include/cppgc/cross-thread-persistent.h · c0c9129505686596c910ebdfe7bb274c768cf5d0 · Linshizhi / V8

Michael Lippautz authored Aug 31, 2021

Double-checked locking pattern for destruction was missing the acquire
barrier for the initial load.

TSAN complained with a data race where:
T1: ClearAllUsedNodes(), clearing out the node
T2: a. if(GetNodeSafe()) { Lock; ... }
T2: b. operator delete

Since GetNodeSafe() was a relaxed load, operator delete was allowed to
be reordered which raced with ClearAllUsedNodes().

Bug: chromium:1239081, chromium:1242795
Change-Id: I3906555b13cc51538a1a54b7ca481a96d81fd84e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132264
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76599}

760682da

cross-thread-persistent.h 14.7 KB

Replace cross-thread-persistent.h