heap: Ignore TSAN when walking the stack conservatively

Other threads may write the stack of a different thread and use a lock
to synchronize such an access. An example for this is interrupt
handling.

Ignore TSAN for the methods performing the stack walk. There's no need
to use relaxed atomic reads as same-thread writes are consistent and
for other-thread writes there's no guarantee on what values to observe.

Bug: chromium:1245409
Change-Id: Ia3d3621590f1f5524d245632a2e8a2db23313f35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135573
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76622}

BUILD.bazel

@@ -1854,6 +1854,7 @@ filegroup(
         "src/base/sanitizer/lsan-page-allocator.cc",
         "src/base/sanitizer/lsan-page-allocator.h",
         "src/base/sanitizer/msan.h",
+        "src/base/sanitizer/tsan.h",
         "src/snapshot/code-serializer.cc",
         "src/snapshot/code-serializer.h",
         "src/snapshot/context-deserializer.cc",

BUILD.gn

@@ -4842,6 +4842,7 @@ v8_component("v8_libbase") {
     "src/base/sanitizer/lsan-page-allocator.h",
     "src/base/sanitizer/lsan.h",
     "src/base/sanitizer/msan.h",
+    "src/base/sanitizer/tsan.h",
     "src/base/small-vector.h",
     "src/base/strings.cc",
     "src/base/strings.h",

src/base/sanitizer/tsan.h

+// Copyright 2021 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// ThreadSanitizer support.
+
+#ifndef V8_BASE_SANITIZER_TSAN_H_
+#define V8_BASE_SANITIZER_TSAN_H_
+
+#if defined(THREAD_SANITIZER)
+
+#define DISABLE_TSAN __attribute__((no_sanitize_thread))
+
+#else  // !defined(THREAD_SANITIZER)
+
+#define DISABLE_TSAN
+
+#endif  // !defined(THREAD_SANITIZER)
+
+#endif  // V8_BASE_SANITIZER_TSAN_H_

src/heap/base/stack.cc

@@ -9,6 +9,7 @@
 #include "src/base/platform/platform.h"
 #include "src/base/sanitizer/asan.h"
 #include "src/base/sanitizer/msan.h"
+#include "src/base/sanitizer/tsan.h"
 #include "src/heap/cppgc/globals.h"
 
 namespace heap {
@@ -43,6 +44,10 @@ namespace {
 // No ASAN support as accessing fake frames otherwise results in
 // "stack-use-after-scope" warnings.
 DISABLE_ASAN
+// No TSAN support as the stack may not be exclusively owned by the current
+// thread, e.g., for interrupt handling. Atomic reads are not enough as the
+// other thread may use a lock to synchronize the access.
+DISABLE_TSAN
 void IterateAsanFakeFrameIfNecessary(StackVisitor* visitor,
                                      void* asan_fake_stack,
                                      const void* stack_start,
@@ -103,6 +108,10 @@ void IterateSafeStackIfNecessary(StackVisitor* visitor) {
 V8_NOINLINE
 // No ASAN support as method accesses redzones while walking the stack.
 DISABLE_ASAN
+// No TSAN support as the stack may not be exclusively owned by the current
+// thread, e.g., for interrupt handling. Atomic reads are not enough as the
+// other thread may use a lock to synchronize the access.
+DISABLE_TSAN
 void IteratePointersImpl(const Stack* stack, StackVisitor* visitor,
                          intptr_t* stack_end) {
 #ifdef V8_USE_ADDRESS_SANITIZER