[test] Expose %ShareObject() for fuzzing [v8/v8 : main]

0 views
Skip to first unread message

Matthias Liedtke (Gerrit)

unread,
Oct 22, 2025, 5:28:45 AM (yesterday) Oct 22
to Patrick Thier, Pawel Krawczyk, V8 LUCI CQ, v8-re...@googlegroups.com
Attention needed from Patrick Thier

Matthias Liedtke added 1 comment

Patchset-level comments
File-level comment, Patchset 1 (Latest):
Matthias Liedtke . resolved

@pth...@chromium.org: PTAL. Are there any known issues left where shared-strings are an issue without shared-string-table?
@paw...@google.com: FYI. Creating shared objects via Wasm is complicated, creating shared JS objects (e.g. `HeapNumber`) via Wasm and passing them back to JS is even more complicated, so this will be a shortcut to start getting some basic coverage for the shared heap. I'll also prepare a Fuzzilli change for this once it has landed. This isn't directly related to the fuzzing of shared-everything-threads which will also cover all the Wasm bits and pieces.

Open in Gerrit

Related details

Attention is currently required from:
  • Patrick Thier
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: If84fd7f19606db775a5ec9c053f4af0a7d5888f8
Gerrit-Change-Number: 7072431
Gerrit-PatchSet: 1
Gerrit-Owner: Matthias Liedtke <mlie...@chromium.org>
Gerrit-Reviewer: Matthias Liedtke <mlie...@chromium.org>
Gerrit-Reviewer: Patrick Thier <pth...@chromium.org>
Gerrit-CC: Pawel Krawczyk <paw...@google.com>
Gerrit-Attention: Patrick Thier <pth...@chromium.org>
Gerrit-Comment-Date: Wed, 22 Oct 2025 09:28:40 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Matthias Liedtke (Gerrit)

unread,
Oct 22, 2025, 7:48:37 AM (yesterday) Oct 22
to Patrick Thier, Pawel Krawczyk, V8 LUCI CQ, v8-re...@googlegroups.com
Attention needed from Patrick Thier

Matthias Liedtke voted and added 1 comment

Votes added by Matthias Liedtke

Auto-Submit+1
Commit-Queue+1

1 comment

Commit Message
Line 7, Patchset 2 (Latest):[test] Expose %ShareObject() for fuzzing
Matthias Liedtke . unresolved

Fuzzilli-side change: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8695756
I've had 2 instances running for 1 hour each and so far they haven't run into any issues with `--shared-heap` enabled.

Open in Gerrit

Related details

Attention is currently required from:
  • Patrick Thier
Submit Requirements:
    • requirement satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: v8/v8
    Gerrit-Branch: main
    Gerrit-Change-Id: If84fd7f19606db775a5ec9c053f4af0a7d5888f8
    Gerrit-Change-Number: 7072431
    Gerrit-PatchSet: 2
    Gerrit-Owner: Matthias Liedtke <mlie...@chromium.org>
    Gerrit-Reviewer: Matthias Liedtke <mlie...@chromium.org>
    Gerrit-Reviewer: Patrick Thier <pth...@chromium.org>
    Gerrit-CC: Pawel Krawczyk <paw...@google.com>
    Gerrit-Attention: Patrick Thier <pth...@chromium.org>
    Gerrit-Comment-Date: Wed, 22 Oct 2025 11:48:32 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Patrick Thier (Gerrit)

    unread,
    4:55 AM (7 hours ago) 4:55 AM
    to Matthias Liedtke, Pawel Krawczyk, V8 LUCI CQ, v8-re...@googlegroups.com
    Attention needed from Matthias Liedtke

    Patrick Thier added 1 comment

    Patchset-level comments
    File-level comment, Patchset 2 (Latest):
    Patrick Thier . resolved

    If we want to expose sharing objects to the fuzzer, but only require `--shared-heap`, we should check if `--shared-strings` is enabled in `Object::Share()` if we attempt to share a string (oterhwise we will hit check failures all around).

    Are there any known issues left where shared-strings are an issue without shared-string-table?

    No *known* issues.

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Matthias Liedtke
    Submit Requirements:
    • requirement satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: v8/v8
    Gerrit-Branch: main
    Gerrit-Change-Id: If84fd7f19606db775a5ec9c053f4af0a7d5888f8
    Gerrit-Change-Number: 7072431
    Gerrit-PatchSet: 2
    Gerrit-Owner: Matthias Liedtke <mlie...@chromium.org>
    Gerrit-Reviewer: Matthias Liedtke <mlie...@chromium.org>
    Gerrit-Reviewer: Patrick Thier <pth...@chromium.org>
    Gerrit-CC: Pawel Krawczyk <paw...@google.com>
    Gerrit-Attention: Matthias Liedtke <mlie...@chromium.org>
    Gerrit-Comment-Date: Thu, 23 Oct 2025 08:55:45 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Matthias Liedtke (Gerrit)

    unread,
    5:58 AM (6 hours ago) 5:58 AM
    to Patrick Thier, Pawel Krawczyk, V8 LUCI CQ, v8-re...@googlegroups.com
    Attention needed from Patrick Thier

    Matthias Liedtke voted and added 1 comment

    Votes added by Matthias Liedtke

    Auto-Submit+1
    Commit-Queue+1

    1 comment

    Patchset-level comments
    Patrick Thier . resolved

    If we want to expose sharing objects to the fuzzer, but only require `--shared-heap`, we should check if `--shared-strings` is enabled in `Object::Share()` if we attempt to share a string (oterhwise we will hit check failures all around).

    Are there any known issues left where shared-strings are an issue without shared-string-table?

    No *known* issues.

    Matthias Liedtke

    Ah, yeah, I guess I'll just bake the assumption into the native function? IIUC using only `--shared-heap` is kind of an uninteresting configuration and my Fuzzilli change will always set either `--shared-strings` or `--shared-string-table` whenever it sets `--shared-heap`. (I don't think we care much about `--shared-string-table` right now but that's already being fuzzed by Fuzzilli, so I don't see a reason to reduce the coverage there.)

    No *known* issues.

    That's what the fuzzing is for. 😊

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Patrick Thier
    Submit Requirements:
    • requirement satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: v8/v8
    Gerrit-Branch: main
    Gerrit-Change-Id: If84fd7f19606db775a5ec9c053f4af0a7d5888f8
    Gerrit-Change-Number: 7072431
    Gerrit-PatchSet: 3
    Gerrit-Owner: Matthias Liedtke <mlie...@chromium.org>
    Gerrit-Reviewer: Matthias Liedtke <mlie...@chromium.org>
    Gerrit-Reviewer: Patrick Thier <pth...@chromium.org>
    Gerrit-CC: Pawel Krawczyk <paw...@google.com>
    Gerrit-Attention: Patrick Thier <pth...@chromium.org>
    Gerrit-Comment-Date: Thu, 23 Oct 2025 09:58:27 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    Comment-In-Reply-To: Patrick Thier <pth...@chromium.org>
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Matthias Liedtke (Gerrit)

    unread,
    6:23 AM (5 hours ago) 6:23 AM
    to Patrick Thier, Pawel Krawczyk, V8 LUCI CQ, v8-re...@googlegroups.com
    Attention needed from Patrick Thier

    Matthias Liedtke added 1 comment

    Commit Message
    Line 7, Patchset 2:[test] Expose %ShareObject() for fuzzing
    Matthias Liedtke . resolved

    Fuzzilli-side change: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8695756
    I've had 2 instances running for 1 hour each and so far they haven't run into any issues with `--shared-heap` enabled.

    Matthias Liedtke

    Resolving.

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Patrick Thier
    Submit Requirements:
      • requirement satisfiedCode-Owners
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: v8/v8
      Gerrit-Branch: main
      Gerrit-Change-Id: If84fd7f19606db775a5ec9c053f4af0a7d5888f8
      Gerrit-Change-Number: 7072431
      Gerrit-PatchSet: 3
      Gerrit-Owner: Matthias Liedtke <mlie...@chromium.org>
      Gerrit-Reviewer: Matthias Liedtke <mlie...@chromium.org>
      Gerrit-Reviewer: Patrick Thier <pth...@chromium.org>
      Gerrit-CC: Pawel Krawczyk <paw...@google.com>
      Gerrit-Attention: Patrick Thier <pth...@chromium.org>
      Gerrit-Comment-Date: Thu, 23 Oct 2025 10:23:17 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: No
      Comment-In-Reply-To: Matthias Liedtke <mlie...@chromium.org>
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Patrick Thier (Gerrit)

      unread,
      6:56 AM (5 hours ago) 6:56 AM
      to Matthias Liedtke, Pawel Krawczyk, V8 LUCI CQ, v8-re...@googlegroups.com
      Attention needed from Matthias Liedtke

      Patrick Thier voted and added 2 comments

      Votes added by Patrick Thier

      Code-Review+1

      2 comments

      Patchset-level comments
      File-level comment, Patchset 3 (Latest):
      Patrick Thier . resolved

      Thanks, LGTM

      File src/runtime/runtime-test.cc
      Line 2128, Patchset 3 (Latest): CHECK_UNLESS_FUZZING(v8_flags.shared_string_table || v8_flags.shared_strings);
      Patrick Thier . unresolved

      nit: `shared_string_table` will always imply `shared_strings`, as `shared_strings` is a requirement for `shared_string_table`, so checking for only `shared_strings` here would be enough.

      Open in Gerrit

      Related details

      Attention is currently required from:
      • Matthias Liedtke
      Submit Requirements:
      • requirement satisfiedCode-Owners
      • requirement satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: v8/v8
      Gerrit-Branch: main
      Gerrit-Change-Id: If84fd7f19606db775a5ec9c053f4af0a7d5888f8
      Gerrit-Change-Number: 7072431
      Gerrit-PatchSet: 3
      Gerrit-Owner: Matthias Liedtke <mlie...@chromium.org>
      Gerrit-Reviewer: Matthias Liedtke <mlie...@chromium.org>
      Gerrit-Reviewer: Patrick Thier <pth...@chromium.org>
      Gerrit-CC: Pawel Krawczyk <paw...@google.com>
      Gerrit-Attention: Matthias Liedtke <mlie...@chromium.org>
      Gerrit-Comment-Date: Thu, 23 Oct 2025 10:56:04 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: Yes
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Matthias Liedtke (Gerrit)

      unread,
      7:40 AM (4 hours ago) 7:40 AM
      to Patrick Thier, Pawel Krawczyk, V8 LUCI CQ, v8-re...@googlegroups.com

      Matthias Liedtke voted and added 2 comments

      Votes added by Matthias Liedtke

      Auto-Submit+1
      Commit-Queue+2

      2 comments

      Patchset-level comments
      File-level comment, Patchset 4 (Latest):
      Matthias Liedtke . resolved

      Thanks for the review!

      File src/runtime/runtime-test.cc
      Line 2128, Patchset 3: CHECK_UNLESS_FUZZING(v8_flags.shared_string_table || v8_flags.shared_strings);
      Patrick Thier . resolved

      nit: `shared_string_table` will always imply `shared_strings`, as `shared_strings` is a requirement for `shared_string_table`, so checking for only `shared_strings` here would be enough.

      Matthias Liedtke

      Done

      Open in Gerrit

      Related details

      Attention set is empty
      Submit Requirements:
        • requirement satisfiedCode-Owners
        • requirement satisfiedCode-Review
        • requirement satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: v8/v8
        Gerrit-Branch: main
        Gerrit-Change-Id: If84fd7f19606db775a5ec9c053f4af0a7d5888f8
        Gerrit-Change-Number: 7072431
        Gerrit-PatchSet: 4
        Gerrit-Owner: Matthias Liedtke <mlie...@chromium.org>
        Gerrit-Reviewer: Matthias Liedtke <mlie...@chromium.org>
        Gerrit-Reviewer: Patrick Thier <pth...@chromium.org>
        Gerrit-CC: Pawel Krawczyk <paw...@google.com>
        Gerrit-Comment-Date: Thu, 23 Oct 2025 11:40:41 +0000
        Gerrit-HasComments: Yes
        Gerrit-Has-Labels: Yes
        Comment-In-Reply-To: Patrick Thier <pth...@chromium.org>
        satisfied_requirement
        open
        diffy

        V8 LUCI CQ (Gerrit)

        unread,
        8:18 AM (3 hours ago) 8:18 AM
        to Matthias Liedtke, Patrick Thier, Pawel Krawczyk, v8-re...@googlegroups.com

        V8 LUCI CQ submitted the change with unreviewed changes

        Unreviewed changes

        3 is the latest approved patch-set.
        The change was submitted with unreviewed changes in the following files:

        ```
        The name of the file: src/runtime/runtime-test.cc
        Insertions: 3, Deletions: 4.

        @@ -2122,10 +2122,9 @@
        HandleScope scope(isolate);
        CHECK_UNLESS_FUZZING(args.length() == 1);
        CHECK_UNLESS_FUZZING(v8_flags.shared_heap);
        - // String sharing requires either a shared string table or at least shared
        - // strings. For simplicity, this runtime function only shares any object if
        - // one of the two flags are present.
        - CHECK_UNLESS_FUZZING(v8_flags.shared_string_table || v8_flags.shared_strings);
        + // String sharing needs to be enabled explicitly. For simplicity, this runtime
        + // function only shares any object if shared strings are enabled.
        + CHECK_UNLESS_FUZZING(v8_flags.shared_strings);
        if (IsSmi(args[0])) return args[0];
        CHECK_UNLESS_FUZZING(IsHeapObject(args[0]));
        Handle<HeapObject> obj = args.at<HeapObject>(0);
        ```

        Change information

        Commit message:
        [test] Expose %ShareObject() for fuzzing
        Bug: 448349112, 42204563
        Change-Id: If84fd7f19606db775a5ec9c053f4af0a7d5888f8
        Reviewed-by: Patrick Thier <pth...@chromium.org>
        Auto-Submit: Matthias Liedtke <mlie...@chromium.org>
        Commit-Queue: Matthias Liedtke <mlie...@chromium.org>
        Cr-Commit-Position: refs/heads/main@{#103312}
        Files:
        • M src/runtime/runtime-test.cc
        • M src/runtime/runtime.cc
        • A test/mjsunit/shared-memory/share-object-intrinsic-fuzzing.js
        Change size: M
        Delta: 3 files changed, 47 insertions(+), 4 deletions(-)
        Branch: refs/heads/main
        Submit Requirements:
        • requirement satisfiedCode-Review: +1 by Patrick Thier
        Open in Gerrit
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: merged
        Gerrit-Project: v8/v8
        Gerrit-Branch: main
        Gerrit-Change-Id: If84fd7f19606db775a5ec9c053f4af0a7d5888f8
        Gerrit-Change-Number: 7072431
        Gerrit-PatchSet: 5
        Gerrit-Owner: Matthias Liedtke <mlie...@chromium.org>
        Gerrit-Reviewer: Matthias Liedtke <mlie...@chromium.org>
        Gerrit-Reviewer: Patrick Thier <pth...@chromium.org>
        Gerrit-CC: Pawel Krawczyk <paw...@google.com>
        open
        diffy
        satisfied_requirement
        Reply all
        Reply to author
        Forward
        0 new messages