Commit afd09a05 authored by Dominik Inführ's avatar Dominik Inführ Committed by Commit Bot

[heap] Fix race in scavenger

For pages that are already swept, it can happen that one thread
iterates old-to-new-slots while another thread promotes an object onto
the same page.

Accessing the slot_set in Scavenger::ScavengePage therefore needs to be
atomic.

Bug: v8:11077
Change-Id: I086db612ed4e861aa9bd1c18fdf5c0e17c519a4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555009
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71360}
parent 39b2b0de
...@@ -569,7 +569,7 @@ void Scavenger::AddPageToSweeperIfNecessary(MemoryChunk* page) { ...@@ -569,7 +569,7 @@ void Scavenger::AddPageToSweeperIfNecessary(MemoryChunk* page) {
void Scavenger::ScavengePage(MemoryChunk* page) { void Scavenger::ScavengePage(MemoryChunk* page) {
CodePageMemoryModificationScope memory_modification_scope(page); CodePageMemoryModificationScope memory_modification_scope(page);
if (page->slot_set<OLD_TO_NEW, AccessMode::NON_ATOMIC>() != nullptr) { if (page->slot_set<OLD_TO_NEW, AccessMode::ATOMIC>() != nullptr) {
InvalidatedSlotsFilter filter = InvalidatedSlotsFilter::OldToNew(page); InvalidatedSlotsFilter filter = InvalidatedSlotsFilter::OldToNew(page);
RememberedSet<OLD_TO_NEW>::IterateAndTrackEmptyBuckets( RememberedSet<OLD_TO_NEW>::IterateAndTrackEmptyBuckets(
page, page,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment