Commit dff914ae authored by Jakob Kummerow's avatar Jakob Kummerow Committed by Commit Bot

[wasm-gc] Protect subtyping cache with a mutex

The per-module caches for subtype relations and type equivalences are
accessed from several background compile jobs, so these accesses must
be guarded by a lock.
This issue was found by our TSan bots and caused the following revert:
https://chromium-review.googlesource.com/c/v8/v8/+/2270734

Bug: v8:7748
Change-Id: I0322972f8f72ca8aff3538bf3f78d4329e5f3a44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2272564
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68574}
parent f7f1cc14
...@@ -331,6 +331,7 @@ struct V8_EXPORT_PRIVATE WasmModule { ...@@ -331,6 +331,7 @@ struct V8_EXPORT_PRIVATE WasmModule {
bool has_array(uint32_t index) const { bool has_array(uint32_t index) const {
return index < types.size() && type_kinds[index] == kWasmArrayTypeCode; return index < types.size() && type_kinds[index] == kWasmArrayTypeCode;
} }
base::RecursiveMutex* type_cache_mutex() const { return &type_cache_mutex_; }
bool is_cached_subtype(uint32_t subtype, uint32_t supertype) const { bool is_cached_subtype(uint32_t subtype, uint32_t supertype) const {
return subtyping_cache->count(std::make_pair(subtype, supertype)) == 1; return subtyping_cache->count(std::make_pair(subtype, supertype)) == 1;
} }
...@@ -381,6 +382,9 @@ struct V8_EXPORT_PRIVATE WasmModule { ...@@ -381,6 +382,9 @@ struct V8_EXPORT_PRIVATE WasmModule {
// Indexes are stored in increasing order. // Indexes are stored in increasing order.
std::unique_ptr<ZoneUnorderedSet<std::pair<uint32_t, uint32_t>>> std::unique_ptr<ZoneUnorderedSet<std::pair<uint32_t, uint32_t>>>
type_equivalence_cache; type_equivalence_cache;
// The above two caches are used from background compile jobs, so they
// must be protected from concurrent modifications:
mutable base::RecursiveMutex type_cache_mutex_;
DISALLOW_COPY_AND_ASSIGN(WasmModule); DISALLOW_COPY_AND_ASSIGN(WasmModule);
}; };
......
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
#include "src/wasm/wasm-subtyping.h" #include "src/wasm/wasm-subtyping.h"
#include "src/base/platform/mutex.h"
#include "src/wasm/wasm-module.h" #include "src/wasm/wasm-module.h"
namespace v8 { namespace v8 {
...@@ -159,6 +160,9 @@ V8_NOINLINE V8_EXPORT_PRIVATE bool IsSubtypeOfImpl(ValueType subtype, ...@@ -159,6 +160,9 @@ V8_NOINLINE V8_EXPORT_PRIVATE bool IsSubtypeOfImpl(ValueType subtype,
return false; return false;
} }
// Accessing the caches for subtyping and equivalence from multiple background
// threads is protected by a lock.
base::RecursiveMutexGuard type_cache_access(module->type_cache_mutex());
if (module->is_cached_subtype(sub_heap.ref_index(), super_heap.ref_index())) { if (module->is_cached_subtype(sub_heap.ref_index(), super_heap.ref_index())) {
return true; return true;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment