• Clemens Backes's avatar
    [wasm] Abort wrapper compilation on isolate shutdown · 8c3c89b0
    Clemens Backes authored
    JS-to-Wasm wrappers embed heap constants (like the undefined value), and
    those heap values are being accessed during compilation for tracing.
    This is not a data race, since those values are read-only. But if the
    isolate dies while we are compiling those wrappers, we might read from
    the heap after it has been free'd.
    
    Ideally we would not access the isolate or the heap at all during
    compilation, but delaying all tracing until the "finalization" phase is
    not feasible, and removing the heap value printing from tracing would
    significantly regress quality of this tracing.
    
    Hence this CL only fixes the actual issue: That we keep compiling
    wrappers when the isolate is already gone. It does so by introducing an
    {OperationsBarrier} per isolate that is being taken by each thread that
    executes wrapper compilation, and is used for waiting for background
    threads to finish before the isolate shuts down.
    Additionally, we actually cancel all compilation if a module dies (or
    the isolate shuts down) before it finished baseline compilation. In this
    state, the module cannot be shared between isolates yet, so it's safe to
    fully cancel all compilation. This cancellation is not strictly
    necessary, but it will reduce the time we are blocked while waiting for
    wrapper compilation to finish (because no new compilation will start).
    
    R=thibaudm@chromium.org
    CC=manoskouk@chromium.org
    
    Bug: v8:11626, chromium:1200231
    Change-Id: I5b19141d22bd0cb00ba84ffa53fb07cf001e13cc
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846881Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
    Commit-Queue: Clemens Backes <clemensb@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#74142}
    8c3c89b0
compilation-environment.h 5.37 KB