[sandbox] Introduce ExposedTrustedObject::Unpublish [v8/v8 : main]
0 views
Skip to first unread message
Jakob Kummerow (Gerrit)
Feb 23, 2026, 11:27:28 AM (22 hours ago) Feb 23
to Jakob Kummerow, Samuel Groß, Thibaud Michaud, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com, was...@google.com
Attention needed from Samuel Groß
Jakob Kummerow voted and added 3 comments![]( "Open in Gerrit")
Votes added by Jakob Kummerow
| Auto-Submit | +1 |
| Commit-Queue | +1 |
3 comments
Patchset-level comments
File-level comment, Patchset 1 (Latest):
Jakob Kummerow . resolved
Samuel: as discussed, PTAL.
Thibaud: FYI, this could be useful for retired `WasmSuspenderObject`s.
File src/heap/factory.cc
Line 1966, Patchset 1 (Latest):
Tagged<WasmSuspenderObject> suspender =Jakob Kummerow . resolved
Drive-by fasterification: avoiding repeated handle derefs by working on the raw pointer at first.
File src/wasm/wasm-objects.cc
Line 2827, Patchset 1 (Parent):
old_table->set_protected_uses(
*isolate->factory()->empty_protected_weak_fixed_array());
for (uint32_t i = 0; i < old_length; ++i) {
// Note: We pass `kNewEntry` here since the offheap data was already moved
// to the new table and we do not want to update anything there.
DispatchTableClear(*old_table, i, WasmDispatchTable::kNewEntry);
}Jakob Kummerow . resolved
We _could_ keep all of this, but we don't need it any more if the entire object is inaccessible anyway. Efficiency++ 😊
Related details
Attention is currently required from:
- Samuel Groß
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Samuel Groß (Gerrit)
Feb 23, 2026, 11:33:43 AM (22 hours ago) Feb 23
to Jakob Kummerow, V8 LUCI CQ, Thibaud Michaud, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com, was...@google.com
Attention needed from Jakob Kummerow
Samuel Groß added 3 comments![]( "Open in Gerrit")
Patchset-level comments
Samuel Groß . resolved
Nice, thanks! One nit and a question but overall looks good!
File src/sandbox/trusted-pointer-table.h
Line 185, Patchset 1 (Latest):
// Undo earlier publishing, making the handle inaccessible.Samuel Groß . unresolved
Nit: maybe "entry" instead of "handle" to be consistent with the documentation for Publish.
File src/wasm/wasm-objects.cc
Line 2827, Patchset 1 (Parent):
old_table->set_protected_uses(
*isolate->factory()->empty_protected_weak_fixed_array());
for (uint32_t i = 0; i < old_length; ++i) {
// Note: We pass `kNewEntry` here since the offheap data was already moved
// to the new table and we do not want to update anything there.
DispatchTableClear(*old_table, i, WasmDispatchTable::kNewEntry);
}Jakob Kummerow . unresolved
We _could_ keep all of this, but we don't need it any more if the entire object is inaccessible anyway. Efficiency++ 😊
Samuel Groß
SG! Just to double-check, do we have a regression test for this scenario already?
Related details
Attention is currently required from:
- Jakob Kummerow
Submit Requirements:
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Jakob Kummerow (Gerrit)
Feb 23, 2026, 12:05:00 PM (21 hours ago) Feb 23
to Jakob Kummerow, V8 LUCI CQ, Samuel Groß, Thibaud Michaud, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com, was...@google.com
Attention needed from Samuel Groß
Jakob Kummerow voted and added 3 comments![]( "Open in Gerrit")
Votes added by Jakob Kummerow
| Auto-Submit | +1 |
| Commit-Queue | +1 |
3 comments
Patchset-level comments
File src/sandbox/trusted-pointer-table.h
Line 185, Patchset 1:
// Undo earlier publishing, making the handle inaccessible.Samuel Groß . resolved
Nit: maybe "entry" instead of "handle" to be consistent with the documentation for Publish.
Jakob Kummerow
Done
File src/wasm/wasm-objects.cc
Line 2827, Patchset 1 (Parent):
old_table->set_protected_uses(
*isolate->factory()->empty_protected_weak_fixed_array());
for (uint32_t i = 0; i < old_length; ++i) {
// Note: We pass `kNewEntry` here since the offheap data was already moved
// to the new table and we do not want to update anything there.
DispatchTableClear(*old_table, i, WasmDispatchTable::kNewEntry);
}Jakob Kummerow . resolved
Samuel GroßWe _could_ keep all of this, but we don't need it any more if the entire object is inaccessible anyway. Efficiency++ 😊
SG! Just to double-check, do we have a regression test for this scenario already?
Attention is currently required from:
- Samuel Groß
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Samuel Groß (Gerrit)
Feb 23, 2026, 12:13:08 PM (21 hours ago) Feb 23
to Jakob Kummerow, V8 LUCI CQ, Thibaud Michaud, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com, was...@google.com
Attention needed from Jakob Kummerow
Samuel Groß voted and added 1 comment![]( "Open in Gerrit")
Votes added by Samuel Groß
| Code-Review | +1 |
| Commit-Queue | +2 |
1 comment
Patchset-level comments
Attention is currently required from:
- Jakob Kummerow
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Jakob Kummerow (Gerrit)
5:35 AM (4 hours ago) 5:35 AM
to Jakob Kummerow, Samuel Groß, V8 LUCI CQ, Thibaud Michaud, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com, was...@google.com
Attention needed from Samuel Groß
Jakob Kummerow voted Commit-Queue+2![]( "Open in Gerrit")
Attention is currently required from:
- Samuel Groß
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
V8 LUCI CQ (Gerrit)
6:10 AM (3 hours ago) 6:10 AM
to Jakob Kummerow, Samuel Groß, Thibaud Michaud, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com, was...@google.com
V8 LUCI CQ submitted the change![]( "Open in Gerrit")
Change information
Commit message:
[sandbox] Introduce ExposedTrustedObject::Unpublish
which can be used to make objects inaccessible that are not supposed
to be used any more.
Change-Id: Iec19d80393dda225f279384c8cb6ff7ed446593a
Reviewed-by: Samuel Groß <sa...@chromium.org>
Commit-Queue: Jakob Kummerow <jkum...@chromium.org>
Auto-Submit: Jakob Kummerow <jkum...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#105406}
Files:
- M src/heap/factory.cc
- M src/objects/trusted-object-inl.h
- M src/objects/trusted-object.h
- M src/sandbox/trusted-pointer-table-inl.h
- M src/sandbox/trusted-pointer-table.h
- M src/wasm/wasm-objects.cc
Change size: S
Delta: 6 files changed, 37 insertions(+), 12 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Samuel Groß
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages