Michael Lippautz (Gerrit)

unread,

Apr 24, 2026, 9:59:44 AM (4 days ago) Apr 24

to Erik Corry, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com

Attention needed from Erik Corry

Michael Lippautz added 2 comments

Patchset-level comments

File-level comment, Patchset 3 (Latest):

Michael Lippautz . resolved

One question, certainly tricky case here...

File src/heap/code-range.cc

Line 563, Patchset 3 (Parent): red_zones_.Reset();

Michael Lippautz . unresolved

Why not clear them anymore here?

Open in Gerrit

Related details

Attention is currently required from:

Erik Corry

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

unsatisfied_requirement

open

diffy

Erik Corry (Gerrit)

unread,

Apr 27, 2026, 11:22:40 AM (yesterday) Apr 27

to Michael Lippautz, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com

Erik Corry added 1 comment

File src/heap/code-range.cc

Line 564, Patchset 3 (Parent):

Erik Corry . unresolved

This looks like it was just wrong, previously and I'm a bit confused why it didn't trigger in Chrome. It's deleting the red zone after mapping the builtins, which would seem to allow allocation in that area. There is a release-mode assert that InstructionStream objects are not allocated in the area that aliases the read-only space (in Factory::CodeBuilder::AllocateUninitializedInstructionStream) and my understanding was that Chromium runs with contiguous read-only space.

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

unsatisfied_requirement

open

diffy

Michael Lippautz (Gerrit)

unread,

10:45 AM (9 hours ago) 10:45 AM

to Erik Corry, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, Hannes Payer, mlippau...@chromium.org, v8-re...@googlegroups.com

Attention needed from Erik Corry

Michael Lippautz added 1 comment

File src/heap/code-range.cc

Line 564, Patchset 3 (Parent):

Erik Corry . unresolved

This looks like it was just wrong, previously and I'm a bit confused why it didn't trigger in Chrome. It's deleting the red zone after mapping the builtins, which would seem to allow allocation in that area. There is a release-mode assert that InstructionStream objects are not allocated in the area that aliases the read-only space (in Factory::CodeBuilder::AllocateUninitializedInstructionStream) and my understanding was that Chromium runs with contiguous read-only space.

Michael Lippautz

The red zone object maps in reservations and manages those. Clearing them here means that these reservations are lost and can never be reused. This prevents reusing the memory areas for any subsequent allocations. I think this was working as intended, no?

Open in Gerrit

Related details

Attention is currently required from:

Erik Corry

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

unsatisfied_requirement

open

diffy

Reply all

Reply to author

Forward

[builtins] Fix flaky issue where builtins can't be placed correctly [v8/v8 : main]

Michael Lippautz (Gerrit)

Michael Lippautz added 2 comments

Related details

Erik Corry (Gerrit)

Erik Corry added 1 comment

Related details

Michael Lippautz (Gerrit)

Michael Lippautz added 1 comment

Related details