Commit 28ead054 authored by Marja Hölttä's avatar Marja Hölttä Committed by Commit Bot

[Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits

RemoveNode already nullifies the next_ pointer of FutexWaitListNode,
and DeleteAsyncNode was trying to retrieve it.

Bug: v8:10239
Change-Id: I595885de87f433d263eeacfc825a689efd467f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69259}
parent e06ace6b
...@@ -1809,6 +1809,19 @@ void Shell::WorkerTerminate(const v8::FunctionCallbackInfo<v8::Value>& args) { ...@@ -1809,6 +1809,19 @@ void Shell::WorkerTerminate(const v8::FunctionCallbackInfo<v8::Value>& args) {
worker->Terminate(); worker->Terminate();
} }
void Shell::WorkerTerminateAndWait(
const v8::FunctionCallbackInfo<v8::Value>& args) {
Isolate* isolate = args.GetIsolate();
HandleScope handle_scope(isolate);
std::shared_ptr<Worker> worker =
GetWorkerFromInternalField(isolate, args.Holder());
if (!worker.get()) {
return;
}
worker->TerminateAndWaitForThread();
}
void Shell::QuitOnce(v8::FunctionCallbackInfo<v8::Value>* args) { void Shell::QuitOnce(v8::FunctionCallbackInfo<v8::Value>* args) {
int exit_code = (*args)[0] int exit_code = (*args)[0]
->Int32Value(args->GetIsolate()->GetCurrentContext()) ->Int32Value(args->GetIsolate()->GetCurrentContext())
...@@ -2138,6 +2151,10 @@ Local<ObjectTemplate> Shell::CreateGlobalTemplate(Isolate* isolate) { ...@@ -2138,6 +2151,10 @@ Local<ObjectTemplate> Shell::CreateGlobalTemplate(Isolate* isolate) {
isolate, "terminate", isolate, "terminate",
FunctionTemplate::New(isolate, WorkerTerminate, Local<Value>(), FunctionTemplate::New(isolate, WorkerTerminate, Local<Value>(),
worker_signature)); worker_signature));
worker_fun_template->PrototypeTemplate()->Set(
isolate, "terminateAndWait",
FunctionTemplate::New(isolate, WorkerTerminateAndWait, Local<Value>(),
worker_signature));
worker_fun_template->PrototypeTemplate()->Set( worker_fun_template->PrototypeTemplate()->Set(
isolate, "postMessage", isolate, "postMessage",
FunctionTemplate::New(isolate, WorkerPostMessage, Local<Value>(), FunctionTemplate::New(isolate, WorkerPostMessage, Local<Value>(),
...@@ -3056,7 +3073,7 @@ void Worker::Terminate() { ...@@ -3056,7 +3073,7 @@ void Worker::Terminate() {
task_runner_->PostTask(std::move(task)); task_runner_->PostTask(std::move(task));
} }
void Worker::WaitForThread() { void Worker::TerminateAndWaitForThread() {
Terminate(); Terminate();
thread_->Join(); thread_->Join();
} }
...@@ -3917,7 +3934,7 @@ void Shell::WaitForRunningWorkers() { ...@@ -3917,7 +3934,7 @@ void Shell::WaitForRunningWorkers() {
} }
for (auto& worker : workers_copy) { for (auto& worker : workers_copy) {
worker->WaitForThread(); worker->TerminateAndWaitForThread();
} }
// Now that all workers are terminated, we can re-enable Worker creation. // Now that all workers are terminated, we can re-enable Worker creation.
......
...@@ -183,7 +183,7 @@ class Worker : public std::enable_shared_from_this<Worker> { ...@@ -183,7 +183,7 @@ class Worker : public std::enable_shared_from_this<Worker> {
void Terminate(); void Terminate();
// Terminate and join the thread. // Terminate and join the thread.
// This function can be called by any thread. // This function can be called by any thread.
void WaitForThread(); void TerminateAndWaitForThread();
// Start running the given worker in another thread. // Start running the given worker in another thread.
static bool StartWorkerThread(std::shared_ptr<Worker> worker); static bool StartWorkerThread(std::shared_ptr<Worker> worker);
...@@ -429,6 +429,8 @@ class Shell : public i::AllStatic { ...@@ -429,6 +429,8 @@ class Shell : public i::AllStatic {
const v8::FunctionCallbackInfo<v8::Value>& args); const v8::FunctionCallbackInfo<v8::Value>& args);
static void WorkerGetMessage(const v8::FunctionCallbackInfo<v8::Value>& args); static void WorkerGetMessage(const v8::FunctionCallbackInfo<v8::Value>& args);
static void WorkerTerminate(const v8::FunctionCallbackInfo<v8::Value>& args); static void WorkerTerminate(const v8::FunctionCallbackInfo<v8::Value>& args);
static void WorkerTerminateAndWait(
const v8::FunctionCallbackInfo<v8::Value>& args);
// The OS object on the global object contains methods for performing // The OS object on the global object contains methods for performing
// operating system calls: // operating system calls:
// //
......
...@@ -772,8 +772,10 @@ void FutexEmulation::IsolateDeinit(Isolate* isolate) { ...@@ -772,8 +772,10 @@ void FutexEmulation::IsolateDeinit(Isolate* isolate) {
// NativeContext. Also we don't need to cancel the timeout task, since it // NativeContext. Also we don't need to cancel the timeout task, since it
// will be cancelled by Isolate::Deinit. // will be cancelled by Isolate::Deinit.
node->timeout_task_id_ = CancelableTaskManager::kInvalidTaskId; node->timeout_task_id_ = CancelableTaskManager::kInvalidTaskId;
auto next = node->next_;
g_wait_list.Pointer()->RemoveNode(node); g_wait_list.Pointer()->RemoveNode(node);
node = DeleteAsyncWaiterNode(node); delete node;
node = next;
} else { } else {
node = node->next_; node = node->next_;
} }
......
// Copyright 2020 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax --harmony-sharedarraybuffer --harmony-atomics-waitasync
(function test() {
const sab = new SharedArrayBuffer(16);
const i32a = new Int32Array(sab);
const location = 0;
(function createWorker() {
const script = `onmessage = function(msg) {
if (msg.sab) {
const i32a = new Int32Array(msg.sab);
// Start 2 async waits in the same location.
const result1 = Atomics.waitAsync(i32a, ${location}, 0);
const result2 = Atomics.waitAsync(i32a, ${location}, 0);
postMessage('worker waiting');
}
}`;
const w = new Worker(script, {type : 'string'});
w.postMessage({sab: sab});
const m = w.getMessage();
assertEquals('worker waiting', m);
w.terminateAndWait();
})();
const notify_return_value = Atomics.notify(i32a, location, 2);
// No waiters got notified, since they got cleaned up before it.
assertEquals(0, notify_return_value);
})();
// Copyright 2020 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax --harmony-sharedarraybuffer --harmony-atomics-waitasync
(function test() {
const sab = new SharedArrayBuffer(16);
const i32a = new Int32Array(sab);
const location = 0;
(function createWorker() {
const script = `onmessage = function(msg) {
if (msg.sab) {
const i32a = new Int32Array(msg.sab);
Atomics.waitAsync(i32a, ${location}, 0);
postMessage('worker waiting');
}
}`;
// Create 2 workers which wait on the same location.
let workers = [];
const worker_count = 2;
for (let i = 0; i < worker_count; ++i) {
workers[i] = new Worker(script, {type : 'string'});
workers[i].postMessage({sab: sab});
const m = workers[i].getMessage();
assertEquals('worker waiting', m);
}
for (let i = 0; i < worker_count; ++i) {
workers[i].terminateAndWait();
}
})();
const notify_return_value = Atomics.notify(i32a, location, 2);
// No waiters got notified, since they got cleaned up before it.
assertEquals(0, notify_return_value);
})();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment