Victor Gomes (Gerrit)

unread,

Nov 26, 2025, 9:15:05 AMNov 26

to Marja Hölttä, leszek...@chromium.org, v8-re...@googlegroups.com, verwaes...@chromium.org, victorgo...@chromium.org

Attention needed from Marja Hölttä

Victor Gomes voted and added 1 comment

Votes added by Victor Gomes

Auto-Submit	+1
Commit-Queue	+1

1 comment

Patchset-level comments

File-level comment, Patchset 3 (Latest):

Victor Gomes . resolved

PTAL!

Open in Gerrit

Related details

Attention is currently required from:

Marja Hölttä

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Marja Hölttä (Gerrit)

unread,

Nov 27, 2025, 3:07:38 AMNov 27

to Victor Gomes, V8 LUCI CQ, leszek...@chromium.org, v8-re...@googlegroups.com, verwaes...@chromium.org, victorgo...@chromium.org

Attention needed from Victor Gomes

Marja Hölttä voted and added 3 comments

Votes added by Marja Hölttä

Code-Review

+1

3 comments

Patchset-level comments

File-level comment, Patchset 3 (Latest):

Marja Hölttä . resolved

lgtm

File src/maglev/maglev-ir.h

Line 717, Patchset 3 (Latest): case Opcode::kLoadFixedArrayElement:

Marja Hölttä . unresolved

Should kLoadHoleyFixedDoubleArrayElement be here, too?

Line 711, Patchset 3 (Latest): switch (opcode) {

Marja Hölttä . unresolved

I'm already seeing somebody forgetting to update this list! Is there anything we can do to make this more robust and/or make fuzzers catch problems faster? I guess there's no central bottleneck where we could check that if a ValueNode* is the hole, then its opcode must be one of these? Is there anything else we can do to force people adding new opcodes remember this? (Aside from removing the default branch and adding all opcodes explicitly, which is... maybe overkill?)

Open in Gerrit

Related details

Attention is currently required from:

Victor Gomes

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Victor Gomes (Gerrit)

unread,

Nov 27, 2025, 7:20:57 AMNov 27

to Marja Hölttä, V8 LUCI CQ, leszek...@chromium.org, v8-re...@googlegroups.com, verwaes...@chromium.org, victorgo...@chromium.org

Victor Gomes voted and added 3 comments

Votes added by Victor Gomes

Auto-Submit	+1
Commit-Queue	+2

3 comments

Patchset-level comments

File-level comment, Patchset 4 (Latest):

Victor Gomes . resolved

Thanks!

File src/maglev/maglev-ir.h

Line 717, Patchset 3: case Opcode::kLoadFixedArrayElement:

Marja Hölttä . resolved

Should kLoadHoleyFixedDoubleArrayElement be here, too?

Victor Gomes

No, holey doubles are not a proper hole. They are treated as undefined.

Line 711, Patchset 3: switch (opcode) {

Marja Hölttä . resolved

I'm already seeing somebody forgetting to update this list! Is there anything we can do to make this more robust and/or make fuzzers catch problems faster? I guess there's no central bottleneck where we could check that if a ValueNode* is the hole, then its opcode must be one of these? Is there anything else we can do to force people adding new opcodes remember this? (Aside from removing the default branch and adding all opcodes explicitly, which is... maybe overkill?)

Victor Gomes

Yes, I don't actually know. If you have a better idea, I'm all ears.

I think removing the default branch is indeed overkill.

I thought about adding a property OpProperties::CanBeTheHole(), but the problem kind of remains.

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review

Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Marja Hölttä (Gerrit)

unread,

Nov 27, 2025, 7:26:12 AMNov 27

to Victor Gomes, V8 LUCI CQ, leszek...@chromium.org, v8-re...@googlegroups.com, verwaes...@chromium.org, victorgo...@chromium.org

Attention needed from Victor Gomes

Marja Hölttä voted and added 1 comment

Votes added by Marja Hölttä

Code-Review

+1

1 comment

File src/maglev/maglev-ir.h

Line 711, Patchset 3: switch (opcode) {

Marja Hölttä . resolved

I'm already seeing somebody forgetting to update this list! Is there anything we can do to make this more robust and/or make fuzzers catch problems faster? I guess there's no central bottleneck where we could check that if a ValueNode* is the hole, then its opcode must be one of these? Is there anything else we can do to force people adding new opcodes remember this? (Aside from removing the default branch and adding all opcodes explicitly, which is... maybe overkill?)

Victor Gomes

Yes, I don't actually know. If you have a better idea, I'm all ears.
I think removing the default branch is indeed overkill.
I thought about adding a property OpProperties::CanBeTheHole(), but the problem kind of remains.

Marja Hölttä

(For a follow-up)

Could add the properties CanBeTheHole and CannotBeTheHole and require that exactly one is set?

Open in Gerrit

Related details

Attention is currently required from:

Victor Gomes

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Victor Gomes (Gerrit)

unread,

Nov 27, 2025, 7:27:23 AMNov 27

to Marja Hölttä, V8 LUCI CQ, leszek...@chromium.org, v8-re...@googlegroups.com, verwaes...@chromium.org, victorgo...@chromium.org

Victor Gomes added 1 comment

File src/maglev/maglev-ir.h

Line 711, Patchset 3: switch (opcode) {

Marja Hölttä . resolved

I'm already seeing somebody forgetting to update this list! Is there anything we can do to make this more robust and/or make fuzzers catch problems faster? I guess there's no central bottleneck where we could check that if a ValueNode* is the hole, then its opcode must be one of these? Is there anything else we can do to force people adding new opcodes remember this? (Aside from removing the default branch and adding all opcodes explicitly, which is... maybe overkill?)

Victor Gomes

Yes, I don't actually know. If you have a better idea, I'm all ears.
I think removing the default branch is indeed overkill.
I thought about adding a property OpProperties::CanBeTheHole(), but the problem kind of remains.

Marja Hölttä

(For a follow-up)
Could add the properties CanBeTheHole and CannotBeTheHole and require that exactly one is set?

Victor Gomes

That's not a bad idea... 👍

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Leszek Swirski (Gerrit)

unread,

Nov 27, 2025, 7:27:30 AMNov 27

to Victor Gomes, Marja Hölttä, V8 LUCI CQ, leszek...@chromium.org, v8-re...@googlegroups.com, verwaes...@chromium.org, victorgo...@chromium.org

Leszek Swirski added 1 comment

File src/maglev/maglev-ir.h

Line 711, Patchset 3: switch (opcode) {

Marja Hölttä . resolved

I'm already seeing somebody forgetting to update this list! Is there anything we can do to make this more robust and/or make fuzzers catch problems faster? I guess there's no central bottleneck where we could check that if a ValueNode* is the hole, then its opcode must be one of these? Is there anything else we can do to force people adding new opcodes remember this? (Aside from removing the default branch and adding all opcodes explicitly, which is... maybe overkill?)

Victor Gomes

Yes, I don't actually know. If you have a better idea, I'm all ears.
I think removing the default branch is indeed overkill.
I thought about adding a property OpProperties::CanBeTheHole(), but the problem kind of remains.

Marja Hölttä

(For a follow-up)
Could add the properties CanBeTheHole and CannotBeTheHole and require that exactly one is set?

Leszek Swirski

Maybe we can also emit some debug-code verification for the node's result in codegen

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

V8 LUCI CQ (Gerrit)

unread,

Nov 27, 2025, 7:57:39 AMNov 27

to Victor Gomes, Leszek Swirski, Marja Hölttä, leszek...@chromium.org, v8-re...@googlegroups.com, verwaes...@chromium.org, victorgo...@chromium.org

V8 LUCI CQ submitted the change

Change information

Commit message:

[maglev] Better hole static check elimination

Bug: 431933185

Change-Id: I7e3d70193d0bcd77e791c066c36276c0bf920a49

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7207566

Auto-Submit: Victor Gomes <victo...@chromium.org>

Reviewed-by: Marja Hölttä <ma...@chromium.org>

Commit-Queue: Victor Gomes <victo...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#104002}

Files:

M src/maglev/maglev-graph-builder.cc
M src/maglev/maglev-graph-optimizer.cc
M src/maglev/maglev-graph-optimizer.h
M src/maglev/maglev-ir.cc
M src/maglev/maglev-ir.h

Change size: L

Delta: 5 files changed, 158 insertions(+), 103 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Marja Hölttä

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Darius Mercadier (Gerrit)

unread,

Dec 15, 2025, 7:50:47 AM (22 hours ago) Dec 15

to V8 LUCI CQ, Victor Gomes, Leszek Swirski, Marja Hölttä, leszek...@chromium.org, v8-re...@googlegroups.com, verwaes...@chromium.org, victorgo...@chromium.org

Attention needed from Victor Gomes

Darius Mercadier added 1 comment

File src/maglev/maglev-graph-builder.cc

Line 16102, Patchset 5 (Parent):

  // Avoid the check if {value} has an alternative whose representation doesn't
  // allow the hole.
  if (const NodeInfo* info = known_node_aspects().TryGetInfoFor(value)) {
    auto& alt = info->alternative();
    if (alt.int32() || alt.truncated_int32_to_number() || alt.float64()) {
      return ReduceResult::Done();
    }
  }

Darius Mercadier . unresolved

Removing this seems like a regression, or am I missing something?

Open in Gerrit

Related details

Attention is currently required from:

Victor Gomes

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Reply all

Reply to author

Forward

[maglev] Better hole static check elimination [v8/v8 : main]

Victor Gomes (Gerrit)

Victor Gomes voted and added 1 comment

Votes added by Victor Gomes

1 comment

Related details

Marja Hölttä (Gerrit)

Marja Hölttä voted and added 3 comments

Votes added by Marja Hölttä

3 comments

Related details

Victor Gomes (Gerrit)

Victor Gomes voted and added 3 comments

Votes added by Victor Gomes

3 comments

Related details

Marja Hölttä (Gerrit)

Marja Hölttä voted and added 1 comment

Votes added by Marja Hölttä

1 comment

Related details

Victor Gomes (Gerrit)

Victor Gomes added 1 comment

Related details

Leszek Swirski (Gerrit)

Leszek Swirski added 1 comment

Related details

V8 LUCI CQ (Gerrit)

V8 LUCI CQ submitted the change

Change information

Darius Mercadier (Gerrit)

Darius Mercadier added 1 comment

Related details