[sandbox] Recover fast-path offset performance in ToDirectStringAssembler [v8/v8 : main]

0 views
Skip to first unread message

Samuel Groß (Gerrit)

unread,
Jun 9, 2026, 9:43:42 AM (2 days ago) Jun 9
to Michael Lippautz, Maksim Ivanov, v8-s...@luci-project-accounts.iam.gserviceaccount.com, v8-re...@googlegroups.com
Attention needed from Michael Lippautz

New activity on the change

Open in Gerrit

Related details

Attention is currently required from:
  • Michael Lippautz
Submit Requirements:
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I49f5dbf69409474b815686202008df8bfed42e29
Gerrit-Change-Number: 7910748
Gerrit-PatchSet: 2
Gerrit-Owner: Samuel Groß <sa...@chromium.org>
Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
Gerrit-Reviewer: Samuel Groß <sa...@chromium.org>
Gerrit-CC: Maksim Ivanov <em...@google.com>
Gerrit-Attention: Michael Lippautz <mlip...@chromium.org>
Gerrit-Comment-Date: Tue, 09 Jun 2026 13:43:38 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
unsatisfied_requirement
open
diffy

Maksim Ivanov (Gerrit)

unread,
Jun 9, 2026, 10:00:49 AM (2 days ago) Jun 9
to Samuel Groß, Michael Lippautz, v8-s...@luci-project-accounts.iam.gserviceaccount.com, v8-re...@googlegroups.com
Attention needed from Michael Lippautz

Maksim Ivanov voted and added 1 comment

Votes added by Maksim Ivanov

Code-Review+1

1 comment

Patchset-level comments
File-level comment, Patchset 2 (Latest):
Maksim Ivanov . resolved

thanks for following up on the regression!

Open in Gerrit

Related details

Attention is currently required from:
  • Michael Lippautz
Submit Requirements:
    • requirement is not satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: v8/v8
    Gerrit-Branch: main
    Gerrit-Change-Id: I49f5dbf69409474b815686202008df8bfed42e29
    Gerrit-Change-Number: 7910748
    Gerrit-PatchSet: 2
    Gerrit-Owner: Samuel Groß <sa...@chromium.org>
    Gerrit-Reviewer: Maksim Ivanov <em...@google.com>
    Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
    Gerrit-Reviewer: Samuel Groß <sa...@chromium.org>
    Gerrit-Comment-Date: Tue, 09 Jun 2026 14:00:45 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    unsatisfied_requirement
    satisfied_requirement
    open
    diffy

    Michael Lippautz (Gerrit)

    unread,
    Jun 9, 2026, 10:41:54 AM (2 days ago) Jun 9
    to Samuel Groß, Maksim Ivanov, v8-s...@luci-project-accounts.iam.gserviceaccount.com, v8-re...@googlegroups.com
    Attention needed from Samuel Groß

    Michael Lippautz voted Code-Review+1

    Code-Review+1
    Open in Gerrit

    Related details

    Attention is currently required from:
    • Samuel Groß
    Submit Requirements:
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: v8/v8
    Gerrit-Branch: main
    Gerrit-Change-Id: I49f5dbf69409474b815686202008df8bfed42e29
    Gerrit-Change-Number: 7910748
    Gerrit-PatchSet: 2
    Gerrit-Owner: Samuel Groß <sa...@chromium.org>
    Gerrit-Reviewer: Maksim Ivanov <em...@google.com>
    Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
    Gerrit-Reviewer: Samuel Groß <sa...@chromium.org>
    Gerrit-Attention: Samuel Groß <sa...@chromium.org>
    Gerrit-Comment-Date: Tue, 09 Jun 2026 14:41:50 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    open
    diffy

    Samuel Groß (Gerrit)

    unread,
    Jun 10, 2026, 4:27:15 AM (yesterday) Jun 10
    to Michael Lippautz, Maksim Ivanov, v8-s...@luci-project-accounts.iam.gserviceaccount.com, v8-re...@googlegroups.com

    Samuel Groß voted Commit-Queue+2

    Commit-Queue+2
    Open in Gerrit

    Related details

    Attention set is empty
    Submit Requirements:
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: v8/v8
    Gerrit-Branch: main
    Gerrit-Change-Id: I49f5dbf69409474b815686202008df8bfed42e29
    Gerrit-Change-Number: 7910748
    Gerrit-PatchSet: 2
    Gerrit-Owner: Samuel Groß <sa...@chromium.org>
    Gerrit-Reviewer: Maksim Ivanov <em...@google.com>
    Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
    Gerrit-Reviewer: Samuel Groß <sa...@chromium.org>
    Gerrit-Comment-Date: Wed, 10 Jun 2026 08:27:11 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    open
    diffy

    v8-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)

    unread,
    Jun 10, 2026, 5:01:29 AM (24 hours ago) Jun 10
    to Samuel Groß, Michael Lippautz, Maksim Ivanov, v8-re...@googlegroups.com

    v8-s...@luci-project-accounts.iam.gserviceaccount.com submitted the change

    Change information

    Commit message:
    [sandbox] Recover fast-path offset performance in ToDirectStringAssembler

    crrev.com/c/7900075 introduced 32-bit offset accumulation in
    ToDirectStringAssembler to prevent out-of-sandbox reads via sliced
    string chains. However, changing var_offset_ to a 32-bit Int32T forced
    CodeStubAssembler and optimized code to create a 32-bit loop Phi.
    Consequently, even on the hot fast-path for flat strings, calling
    offset() introduced a 32-bit to 64-bit zero-extension inside hot inner
    loops (e.g. StringCharCodeAt), causing a JetStream2 regression.

    This CL restores var_offset_ to a 64-bit IntPtrT while maintaining
    32-bit wrapping arithmetic on the sliced string slow-path. On the
    fast-path (flat strings), var_offset_ remains a clean 64-bit zero
    constant or native 64-bit Phi with no conversion overhead. On the
    slow-path, 32-bit wrapping addition limits accumulated offsets to
    4 GB before zero-extending back to IntPtrT.

    TAG=agy
    CONV=4c4055d1-3009-41e9-98f5-c10ca2d24ecf
    Bug: 521657359
    Change-Id: I49f5dbf69409474b815686202008df8bfed42e29
    Reviewed-by: Maksim Ivanov <em...@google.com>
    Reviewed-by: Michael Lippautz <mlip...@chromium.org>
    Commit-Queue: Samuel Groß <sa...@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#107876}
    Files:
    • M src/codegen/code-stub-assembler.cc
    • M src/codegen/code-stub-assembler.h
    Change size: S
    Delta: 2 files changed, 8 insertions(+), 6 deletions(-)
    Branch: refs/heads/main
    Submit Requirements:
    • requirement satisfiedCode-Review: +1 by Michael Lippautz, +1 by Maksim Ivanov
    Open in Gerrit
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: merged
    Gerrit-Project: v8/v8
    Gerrit-Branch: main
    Gerrit-Change-Id: I49f5dbf69409474b815686202008df8bfed42e29
    Gerrit-Change-Number: 7910748
    Gerrit-PatchSet: 3
    Gerrit-Owner: Samuel Groß <sa...@chromium.org>
    Gerrit-Reviewer: Maksim Ivanov <em...@google.com>
    Gerrit-Reviewer: Michael Lippautz <mlip...@chromium.org>
    Gerrit-Reviewer: Samuel Groß <sa...@chromium.org>
    open
    diffy
    satisfied_requirement
    Reply all
    Reply to author
    Forward
    0 new messages