Michael Lippautz (Gerrit)

unread,

Sep 1, 2025, 7:26:30 AMSep 1

to Dominik Inführ, Leszek Swirski, AyeAye, V8 LUCI CQ, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

Attention needed from Dominik Inführ and Leszek Swirski

Michael Lippautz added 3 comments

Patchset-level comments

File-level comment, Patchset 14 (Latest):

Michael Lippautz . resolved

ptal

Leszek: Igor is out; I hope you can review this as well.

File src/common/globals.h

Line 493, Patchset 13:constexpr size_t kMinimumTrustedRangeSize = 512 * MB;

Michael Lippautz . unresolved

This is merely used in a DCHECK.

Line 484, Patchset 13:constexpr size_t kMinimumCodeRangeSize = 64 * MB;

Michael Lippautz . unresolved

I don't think there's any restrictions here to force us into using a 3-4MB code range?

Open in Gerrit

Related details

Attention is currently required from:

Dominik Inführ
Leszek Swirski

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Dominik Inführ (Gerrit)

unread,

Sep 1, 2025, 8:36:10 AMSep 1

to Michael Lippautz, Leszek Swirski, AyeAye, V8 LUCI CQ, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

Attention needed from Leszek Swirski and Michael Lippautz

Dominik Inführ added 5 comments

Patchset-level comments

File-level comment, Patchset 15 (Latest):

Dominik Inführ . resolved

Thanks, LGTM

File src/common/globals.h

Line 757, Patchset 15 (Latest):constexpr Address kContiguousReadOnlySpaceMask =

Dominik Inführ . unresolved

Nit: What I would also find helpful here is if you would give the bit/hex pattern for this variable with the e.g. 8MB defined in BUILD.gn.

Line 756, Patchset 15 (Latest):static_assert(base::bits::IsPowerOfTwo(kContiguousReadOnlyReservationSize));

Dominik Inführ . unresolved

Nit: I would add here an explanation that we need to carve out this region in all our 3 cages: trusted, code and main cage. Maybe also mention `HeapLayout::InReadOnlySpace()` why this is the case.

Line 752, Patchset 15 (Latest): V8_CONTIGUOUS_COMPRESSED_RO_SPACE_SIZE_MB * 1024 * 1024;

Dominik Inführ . unresolved

Nit: MB instead of 1024 * 1024?

Line 484, Patchset 13:constexpr size_t kMinimumCodeRangeSize = 64 * MB;

Michael Lippautz . unresolved

I don't think there's any restrictions here to force us into using a 3-4MB code range?

Dominik Inführ

I guess alternatively we could also use `kMinimumCodeRangeSize = (4 + V8_CONTIGUOUS_COMPRESSED_RO_SPACE_SIZE_MB) * MB`. This would keep the current minimum for uncompressed builds and would dynamically adapt when changing that variable as well.

Open in Gerrit

Related details

Attention is currently required from:

Leszek Swirski
Michael Lippautz

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Leszek Swirski (Gerrit)

unread,

Sep 1, 2025, 8:36:31 AMSep 1

to Michael Lippautz, Dominik Inführ, AyeAye, V8 LUCI CQ, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

Attention needed from Michael Lippautz

Leszek Swirski added 1 comment

File src/heap/code-range.cc

Line 245, Patchset 15 (Latest): if (page_allocator_->contains(cage_aligned_base)) {

Leszek Swirski . unresolved

I think you need to check both start and end of the reserved region, in case the allocator doesn't include the base but does include the end of the reservation:

```
base
  |--reserved--|  
           |----code space----|
```

Open in Gerrit

Related details

Attention is currently required from:

Michael Lippautz

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Dominik Inführ (Gerrit)

unread,

Sep 1, 2025, 8:38:30 AMSep 1

to Michael Lippautz, Leszek Swirski, AyeAye, V8 LUCI CQ, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

Attention needed from Michael Lippautz

Dominik Inführ voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Michael Lippautz

Submit Requirements:

Code-Owners
Code-Review

No-Unresolved-Comments

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Leszek Swirski (Gerrit)

unread,

Sep 1, 2025, 8:41:19 AMSep 1

to Michael Lippautz, Dominik Inführ, AyeAye, V8 LUCI CQ, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

Attention needed from Michael Lippautz

Leszek Swirski added 1 comment

File src/common/globals.h

Line 484, Patchset 13:constexpr size_t kMinimumCodeRangeSize = 64 * MB;

Michael Lippautz . unresolved

I don't think there's any restrictions here to force us into using a 3-4MB code range?

Dominik Inführ

I guess alternatively we could also use `kMinimumCodeRangeSize = (4 + V8_CONTIGUOUS_COMPRESSED_RO_SPACE_SIZE_MB) * MB`. This would keep the current minimum for uncompressed builds and would dynamically adapt when changing that variable as well.

Leszek Swirski

We anyway usually reserve a bigger space than this so it's ok I think. Maybe non-chromium embedders will complain, in which case we may want this conditional on V8_CONTIGUOUS_COMPRESSED_RO_SPACE

Open in Gerrit

Related details

Attention is currently required from:

Michael Lippautz

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Michael Lippautz (Gerrit)

unread,

Sep 1, 2025, 10:27:39 AMSep 1

to Dominik Inführ, Leszek Swirski, AyeAye, V8 LUCI CQ, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

Attention needed from Leszek Swirski

Michael Lippautz voted and added 6 comments

Votes added by Michael Lippautz

Commit-Queue

+1

6 comments

File src/common/globals.h

Line 757, Patchset 15:constexpr Address kContiguousReadOnlySpaceMask =

Dominik Inführ . resolved

Nit: What I would also find helpful here is if you would give the bit/hex pattern for this variable with the e.g. 8MB defined in BUILD.gn.

Michael Lippautz

Done

Line 756, Patchset 15:static_assert(base::bits::IsPowerOfTwo(kContiguousReadOnlyReservationSize));

Dominik Inführ . resolved

Nit: I would add here an explanation that we need to carve out this region in all our 3 cages: trusted, code and main cage. Maybe also mention `HeapLayout::InReadOnlySpace()` why this is the case.

Michael Lippautz

Done

Line 752, Patchset 15: V8_CONTIGUOUS_COMPRESSED_RO_SPACE_SIZE_MB * 1024 * 1024;

Dominik Inführ . resolved

Nit: MB instead of 1024 * 1024?

Michael Lippautz

Done

Line 493, Patchset 13:constexpr size_t kMinimumTrustedRangeSize = 512 * MB;

Michael Lippautz . resolved

This is merely used in a DCHECK.

Michael Lippautz

Resolving

Line 484, Patchset 13:constexpr size_t kMinimumCodeRangeSize = 64 * MB;

Michael Lippautz . resolved

I don't think there's any restrictions here to force us into using a 3-4MB code range?

Dominik Inführ

I guess alternatively we could also use `kMinimumCodeRangeSize = (4 + V8_CONTIGUOUS_COMPRESSED_RO_SPACE_SIZE_MB) * MB`. This would keep the current minimum for uncompressed builds and would dynamically adapt when changing that variable as well.

Leszek Swirski

We anyway usually reserve a bigger space than this so it's ok I think. Maybe non-chromium embedders will complain, in which case we may want this conditional on V8_CONTIGUOUS_COMPRESSED_RO_SPACE

Michael Lippautz

Keeping this one static for now so that non-Chromium embedders will see the error and have a choice.

File src/heap/code-range.cc

Line 245, Patchset 15: if (page_allocator_->contains(cage_aligned_base)) {

Leszek Swirski . resolved

I think you need to check both start and end of the reserved region, in case the allocator doesn't include the base but does include the end of the reservation:
```
base
  |--reserved--|  
           |----code space----|
```

Michael Lippautz

Done, that was completetly off.

Open in Gerrit

Related details

Attention is currently required from:

Leszek Swirski

Submit Requirements:

Code-Owners
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Leszek Swirski (Gerrit)

unread,

Sep 1, 2025, 10:31:25 AMSep 1

to Michael Lippautz, Dominik Inführ, AyeAye, V8 LUCI CQ, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

Attention needed from Michael Lippautz

Leszek Swirski voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Michael Lippautz

Submit Requirements:

Code-Owners
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Michael Lippautz (Gerrit)

unread,

Sep 1, 2025, 11:20:36 AMSep 1

to Leszek Swirski, Dominik Inführ, AyeAye, V8 LUCI CQ, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

Michael Lippautz voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

V8 LUCI CQ (Gerrit)

unread,

Sep 1, 2025, 11:22:04 AMSep 1

to Michael Lippautz, Leszek Swirski, Dominik Inführ, AyeAye, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

V8 LUCI CQ submitted the change with unreviewed changes

Unreviewed changes

16 is the latest approved patch-set.
The change was submitted with unreviewed changes in the following files:

```
The name of the file: src/common/globals.h
Insertions: 0, Deletions: 1.

@@ -772,7 +772,6 @@
 constexpr Address kContiguousReadOnlySpaceMask =
     (kPtrComprCageBaseAlignment - 1) ^ (kContiguousReadOnlyReservationSize - 1);
 // Bound the worst case consumption of contiguous RO space across the various
-constexpr Address a = kContiguousReadOnlyReservationSize - 1;
 // cages/regions.
 static_assert(kMinimumTrustedRangeSize >= 512 * MB);
 static_assert(!kPlatformRequiresCodeRange || kMinimumCodeRangeSize >= 64 * MB);
```
```
The name of the file: src/heap/code-range.cc
Insertions: 4, Deletions: 1.

@@ -250,7 +250,10 @@
   //
   //        |-- No objects must be allocated here --|
   //        ^ data_cage_ro_start                    ^ data_cage_ro_end
-  //
+
+  // The checks below only work when the code range is not fully contained
+  // within the aligned region.
+  CHECK_GE(size(), kMinimumCodeRangeSize);
   const Address data_cage_ro_start = base() % kPtrComprCageBaseAlignment;
   const Address data_cage_ro_end =
       base() % kPtrComprCageBaseAlignment + kContiguousReadOnlyReservationSize;
```

Change information

Commit message:

[heap] Funnel read-only allocations into read-only region

For configuration that use pointer compression and relies on a shared
single data cage, which is the default in Chrome on 64-bit,  this CL
carves out an explicit contiguous memory region for read-only pages.

Additionally, we also make sure that the same region is not used by
the TrustedRange and CodeRange.  As a consequence we can check for
read-only objects by merely inspecting the object's address.

The change here does not remove the page flag yet but merely rewire
the allocations and use the condition in a DCHECK.

In a follow up this property can be used for:
- Checking for RO objects locally which is faster than checking page
  flags. It can also be combined with a partial Smi check (when we
  know that we are dealing with non-InstructionStream slots).
- Moving the RO page bit away from MemoryChunk.

A side effect is that this also filters out (more) small offsets for
conservative stack scanning as the contiguous region is larger than
the current static roots.

Change-Id: I3888c74a5d555cd78b81b5cf7c9f408edeac6053

Bug: 429538831

Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6897249

Reviewed-by: Leszek Swirski <les...@chromium.org>

Reviewed-by: Dominik Inführ <dinf...@chromium.org>

Commit-Queue: Michael Lippautz <mlip...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#102168}

Files:

M BUILD.gn
M gni/v8.gni
M src/common/globals.h
M src/heap/code-range.cc
M src/heap/heap-layout-inl.h
M src/heap/memory-allocator.cc
M src/heap/memory-allocator.h
M src/heap/read-only-spaces.cc
M src/heap/trusted-range.cc
M src/init/isolate-group.cc
M src/init/isolate-group.h

Change size: M

Delta: 11 files changed, 155 insertions(+), 16 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Leszek Swirski, +1 by Dominik Inführ

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Michael Achenbach (Gerrit)

unread,

Sep 1, 2025, 11:59:32 AMSep 1

to V8 LUCI CQ, Michael Lippautz, Leszek Swirski, Dominik Inführ, AyeAye, Hannes Payer, victorgo...@chromium.org, mlippau...@chromium.org, v8-re...@googlegroups.com

Michael Achenbach has created a revert of this change

Open original change

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Reply all

Reply to author

Forward

[heap] Funnel read-only allocations into read-only region [v8/v8 : main]

Michael Lippautz (Gerrit)

Michael Lippautz added 3 comments

Related details

Dominik Inführ (Gerrit)

Dominik Inführ added 5 comments

Related details

Leszek Swirski (Gerrit)

Leszek Swirski added 1 comment

Related details

Dominik Inführ (Gerrit)

Dominik Inführ voted Code-Review+1

Related details

Leszek Swirski (Gerrit)

Leszek Swirski added 1 comment

Related details

Michael Lippautz (Gerrit)

Michael Lippautz voted and added 6 comments

Votes added by Michael Lippautz

6 comments

Related details

Leszek Swirski (Gerrit)

Leszek Swirski voted Code-Review+1

Related details

Michael Lippautz (Gerrit)

Michael Lippautz voted Commit-Queue+2

Related details

V8 LUCI CQ (Gerrit)

V8 LUCI CQ submitted the change with unreviewed changes

Unreviewed changes

Change information

Michael Achenbach (Gerrit)

Michael Achenbach has created a revert of this change

Related details