TSAN false positive in BasicMemoryChunk

When looking at Code objects from the compiler, we inquire whether the object is on a read only page. In TSAN builds, it's necessary to reload the memory because TSAN can't detect the safety of the operation. Fixed: v8:11590 Change-Id: Iaedd6e3f9f22241d4ef778f53a0405eaac8f76b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778276Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#73571}

TSAN false positive in BasicMemoryChunk
When looking at Code objects from the compiler, we inquire whether the object is on a read only page. In TSAN builds, it's necessary to reload the memory because TSAN can't detect the safety of the operation. Fixed: v8:11590 Change-Id: Iaedd6e3f9f22241d4ef778f53a0405eaac8f76b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778276Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#73571}
907aa27d · Mike Stanton · Commit Bot · 7ace5189 · 907aa27d · 907aa27d
Commit 907aa27d authored Mar 22, 2021 by Mike Stanton Committed by Commit Bot Mar 22, 2021
Show whitespace changes
Inline Side-by-side

Showing with 18 additions and 6 deletions

basic-memory-chunk.cc src/heap/basic-memory-chunk.cc +5 -4

basic-memory-chunk.h src/heap/basic-memory-chunk.h +13 -2

No files found.
--- a/src/heap/basic-memory-chunk.cc
+++ b/src/heap/basic-memory-chunk.cc
@@ -62,10 +62,11 @@ bool BasicMemoryChunk::InLargeObjectSpace() const {
 }

 #ifdef THREAD_SANITIZER
-void BasicMemoryChunk::SynchronizedHeapLoad() {
-  CHECK(reinterpret_cast<Heap*>(base::Acquire_Load(
-            reinterpret_cast<base::AtomicWord*>(&heap_))) != nullptr ||
-        InReadOnlySpace());
+void BasicMemoryChunk::SynchronizedHeapLoad() const {
+  CHECK(reinterpret_cast<Heap*>(
+            base::Acquire_Load(reinterpret_cast<base::AtomicWord*>(
+                &(const_cast<BasicMemoryChunk*>(this)->heap_)))) != nullptr ||
+        InReadOnlySpaceRaw());
 }
 #endif


--- a/src/heap/basic-memory-chunk.h
+++ b/src/heap/basic-memory-chunk.h
@@ -203,7 +203,18 @@ class BasicMemoryChunk {
  static const Flags kSkipEvacuationSlotsRecordingMask =
      kEvacuationCandidateMask | kIsInYoungGenerationMask;

-  bool InReadOnlySpace() const { return IsFlagSet(READ_ONLY_HEAP); }
+ private:
+  bool InReadOnlySpaceRaw() const { return IsFlagSet(READ_ONLY_HEAP); }
+
+ public:
+  bool InReadOnlySpace() const {
+#ifdef THREAD_SANITIZER
+    // This is needed because TSAN does not process the memory fence
+    // emitted after page initialization.
+    SynchronizedHeapLoad();
+#endif
+    return IsFlagSet(READ_ONLY_HEAP);
+  }

  bool NeverEvacuate() { return IsFlagSet(NEVER_EVACUATE); }

@@ -335,7 +346,7 @@ class BasicMemoryChunk {
  // Perform a dummy acquire load to tell TSAN that there is no data race in
  // mark-bit initialization. See MemoryChunk::Initialize for the corresponding
  // release store.
-  void SynchronizedHeapLoad();
+  void SynchronizedHeapLoad() const;
 #endif

 protected: