[ptr-compr][tsan] Explicitly whitelist legitimate concurrent accesses to Map's bit fields

Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel Bug: v8:7703 Change-Id: I3511710cead1c18b75783f71af3127693e7f17fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529007 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#60334}

[ptr-compr][tsan] Explicitly whitelist legitimate concurrent accesses to Map's bit fields
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel Bug: v8:7703 Change-Id: I3511710cead1c18b75783f71af3127693e7f17fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529007 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#60334}
aa068cfc · Igor Sheludko · Commit Bot · 89a5dd36 · aa068cfc · aa068cfc
Commit aa068cfc authored Mar 19, 2019 by Igor Sheludko Committed by Commit Bot Mar 19, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 4 deletions

objects-body-descriptors-inl.h src/objects-body-descriptors-inl.h +1 -2

map-inl.h src/objects/map-inl.h +14 -2

map.h src/objects/map.h +2 -0

No files found.
--- a/src/objects-body-descriptors-inl.h
+++ b/src/objects-body-descriptors-inl.h
@@ -76,8 +76,7 @@ void BodyDescriptorBase::IterateJSObjectBodyImpl(Map map, HeapObject obj,
  int inobject_fields_offset = map->GetInObjectPropertyOffset(0);
  // We are always requested to process header and embedder fields.
  DCHECK_LE(inobject_fields_offset, end_offset);
-  // Embedder fields are located between header rouned up to the system pointer
+  // Embedder fields are located between header and inobject properties.
-  // size and inobject properties.
  if (header_size < inobject_fields_offset) {
    // There are embedder fields.
    IteratePointers(obj, start_offset, header_size, v);

--- a/src/objects/map-inl.h
+++ b/src/objects/map-inl.h
@@ -54,7 +54,11 @@ SYNCHRONIZED_ACCESSORS_CHECKED(Map, layout_descriptor, LayoutDescriptor,
 WEAK_ACCESSORS(Map, raw_transitions, kTransitionsOrPrototypeInfoOffset)
 // |bit_field| fields.
-BIT_FIELD_ACCESSORS(Map, bit_field, has_non_instance_prototype,
+// Concurrent access to |has_prototype_slot| and |has_non_instance_prototype|
+// is explicitly whitelisted here. The former is never modified after the map
+// is setup but it's being read by concurrent marker when pointer compression
+// is enabled. The latter bit can be modified on a live objects.
+BIT_FIELD_ACCESSORS(Map, relaxed_bit_field, has_non_instance_prototype,
                    Map::HasNonInstancePrototypeBit)
 BIT_FIELD_ACCESSORS(Map, bit_field, is_callable, Map::IsCallableBit)
 BIT_FIELD_ACCESSORS(Map, bit_field, has_named_interceptor,
@@ -65,7 +69,7 @@ BIT_FIELD_ACCESSORS(Map, bit_field, is_undetectable, Map::IsUndetectableBit)
 BIT_FIELD_ACCESSORS(Map, bit_field, is_access_check_needed,
                    Map::IsAccessCheckNeededBit)
 BIT_FIELD_ACCESSORS(Map, bit_field, is_constructor, Map::IsConstructorBit)
-BIT_FIELD_ACCESSORS(Map, bit_field, has_prototype_slot,
+BIT_FIELD_ACCESSORS(Map, relaxed_bit_field, has_prototype_slot,
                    Map::HasPrototypeSlotBit)
 // |bit_field2| fields.
@@ -422,6 +426,14 @@ void Map::set_bit_field(byte value) {
  WRITE_BYTE_FIELD(*this, kBitFieldOffset, value);
 }
+byte Map::relaxed_bit_field() const {
+  return RELAXED_READ_BYTE_FIELD(*this, kBitFieldOffset);
+}
+void Map::set_relaxed_bit_field(byte value) {
+  RELAXED_WRITE_BYTE_FIELD(*this, kBitFieldOffset, value);
+}
 byte Map::bit_field2() const {
  return READ_BYTE_FIELD(*this, kBitField2Offset);
 }

--- a/src/objects/map.h
+++ b/src/objects/map.h
@@ -240,6 +240,8 @@ class Map : public HeapObject {
  // Bit field.
  //
  DECL_PRIMITIVE_ACCESSORS(bit_field, byte)
+  // Atomic accessors, used for whitelisting legitimate concurrent accesses.
+  DECL_PRIMITIVE_ACCESSORS(relaxed_bit_field, byte)
 // Bit positions for |bit_field|.
 #define MAP_BIT_FIELD_FIELDS(V, _)          \