• Jakob Gruber's avatar
    [compiler] Fix multiple races in Map::FindElementsKindTransitionedMap · 1b22e6fb
    Jakob Gruber authored
    The concurrent version was added recently in crrev.com/c/3085262.
    
    - UnusedPropertyFields requires the MapUpdater lock.
    - instance_descriptors must be read atomically on the bg thread.
    
    Finally, there appears to be a false positive report for the pattern:
    
     x = is_concurrent ? foo(kAcquireLoad) : foo();
    
    Here, clang emits code that executes both the atomic and nonatomic
    reads when is_concurrent is true. Needs more investigation.
    
    Bug: v8:7790, chromium:1239009
    Change-Id: I07d442e72cf0278f79f202a267e8d246f8abca1b
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090341
    Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
    Auto-Submit: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#76261}
    1b22e6fb
js-heap-broker.cc 38.8 KB