[heap] Fix data race in YoungGenerationMarkingVisitorBase

This CL fixes a data race that was found using TSAN. Bug: v8:13012 Change-Id: Ic29620edce116effea097a9f1d58532ba93b2224 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857424Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Leon Bettscheider <bettscheider@google.com> Cr-Commit-Position: refs/heads/main@{#82738}

[heap] Fix data race in YoungGenerationMarkingVisitorBase
This CL fixes a data race that was found using TSAN. Bug: v8:13012 Change-Id: Ic29620edce116effea097a9f1d58532ba93b2224 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857424Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Leon Bettscheider <bettscheider@google.com> Cr-Commit-Position: refs/heads/main@{#82738}
ae44450b · Leon Bettscheider · V8 LUCI CQ · f8aebf80 · ae44450b
Commit ae44450b authored Aug 25, 2022 by Leon Bettscheider Committed by V8 LUCI CQ Aug 26, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

marking-visitor-inl.h src/heap/marking-visitor-inl.h +2 -1

No files found.
--- a/src/heap/marking-visitor-inl.h
+++ b/src/heap/marking-visitor-inl.h
@@ -602,7 +602,8 @@ template <typename TSlot>
 void YoungGenerationMarkingVisitorBase<
    ConcreteVisitor, MarkingState>::VisitPointerImpl(HeapObject host,
                                                     TSlot slot) {
-  typename TSlot::TObject target = *slot;
+  typename TSlot::TObject target =
+      slot.Relaxed_Load(ObjectVisitorWithCageBases::cage_base());
  if (Heap::InYoungGeneration(target)) {
    // Treat weak references as strong.
    HeapObject target_object = target.GetHeapObject();