[compiler] Fix data race in JSObject::RawFastInobjectPropertyAtPut

Mark the write of the property as relaxed atomic. The compiler thread is examining the value. It is fine if the value is stale or new, we simply need to let TSAN know we are aware of the race. BUG=v8:11896 Change-Id: I42505a6e12c7eb3c1ef8d9376d7a420567646d62 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968403Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#75209}

[compiler] Fix data race in JSObject::RawFastInobjectPropertyAtPut
Mark the write of the property as relaxed atomic. The compiler thread is examining the value. It is fine if the value is stale or new, we simply need to let TSAN know we are aware of the race. BUG=v8:11896 Change-Id: I42505a6e12c7eb3c1ef8d9376d7a420567646d62 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968403Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#75209}
4d2869dc · Mike Stanton · V8 LUCI CQ · 52b62586 · 4d2869dc
Commit 4d2869dc authored Jun 17, 2021 by Mike Stanton Committed by V8 LUCI CQ Jun 17, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

js-objects-inl.h src/objects/js-objects-inl.h +1 -1

No files found.
--- a/src/objects/js-objects-inl.h
+++ b/src/objects/js-objects-inl.h
@@ -384,7 +384,7 @@ void JSObject::RawFastInobjectPropertyAtPut(FieldIndex index, Object value,
                                            WriteBarrierMode mode) {
  DCHECK(index.is_inobject());
  int offset = index.offset();
-  WRITE_FIELD(*this, offset, value);
+  RELAXED_WRITE_FIELD(*this, offset, value);
  CONDITIONAL_WRITE_BARRIER(*this, offset, value, mode);
 }