cppgc: shared-heap: Fix data race around CagedHeap::large_pages_

Now that the cage is shared, its metadata must be thread-safe. Bug: chromium:1336529 Change-Id: I0650462d1faf171fc3325808ca45ebe044e91f45 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707097 Auto-Submit: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#81176}

cppgc: shared-heap: Fix data race around CagedHeap::large_pages_
Now that the cage is shared, its metadata must be thread-safe. Bug: chromium:1336529 Change-Id: I0650462d1faf171fc3325808ca45ebe044e91f45 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707097 Auto-Submit: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#81176}
739acb48 · Anton Bikineev · V8 LUCI CQ · f789c6a0 · 739acb48 · 739acb48
Commit 739acb48 authored Jun 15, 2022 by Anton Bikineev Committed by V8 LUCI CQ Jun 15, 2022
Show whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

caged-heap.cc src/heap/cppgc/caged-heap.cc +4 -0

caged-heap.h src/heap/cppgc/caged-heap.h +7 -0

No files found.
--- a/src/heap/cppgc/caged-heap.cc
+++ b/src/heap/cppgc/caged-heap.cc
@@ -148,6 +148,7 @@ CagedHeap::CagedHeap(PageAllocator& platform_allocator)
 void CagedHeap::NotifyLargePageCreated(LargePage* page) {
  DCHECK(page);
+  v8::base::MutexGuard guard(&large_pages_mutex_);
  auto result = large_pages_.insert(page);
  USE(result);
  DCHECK(result.second);
@@ -155,6 +156,7 @@ void CagedHeap::NotifyLargePageCreated(LargePage* page) {
 void CagedHeap::NotifyLargePageDestroyed(LargePage* page) {
  DCHECK(page);
+  v8::base::MutexGuard guard(&large_pages_mutex_);
  auto size = large_pages_.erase(page);
  USE(size);
  DCHECK_EQ(1u, size);
@@ -170,6 +172,7 @@ BasePage& CagedHeap::LookupPageFromInnerPointer(void* ptr) const {
 }
 LargePage& CagedHeap::LookupLargePageFromInnerPointer(void* ptr) const {
+  v8::base::MutexGuard guard(&large_pages_mutex_);
  auto it = large_pages_.upper_bound(static_cast<LargePage*>(ptr));
  DCHECK_NE(large_pages_.begin(), it);
  auto* page = *std::next(it, -1);
@@ -179,6 +182,7 @@ LargePage& CagedHeap::LookupLargePageFromInnerPointer(void* ptr) const {
 }
 void CagedHeap::ResetForTesting() {
+  v8::base::MutexGuard guard(&large_pages_mutex_);
  // Clear the large pages to support tests within the same process.
  large_pages_.clear();
 }

--- a/src/heap/cppgc/caged-heap.h
+++ b/src/heap/cppgc/caged-heap.h
@@ -13,6 +13,7 @@
 #include "include/cppgc/platform.h"
 #include "src/base/bounded-page-allocator.h"
 #include "src/base/lazy-instance.h"
+#include "src/base/platform/mutex.h"
 #include "src/heap/cppgc/globals.h"
 #include "src/heap/cppgc/virtual-memory.h"
@@ -97,9 +98,15 @@ class V8_EXPORT_PRIVATE CagedHeap final {
  static CagedHeap* instance_;
  const VirtualMemory reserved_area_;
+  // BoundedPageAllocator is thread-safe, no need to use external
+  // synchronization.
  std::unique_ptr<AllocatorType> normal_page_bounded_allocator_;
  std::unique_ptr<AllocatorType> large_page_bounded_allocator_;
  std::set<LargePage*> large_pages_;
+  // TODO(chromium:1325007): Since writes are rare, consider using read-write
+  // lock to speed up reading.
+  mutable v8::base::Mutex large_pages_mutex_;
 };
 }  // namespace internal