as well.
Line 272, Patchset 2 (Latest):
current += (size_t{4} * kPtrComprCageBaseAlignment)) {Dominik Inführ . unresolved
Isn't this 16GB? kPtrComprCageBaseAlignment is already 1<<32, so 4GB?
Line 283, Patchset 2 (Latest):
CHECK_EQ(red_zone_size, region()Dominik Inführ . unresolved
Shouldn't this be CHECK_LE here? Let's say our code cage starts add 4GB+2MB - then our red zone size should only be 6MB instead of the full 8MB.
Related details
Attention is currently required from:
- Michael Lippautz
Submit Requirements:
Code-Owners
Code-Review
No-Unresolved-Comments
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Dominik Inführ (Gerrit)
Sep 4, 2025, 5:14:47 AM (3 days ago) Sep 4
to Michael Lippautz, V8 LUCI CQ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
Attention needed from Michael Lippautz
Dominik Inführ voted and added 1 comment![]( "Open in Gerrit")
Related details
Attention is currently required from:
- Michael Lippautz
Submit Requirements:
Code-Owners
Code-Review
No-Unresolved-Comments
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Dominik Inführ (Gerrit)
Sep 4, 2025, 5:19:39 AM (3 days ago) Sep 4
to Michael Lippautz, V8 LUCI CQ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
Attention needed from Michael Lippautz
Dominik Inführ added 1 comment![]( "Open in Gerrit")
File src/heap/code-range.cc
Line 290, Patchset 2 (Latest):
}Dominik Inführ . unresolved
Nit: Maybe as a sanity check, we could check here after the loop that `CHECK_LE(number_of_red_zones, 1)`.
Related details
Attention is currently required from:
- Michael Lippautz
Submit Requirements:
Code-Owners
Code-Review
No-Unresolved-Comments
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Michael Lippautz (Gerrit)
Sep 4, 2025, 5:26:53 AM (3 days ago) Sep 4
to Dominik Inführ, V8 LUCI CQ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
Michael Lippautz voted and added 4 comments![]( "Open in Gerrit")
Votes added by Michael Lippautz
| Commit-Queue | +1 |
4 comments
File src/heap/code-range.cc
Nit: I think the "red zone" should go to both (or either of) data_cage_ro_start/data_cage_ro_end. And those variables don't exist anymore, so probably should be renamed as well.
Michael Lippautz
Good point. I simplified this picture and removed the variable names. This allowed for adding more cases.
Line 272, Patchset 2:
current += (size_t{4} * kPtrComprCageBaseAlignment)) {Dominik Inführ . resolved
Isn't this 16GB? kPtrComprCageBaseAlignment is already 1<<32, so 4GB?
Michael Lippautz
Done
Shouldn't this be CHECK_LE here? Let's say our code cage starts add 4GB+2MB - then our red zone size should only be 6MB instead of the full 8MB.
Michael Lippautz
`red_zone_size` is 6MB in this case. It's computed from the adjusted start/end.
That said, I changed the check now to actually use AddressRegion::GetOverlap() which could actually be used instead if we see the crash going away.
Nit: Maybe as a sanity check, we could check here after the loop that `CHECK_LE(number_of_red_zones, 1)`.
Submit Requirements:
Code-Owners
Code-Review
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Dominik Inführ (Gerrit)
Sep 4, 2025, 5:29:21 AM (3 days ago) Sep 4
to Michael Lippautz, V8 LUCI CQ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
Attention needed from Michael Lippautz
Dominik Inführ voted and added 1 comment![]( "Open in Gerrit")
Votes added by Dominik Inführ
| Code-Review | +1 |
1 comment
File src/heap/code-range.cc
Line 292, Patchset 3 (Latest):
CHECK_EQ(number_of_red_zones, 1);Dominik Inführ . unresolved
Shouldn't this be <= 1? We don't necessarily have a red zone, right?
Related details
Attention is currently required from:
- Michael Lippautz
Submit Requirements:
Code-Owners
Code-Review
No-Unresolved-Comments
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Michael Lippautz (Gerrit)
Sep 4, 2025, 5:33:15 AM (3 days ago) Sep 4
to Dominik Inführ, V8 LUCI CQ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
Michael Lippautz added 1 comment![]( "Open in Gerrit")
File src/heap/code-range.cc
Shouldn't this be <= 1? We don't necessarily have a red zone, right?
Submit Requirements:
Code-Owners
Code-Review
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Michael Lippautz (Gerrit)
Sep 4, 2025, 6:10:47 AM (3 days ago) Sep 4
to Dominik Inführ, V8 LUCI CQ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
Michael Lippautz voted Commit-Queue+2![]( "Open in Gerrit")
| Commit-Queue | +2 |
Related details
Attention set is empty
Submit Requirements:
Code-Owners
Code-Review
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
V8 LUCI CQ (Gerrit)
Sep 4, 2025, 6:12:20 AM (3 days ago) Sep 4
to Michael Lippautz, Dominik Inführ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
V8 LUCI CQ submitted the change with unreviewed changes![]( "Open in Gerrit")
Unreviewed changes
3 is the latest approved patch-set.
The change was submitted with unreviewed changes in the following files:
```
The name of the file: src/heap/code-range.cc
Insertions: 1, Deletions: 1.
@@ -289,7 +289,7 @@
PageAllocator::kNoAccess));
}
}
- CHECK_EQ(number_of_red_zones, 1);
+ CHECK_LE(number_of_red_zones, 1);
#endif // CONTIGUOUS_COMPRESSED_READ_ONLY_SPACE_BOOL
// Don't pre-commit the code cage on Windows since it uses memory and it's not
```
Change information
Commit message:
[heap] Fix CodeRange red zone allocation for contiguous RO space
The computation only computed the first candidate region that would
overlap but there's also a candidate within the code range itself.
Bug: 442942399, 429538831
Change-Id: I72299ab49878ce853ee6a395d9f9e68f475b4b49
Commit-Queue: Michael Lippautz <mlip...@chromium.org>
Reviewed-by: Dominik Inführ <dinf...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#102238}
Files:
- M src/heap/code-range.cc
Change size: M
Delta: 1 file changed, 42 insertions(+), 24 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Dominik Inführ
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Nico Hartmann (Gerrit)
Sep 4, 2025, 8:00:51 AM (3 days ago) Sep 4
to V8 LUCI CQ, Michael Lippautz, Dominik Inführ, AyeAye, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com
Nico Hartmann has created a revert of this change![]( "Open in Gerrit")
Related details
Attention set is empty
Submit Requirements:
Code-Owners
Code-Review
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages