I guess you meant to link to https://crrev.com/c/4896678. I triggered dry-runs, let's see what happens.
On Wed, Sep 27, 2023 at 2:12 PM Aapo Alasuutari <aapo.alasuut...@gmail.com> wrote: > Thank you for the response! > > Hopefully this was then much easier than I even expected. I opened this > CL: https://groups.google.com/g/v8-dev/c/wuncGizO1EU > Unfortunately I'm not a dry-runner so I cannot start try-bots on this > myself. I'll try running some tests locally at least. > > -Aapo > > On Wednesday, 27 September 2023 at 14:15:23 UTC+3 Clemens Backes wrote: > >> This is the place where we store the special "empty backing store buffer" >> in the ArrayBuffer if the passed BackingStore is empty: >> >> https://source.chromium.org/chromium/chromium/src/+/main:v8/src/objects/js-array-buffer.cc;l=82;drc=57bf7660f3e50a0f68f329059f0dff8f641effc4 >> >> In a non-sandbox build, this will just store nullptr. >> >> That said, I can't tell you why we have this optimization and which >> part(s) of the system depend on that. As the backing store is kept alive by >> the ArrayBuffer anyway, I guess we could also just store the actual >> buffer's start in the ArrayBuffer::backing_store field. >> Waiting to be corrected :) >> >> On Wed, Sep 27, 2023 at 11:22 AM Aapo Alasuutari <aapo.al...@gmail.com> >> wrote: >> >>> Hello >>> >>> I'm trying to take a look at the `v8::ArrayBuffer::Data()` method with >>> the intention of fixing this bug: >>> https://bugs.chromium.org/p/v8/issues/detail?id=13488 (and by extension >>> possibly unblock https://bugs.chromium.org/p/v8/issues/detail?id=13489) >>> >>> Put it short: The method returns a null pointer for all zero-length >>> buffers even when the ArrayBuffer is internally backed by an external >>> pointer. These sorts of externally backed zero-length buffers are sometimes >>> used in eg. Node API to pass opaque pointers to and from JavaScript. >>> Getting the proper pointer requires using the >>> `v8::ArrayBuffer::GetBackingStore()` API, after which its `Data()` API >>> returns the real external pointer. >>> >>> I've been trying to track where this difference springs from but haven't >>> had much success. The `Data()` method calls the `backing_store()` method of >>> a `i::Handle<i::JSArrayBuffer>` which I _think_ is defined with the >>> `DEF_GETTER` macro in `js-array-buffer-inl.h` line 48: >>> >>> DEF_GETTER(JSArrayBuffer, backing_store, void*) { >>> Address value = ReadSandboxedPointerField(kBackingStoreOffset, >>> cage_base); >>> return reinterpret_cast<void*>(value); >>> } >>> >>> But here I get confused: `ReadSandboxedPointerField` (in >>> `sandboxed-pointer-inl.h`) seems simple enough that there should be >>> absolutely no checks against the length of the buffer, nor does it seem >>> particularly likely for the backing store offset parameter to be somehow >>> wrong. >>> >>> If anyone has an idea of where I should look into, that'd be much >>> appreciated >>> -Aapo Alasuutari >>> >>> -- >>> -- >>> v8-dev mailing list >>> v8-...@googlegroups.com >>> http://groups.google.com/group/v8-dev >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "v8-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to v8-dev+un...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/v8-dev/350ede0e-0c6d-433e-b9b3-a85525c7049fn%40googlegroups.com >>> <https://groups.google.com/d/msgid/v8-dev/350ede0e-0c6d-433e-b9b3-a85525c7049fn%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> >> Clemens Backes >> >> Software Engineer >> >> clem...@google.com >> >> Google Germany GmbH >> >> Erika-Mann-Straße 33 >> >> 80636 München >> >> Geschäftsführer: Paul Manicle, Liana Sebastian >> >> Registergericht und -nummer: Hamburg, HRB 86891 >> >> Sitz der Gesellschaft: Hamburg >> >> Diese E-Mail ist vertraulich. Falls sie diese fälschlicherweise erhalten >> haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, >> löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, >> dass die E-Mail an die falsche Person gesendet wurde. >> >> >> This e-mail is confidential. If you received this communication by >> mistake, please don't forward it to anyone else, please erase all copies >> and attachments, and please let me know that it has gone to the wrong >> person. >> >> >> -- > -- > v8-dev mailing list > v8-dev@googlegroups.com > http://groups.google.com/group/v8-dev > --- > You received this message because you are subscribed to the Google Groups > "v8-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/v8-dev/25a7a109-5b44-4250-b5f2-bc060ef307b4n%40googlegroups.com > <https://groups.google.com/d/msgid/v8-dev/25a7a109-5b44-4250-b5f2-bc060ef307b4n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Clemens Backes Software Engineer cleme...@google.com Google Germany GmbH Erika-Mann-Straße 33 80636 München Geschäftsführer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Diese E-Mail ist vertraulich. Falls sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde. This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person. -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CAGO%3DqhBhzjWbO3VKwDLnUOz6mDrqFtwxvJ6fX9Q49T-y9Q-%2B_Q%40mail.gmail.com.
