heap: Fix race on a field used for stress marking mode

The field is updated on the main thread and read on threads using
LocalHeap to possibly trigger GC in fuzzing configurations.

Bug: chromium:1286699
Change-Id: I15330b7542358ce1a2307a1f258655126b252c03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383776Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78591}

src/heap/heap.cc

@@ -5414,8 +5414,10 @@ Heap::IncrementalMarkingLimit Heap::IncrementalMarkingLimitReached() {
           max_marking_limit_reached_ =
               std::max<double>(max_marking_limit_reached_, current_percent);
         }
-      } else if (current_percent >= stress_marking_percentage_) {
-        stress_marking_percentage_ = NextStressMarkingLimit();
+      } else if (current_percent >=
+                 stress_marking_percentage_.load(std::memory_order_relaxed)) {
+        stress_marking_percentage_.store(NextStressMarkingLimit(),
+                                         std::memory_order_relaxed);
         return IncrementalMarkingLimit::kHardLimit;
       }
     }

src/heap/heap.h

@@ -2290,10 +2290,10 @@ class Heap {
 
   // Starts marking when stress_marking_percentage_% of the marking start limit
   // is reached.
-  int stress_marking_percentage_ = 0;
+  std::atomic<int> stress_marking_percentage_{0};
 
-  // Observer that causes more frequent checks for reached incremental marking
-  // limit.
+  // Observer that causes more frequent checks for reached incremental
+  // marking limit.
   AllocationObserver* stress_marking_observer_ = nullptr;
 
   // Observer that can cause early scavenge start.