• Dominik Inführ's avatar
    [baseline] Fix race between baseline compiler and GC on page flags · 911f6f03
    Dominik Inführ authored
    We need to create the CodePageCollectionMemoryModificationScope *after*
    setting up the LocalIsolate. Otherwise the destructor of that scope will
    run after that thread detached from the isolate, when it isn't part of
    the next GC safepoint anymore. This allows two concurrent operations
    on the page flags:
    
    1) The destructor of CodePageCollectionMemoryModificationScope protects
       the page again and accesses page flags in a DCHECK.
    2) The GC unprotects the code pages for the collection and sets the
       the evacuation candidate flag.
    
    Bug: chromium:1295738
    Change-Id: I6de626bb075f43e26d74dba18e28fe34331fdfd2
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451714
    Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
    Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
    Commit-Queue: Leszek Swirski <leszeks@chromium.org>
    Reviewed-by: 's avatarVictor Gomes <victorgomes@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#79025}
    911f6f03
baseline-batch-compiler.cc 13.3 KB