[heap] Properly publish global handle flags

This reverts commit 2d394aca. Concurrrent marking for v8::TracedReference requires a single bit in global handles to be written concurrently. While no other bits require concurrent access, initialization still needs to properly publish the the bitfield. Publishing generally allows all bits to be read on any thread which is already used for some. The CL introduces acq/rel semantics on the actual object pointer for publishing the state. Bug: chromium:1315498, v8:12600 Change-Id: Ic50c7c0b647b8b609bcd899f6c9f73bee80303da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596125Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80085}

[heap] Properly publish global handle flags
This reverts commit 2d394aca. Concurrrent marking for v8::TracedReference requires a single bit in global handles to be written concurrently. While no other bits require concurrent access, initialization still needs to properly publish the the bitfield. Publishing generally allows all bits to be read on any thread which is already used for some. The CL introduces acq/rel semantics on the actual object pointer for publishing the state. Bug: chromium:1315498, v8:12600 Change-Id: Ic50c7c0b647b8b609bcd899f6c9f73bee80303da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596125Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80085}
e774f8a1 · Michael Lippautz · V8 LUCI CQ · b8a01ce0 · e774f8a1 · e774f8a1
Commit e774f8a1 authored Apr 21, 2022 by Michael Lippautz Committed by V8 LUCI CQ Apr 21, 2022
4 changed files
--- a/src/handles/global-handles-inl.h
+++ b/src/handles/global-handles-inl.h
@@ -27,6 +27,12 @@ T GlobalHandleVector<T>::Pop() {
  return obj;
 }

+// static
+Object GlobalHandles::Acquire(Address* location) {
+  return Object(reinterpret_cast<std::atomic<Address>*>(location)->load(
+      std::memory_order_acquire));
+}
+
 }  // namespace internal
 }  // namespace v8


--- a/src/handles/global-handles.cc
+++ b/src/handles/global-handles.cc
--- a/src/handles/global-handles.h
+++ b/src/handles/global-handles.h
@@ -80,6 +80,8 @@ class V8_EXPORT_PRIVATE GlobalHandles final {
  static void DestroyTracedReference(Address* location);
  static void MarkTraced(Address* location);

+  V8_INLINE static Object Acquire(Address* location);
+
  explicit GlobalHandles(Isolate* isolate);
  ~GlobalHandles();


--- a/src/heap/cppgc-js/unified-heap-marking-state-inl.h
+++ b/src/heap/cppgc-js/unified-heap-marking-state-inl.h
@@ -5,8 +5,11 @@
 #ifndef V8_HEAP_CPPGC_JS_UNIFIED_HEAP_MARKING_STATE_INL_H_
 #define V8_HEAP_CPPGC_JS_UNIFIED_HEAP_MARKING_STATE_INL_H_

+#include <atomic>
+
 #include "include/v8-traced-handle.h"
 #include "src/base/logging.h"
+#include "src/handles/global-handles-inl.h"
 #include "src/handles/global-handles.h"
 #include "src/heap/cppgc-js/unified-heap-marking-state.h"
 #include "src/heap/heap.h"
@@ -26,10 +29,11 @@ class BasicTracedReferenceExtractor {
    // `cppgc::Visitor::TraceEphemeron()` for non-Member values.
    if (!global_handle_location) return Object();

+    // The load synchronizes internal bitfields that are also read atomically
+    // from the concurrent marker.
+    Object object = GlobalHandles::Acquire(global_handle_location);
    GlobalHandles::MarkTraced(global_handle_location);
-    return Object(
-        reinterpret_cast<std::atomic<Address>*>(global_handle_location)
-            ->load(std::memory_order_relaxed));
+    return object;
  }
 };