cppgc: Fix data race ObjectSizeTrait

Fix benign race in https://clusterfuzz.com/testcase-detail/5203237072076800 Change-Id: I558b230e4905a48342d8e7cf70d39be5a1b7fdb8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306375 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78121}

cppgc: Fix data race ObjectSizeTrait
Fix benign race in https://clusterfuzz.com/testcase-detail/5203237072076800 Change-Id: I558b230e4905a48342d8e7cf70d39be5a1b7fdb8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306375 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78121}
76f6c276 · Michael Lippautz · V8 LUCI CQ · d4c751cb · 76f6c276 · 76f6c276
Commit 76f6c276 authored Nov 29, 2021 by Michael Lippautz Committed by V8 LUCI CQ Nov 29, 2021
6 changed files
--- a/src/heap/cppgc/heap-base.cc
+++ b/src/heap/cppgc/heap-base.cc
@@ -36,7 +36,7 @@ class ObjectSizeCounter : private HeapVisitor<ObjectSizeCounter> {

 private:
  static size_t ObjectSize(const HeapObjectHeader& header) {
-    return ObjectView(header).Size();
+    return ObjectView<>(header).Size();
  }

  bool VisitHeapObjectHeader(HeapObjectHeader& header) {

--- a/src/heap/cppgc/marking-verifier.cc
+++ b/src/heap/cppgc/marking-verifier.cc
@@ -124,7 +124,7 @@ bool MarkingVerifierBase::VisitHeapObjectHeader(HeapObjectHeader& header) {
  }

  verifier_found_marked_bytes_ +=
-      ObjectView(header).Size() + sizeof(HeapObjectHeader);
+      ObjectView<>(header).Size() + sizeof(HeapObjectHeader);

  verification_state_.SetCurrentParent(nullptr);


--- a/src/heap/cppgc/object-size-trait.cc
+++ b/src/heap/cppgc/object-size-trait.cc
@@ -14,8 +14,8 @@ namespace internal {
 // static
 size_t BaseObjectSizeTrait::GetObjectSizeForGarbageCollected(
    const void* object) {
-  return ObjectView(HeapObjectHeader::FromObject(object))
-      .Size<AccessMode::kAtomic>();
+  return ObjectView<AccessMode::kAtomic>(HeapObjectHeader::FromObject(object))
+      .Size();
 }

 // static

--- a/src/heap/cppgc/object-view.h
+++ b/src/heap/cppgc/object-view.h
@@ -15,13 +15,13 @@ namespace internal {

 // ObjectView allows accessing a header within the bounds of the actual object.
 // It is not exposed externally and does not keep the underlying object alive.
+template <AccessMode = AccessMode::kNonAtomic>
 class ObjectView final {
 public:
  V8_INLINE explicit ObjectView(const HeapObjectHeader& header);

  V8_INLINE Address Start() const;
  V8_INLINE ConstAddress End() const;
-  template <AccessMode = AccessMode::kNonAtomic>
  V8_INLINE size_t Size() const;

 private:
@@ -30,25 +30,30 @@ class ObjectView final {
  const bool is_large_object_;
 };

-ObjectView::ObjectView(const HeapObjectHeader& header)
+template <AccessMode access_mode>
+ObjectView<access_mode>::ObjectView(const HeapObjectHeader& header)
    : header_(header),
      base_page_(
          BasePage::FromPayload(const_cast<HeapObjectHeader*>(&header_))),
-      is_large_object_(header_.IsLargeObject()) {
+      is_large_object_(header_.IsLargeObject<access_mode>()) {
  DCHECK_EQ(Start() + Size(), End());
 }

-Address ObjectView::Start() const { return header_.ObjectStart(); }
+template <AccessMode access_mode>
+Address ObjectView<access_mode>::Start() const {
+  return header_.ObjectStart();
+}

-ConstAddress ObjectView::End() const {
+template <AccessMode access_mode>
+ConstAddress ObjectView<access_mode>::End() const {
  return is_large_object_ ? LargePage::From(base_page_)->PayloadEnd()
                          : header_.ObjectEnd();
 }

-template <AccessMode mode>
-size_t ObjectView::Size() const {
+template <AccessMode access_mode>
+size_t ObjectView<access_mode>::Size() const {
  return is_large_object_ ? LargePage::From(base_page_)->ObjectSize()
-                          : header_.ObjectSize<mode>();
+                          : header_.ObjectSize<access_mode>();
 }

 }  // namespace internal

--- a/src/heap/cppgc/visitor.cc
+++ b/src/heap/cppgc/visitor.cc
@@ -32,7 +32,7 @@ namespace {

 void TraceConservatively(ConservativeTracingVisitor* conservative_visitor,
                         const HeapObjectHeader& header) {
-  const auto object_view = ObjectView(header);
+  const auto object_view = ObjectView<>(header);
  Address* object = reinterpret_cast<Address*>(object_view.Start());
  for (size_t i = 0; i < (object_view.Size() / sizeof(Address)); ++i) {
    Address maybe_ptr = object[i];

--- a/test/unittests/heap/cppgc/workloads-unittest.cc
+++ b/test/unittests/heap/cppgc/workloads-unittest.cc
@@ -207,7 +207,7 @@ class ObjectSizeCounter final : private HeapVisitor<ObjectSizeCounter> {

 private:
  static size_t ObjectSize(const HeapObjectHeader& header) {
-    return ObjectView(header).Size();
+    return ObjectView<>(header).Size();
  }

  bool VisitHeapObjectHeader(HeapObjectHeader& header) {