Marja Hölttä (Gerrit)

unread,

Apr 2, 2026, 9:37:57 AM (4 days ago) Apr 2

to Darius Mercadier, V8 LUCI CQ, dmercadi...@chromium.org, v8-re...@googlegroups.com

Attention needed from Darius Mercadier

Marja Hölttä added 1 comment

Patchset-level comments

File-level comment, Patchset 7 (Latest):

Marja Hölttä . resolved

ptal

Open in Gerrit

Related details

Attention is currently required from:

Darius Mercadier

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

unsatisfied_requirement

open

diffy

Darius Mercadier (Gerrit)

unread,

Apr 2, 2026, 9:48:29 AM (4 days ago) Apr 2

to Marja Hölttä, V8 LUCI CQ, dmercadi...@chromium.org, v8-re...@googlegroups.com

Attention needed from Marja Hölttä

Darius Mercadier added 3 comments

File src/compiler/js-native-context-specialization.cc

Line 380, Patchset 7 (Latest): (IsStringConstant(broker(), lhs) || IsStringConstant(broker(), rhs))) {

Darius Mercadier . unresolved

Isn't that redundant? GetMaxStringLength above already checks this. This should probably be a DCHECK rather than part of the condition.
(and if it's not redundant, then it's plain wrong: should be `&&` instead of `||`)

Line 413, Patchset 7 (Parent):

    // ConcatenateStrings won't fail, since we already checked the resulting
    // string is not too long.

Darius Mercadier . unresolved

So... ConcatenateStrings can fail then? How?

The commit message says `TF didn't sufficiently check against String::kMaxLength.` but line 379 does `*lhs_len + *rhs_len <= String::kMaxLength`, which looks like it should be enough, no?

Line 414, Patchset 7 (Latest): if (compiler::utils::ConcatenateStrings(left, right, broker())

Darius Mercadier . unresolved

Is that necessary? We're already in the compiler namesapce.

Open in Gerrit

Related details

Attention is currently required from:

Marja Hölttä

Submit Requirements:

Code-Owners
Code-Review

No-Unresolved-Comments

Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

unsatisfied_requirement

open

diffy

Marja Hölttä (Gerrit)

unread,

Apr 2, 2026, 10:01:48 AM (4 days ago) Apr 2

to Darius Mercadier, V8 LUCI CQ, dmercadi...@chromium.org, v8-re...@googlegroups.com

Attention needed from Darius Mercadier

Marja Hölttä voted and added 4 comments

Votes added by Marja Hölttä

Commit-Queue

+1

4 comments

Patchset-level comments

File-level comment, Patchset 10 (Latest):

Marja Hölttä . resolved

thanks, ptal again

File src/compiler/js-native-context-specialization.cc

Line 380, Patchset 7: (IsStringConstant(broker(), lhs) || IsStringConstant(broker(), rhs))) {

Darius Mercadier . resolved

Isn't that redundant? GetMaxStringLength above already checks this. This should probably be a DCHECK rather than part of the condition.
(and if it's not redundant, then it's plain wrong: should be `&&` instead of `||`)

Marja Hölttä

No, because GetMaxStringLength above also supports double constants. I think this branch is meant to execute when at least one is a string constant, but both don't need to be.

So this supports

"some string" + 123e4
and
1234e4 + "some string"

Line 413, Patchset 7 (Parent):

    // ConcatenateStrings won't fail, since we already checked the resulting
    // string is not too long.

Darius Mercadier . resolved

So... ConcatenateStrings can fail then? How?
The commit message says `TF didn't sufficiently check against String::kMaxLength.` but line 379 does `*lhs_len + *rhs_len <= String::kMaxLength`, which looks like it should be enough, no?

Marja Hölttä

aaargh you're right, this was actually failing only because the max length of doubles was incorrectly set. Cancelling this part of the change.

Line 414, Patchset 7: if (compiler::utils::ConcatenateStrings(left, right, broker())

Darius Mercadier . resolved

Is that necessary? We're already in the compiler namesapce.

Marja Hölttä

removing these modifications

Open in Gerrit

Related details

Attention is currently required from:

Darius Mercadier

Submit Requirements:

Code-Owners

Code-Review

Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Darius Mercadier (Gerrit)

unread,

Apr 2, 2026, 10:02:50 AM (4 days ago) Apr 2

to Marja Hölttä, V8 LUCI CQ, dmercadi...@chromium.org, v8-re...@googlegroups.com

Attention needed from Marja Hölttä

Darius Mercadier voted and added 1 comment

Votes added by Darius Mercadier

Code-Review

+1

1 comment

Patchset-level comments

File-level comment, Patchset 11 (Latest):

Darius Mercadier . resolved

lgtm :)

Open in Gerrit

Related details

Attention is currently required from:

Marja Hölttä

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Marja Hölttä (Gerrit)

unread,

Apr 2, 2026, 10:19:05 AM (4 days ago) Apr 2

to Darius Mercadier, V8 LUCI CQ, dmercadi...@chromium.org, v8-re...@googlegroups.com

Marja Hölttä voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Darius Mercadier (Gerrit)

unread,

Apr 2, 2026, 10:22:12 AM (4 days ago) Apr 2

to Marja Hölttä, V8 LUCI CQ, dmercadi...@chromium.org, v8-re...@googlegroups.com

Attention needed from Marja Hölttä

Darius Mercadier added 1 comment

File src/compiler/js-native-context-specialization.cc

Line 380, Patchset 7: (IsStringConstant(broker(), lhs) || IsStringConstant(broker(), rhs))) {

Darius Mercadier . resolved

Isn't that redundant? GetMaxStringLength above already checks this. This should probably be a DCHECK rather than part of the condition.
(and if it's not redundant, then it's plain wrong: should be `&&` instead of `||`)

Marja Hölttä

No, because GetMaxStringLength above also supports double constants. I think this branch is meant to execute when at least one is a string constant, but both don't need to be.
So this supports
"some string" + 123e4
and
1234e4 + "some string"

Darius Mercadier

Mmmh ok, so it's preventing `123e4 + 123e4`.... why though?

Open in Gerrit

Related details

Attention is currently required from:

Marja Hölttä

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Marja Hölttä (Gerrit)

unread,

Apr 2, 2026, 10:26:38 AM (4 days ago) Apr 2

to Darius Mercadier, V8 LUCI CQ, dmercadi...@chromium.org, v8-re...@googlegroups.com

Marja Hölttä added 1 comment

File src/compiler/js-native-context-specialization.cc

Line 380, Patchset 7: (IsStringConstant(broker(), lhs) || IsStringConstant(broker(), rhs))) {

Darius Mercadier . resolved

Isn't that redundant? GetMaxStringLength above already checks this. This should probably be a DCHECK rather than part of the condition.
(and if it's not redundant, then it's plain wrong: should be `&&` instead of `||`)

Marja Hölttä

No, because GetMaxStringLength above also supports double constants. I think this branch is meant to execute when at least one is a string constant, but both don't need to be.
So this supports
"some string" + 123e4
and
1234e4 + "some string"

Darius Mercadier

Mmmh ok, so it's preventing `123e4 + 123e4`.... why though?

Marja Hölttä

Because that's not a string concatenation but number addition, so this code won't apply

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Darius Mercadier (Gerrit)

unread,

Apr 2, 2026, 10:30:34 AM (4 days ago) Apr 2

to Marja Hölttä, V8 LUCI CQ, dmercadi...@chromium.org, v8-re...@googlegroups.com

Attention needed from Marja Hölttä

Darius Mercadier added 1 comment

File src/compiler/js-native-context-specialization.cc

Line 380, Patchset 7: (IsStringConstant(broker(), lhs) || IsStringConstant(broker(), rhs))) {

Darius Mercadier . resolved

Isn't that redundant? GetMaxStringLength above already checks this. This should probably be a DCHECK rather than part of the condition.
(and if it's not redundant, then it's plain wrong: should be `&&` instead of `||`)

Marja Hölttä

No, because GetMaxStringLength above also supports double constants. I think this branch is meant to execute when at least one is a string constant, but both don't need to be.
So this supports
"some string" + 123e4
and
1234e4 + "some string"

Darius Mercadier

Mmmh ok, so it's preventing `123e4 + 123e4`.... why though?

Marja Hölttä

Because that's not a string concatenation but number addition, so this code won't apply

Darius Mercadier

Ah yea my bad, I assumed that we were in ReduceStringConcat or something, but you're right, we're just in ReduceJSAdd so still not sure about whether we'll create a string or not. Ok all good, thanks :)

Open in Gerrit

Related details

Attention is currently required from:

Marja Hölttä

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

V8 LUCI CQ (Gerrit)

unread,

Apr 2, 2026, 10:49:26 AM (4 days ago) Apr 2

to Marja Hölttä, Darius Mercadier, dmercadi...@chromium.org, v8-re...@googlegroups.com

V8 LUCI CQ submitted the change

Change information

Commit message:

[globals] Fix creating too long strings

Our kMaxDoubleStringLength was wrong. E.g., the string representation of
-1.2345678901234567e-6 is -0.0000012345678901234567 which is 25
characters long.

Fixed: 498818400

Change-Id: I100dbaebf4f2c4884a15e58bd334337c3a2d3dee

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7722600

Reviewed-by: Darius Mercadier <dmerc...@chromium.org>

Commit-Queue: Marja Hölttä <ma...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#106252}

Files:

M src/common/globals.h
A test/mjsunit/compiler/regress-498818400.js

Change size: S

Delta: 2 files changed, 42 insertions(+), 3 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Darius Mercadier

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

[turbofan, globals] Fix creating too long strings [v8/v8 : main]

Marja Hölttä (Gerrit)

Marja Hölttä added 1 comment

Related details

Darius Mercadier (Gerrit)

Darius Mercadier added 3 comments

Related details

Marja Hölttä (Gerrit)

Marja Hölttä voted and added 4 comments

Votes added by Marja Hölttä

4 comments

Related details

Darius Mercadier (Gerrit)

Darius Mercadier voted and added 1 comment

Votes added by Darius Mercadier

1 comment

Related details

Marja Hölttä (Gerrit)

Marja Hölttä voted Commit-Queue+2

Related details

Darius Mercadier (Gerrit)

Darius Mercadier added 1 comment

Related details

Marja Hölttä (Gerrit)

Marja Hölttä added 1 comment

Related details

Darius Mercadier (Gerrit)

Darius Mercadier added 1 comment

Related details

V8 LUCI CQ (Gerrit)

V8 LUCI CQ submitted the change

Change information