Commit d15537cf authored by Camillo's avatar Camillo Committed by V8 LUCI CQ

[runtime] Fix relaxed memmove in TypedArray.prototype.set

If either target or source are shared buffers, use relaxed memmove.

Bug: chromium:1353555
Change-Id: Ieaad826c610b0f2f808b4061947372d851f95978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862209Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82812}
parent af62c4f0
...@@ -274,7 +274,8 @@ TypedArrayPrototypeSetTypedArray(implicit context: Context, receiver: JSAny)( ...@@ -274,7 +274,8 @@ TypedArrayPrototypeSetTypedArray(implicit context: Context, receiver: JSAny)(
// value, true, Unordered). // value, true, Unordered).
// iii. Set srcByteIndex to srcByteIndex + 1. // iii. Set srcByteIndex to srcByteIndex + 1.
// iv. Set targetByteIndex to targetByteIndex + 1. // iv. Set targetByteIndex to targetByteIndex + 1.
if (IsSharedArrayBuffer(target.buffer)) { if (IsSharedArrayBuffer(target.buffer) ||
IsSharedArrayBuffer(source.buffer)) {
// SABs need a relaxed memmove to preserve atomicity. // SABs need a relaxed memmove to preserve atomicity.
CallCRelaxedMemmove(dstPtr, source.data_ptr, countBytes); CallCRelaxedMemmove(dstPtr, source.data_ptr, countBytes);
} else { } else {
......
// Copyright 2022 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
const worker = new Worker(`function onmessage(buffer) {
const shared2 = new Int32Array(buffer);
shared2.fill(1);
}`, {
type: 'string'
});
const shared = new Int32Array(new SharedArrayBuffer(4));
worker.postMessage(shared.buffer);
while (Atomics.load(shared) == 0) {}
(new Int32Array(1)).set(shared);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment