Skip to content

V
V8
Commit 31d36add authored by Ulan Degenbaev's avatar Ulan Degenbaev Committed by Commit Bot
Browse files
Options

[heap] Fix data race in Sweeper::MakeIterable 

The function can be invoked in a background task and has to take the
page mutex to sweep it.

Bug: chromium:1040700
Change-Id: I552fd636ca62f45496dc6c663a0a12d428eb2e20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007273Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65847}
parent 9ff2de44
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 4 deletions
src/heap/sweeper.cc
View file @ 31d36add
...@@ -250,7 +250,8 @@ bool Sweeper::AreSweeperTasksRunning() { return num_sweeping_tasks_ != 0; } ...@@ -250,7 +250,8 @@ bool Sweeper::AreSweeperTasksRunning() { return num_sweeping_tasks_ != 0; }
int Sweeper::RawSweep( int Sweeper::RawSweep(
Page* p, FreeListRebuildingMode free_list_mode, Page* p, FreeListRebuildingMode free_list_mode,
FreeSpaceTreatmentMode free_space_mode, FreeSpaceTreatmentMode free_space_mode,
FreeSpaceMayContainInvalidatedSlots invalidated_slots_in_free_space) { FreeSpaceMayContainInvalidatedSlots invalidated_slots_in_free_space,
const base::MutexGuard& page_guard) {
Space* space = p->owner(); Space* space = p->owner();
DCHECK_NOT_NULL(space); DCHECK_NOT_NULL(space);
DCHECK(free_list_mode == IGNORE_FREE_LIST || space->identity() == OLD_SPACE || DCHECK(free_list_mode == IGNORE_FREE_LIST || space->identity() == OLD_SPACE ||
...@@ -461,7 +462,7 @@ int Sweeper::ParallelSweepPage( ...@@ -461,7 +462,7 @@ int Sweeper::ParallelSweepPage(
const FreeSpaceTreatmentMode free_space_mode = const FreeSpaceTreatmentMode free_space_mode =
Heap::ShouldZapGarbage() ? ZAP_FREE_SPACE : IGNORE_FREE_SPACE; Heap::ShouldZapGarbage() ? ZAP_FREE_SPACE : IGNORE_FREE_SPACE;
max_freed = RawSweep(page, REBUILD_FREE_LIST, free_space_mode, max_freed = RawSweep(page, REBUILD_FREE_LIST, free_space_mode,
invalidated_slots_in_free_space); invalidated_slots_in_free_space, guard);
DCHECK(page->SweepingDone()); DCHECK(page->SweepingDone());
} }
...@@ -601,11 +602,12 @@ void Sweeper::AddPageForIterability(Page* page) { ...@@ -601,11 +602,12 @@ void Sweeper::AddPageForIterability(Page* page) {
} }
void Sweeper::MakeIterable(Page* page) { void Sweeper::MakeIterable(Page* page) {
base::MutexGuard guard(page->mutex());
DCHECK(IsValidIterabilitySpace(page->owner_identity())); DCHECK(IsValidIterabilitySpace(page->owner_identity()));
const FreeSpaceTreatmentMode free_space_mode = const FreeSpaceTreatmentMode free_space_mode =
Heap::ShouldZapGarbage() ? ZAP_FREE_SPACE : IGNORE_FREE_SPACE; Heap::ShouldZapGarbage() ? ZAP_FREE_SPACE : IGNORE_FREE_SPACE;
RawSweep(page, IGNORE_FREE_LIST, free_space_mode, RawSweep(page, IGNORE_FREE_LIST, free_space_mode,
FreeSpaceMayContainInvalidatedSlots::kNo); FreeSpaceMayContainInvalidatedSlots::kNo, guard);
} }
} // namespace internal } // namespace internal
......
src/heap/sweeper.h
View file @ 31d36add
...@@ -93,7 +93,8 @@ class Sweeper { ...@@ -93,7 +93,8 @@ class Sweeper {
int RawSweep( int RawSweep(
Page* p, FreeListRebuildingMode free_list_mode, Page* p, FreeListRebuildingMode free_list_mode,
FreeSpaceTreatmentMode free_space_mode, FreeSpaceTreatmentMode free_space_mode,
FreeSpaceMayContainInvalidatedSlots invalidated_slots_in_free_space); FreeSpaceMayContainInvalidatedSlots invalidated_slots_in_free_space,
const base::MutexGuard& page_guard);
// After calling this function sweeping is considered to be in progress // After calling this function sweeping is considered to be in progress
// and the main thread can sweep lazily, but the background sweeper tasks // and the main thread can sweep lazily, but the background sweeper tasks
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment