heap: Fix TSAN race in AllocationTrackerForDebugging

The previous CLs stealth-fixed an issue where we wouldn't receive MoveEvent's even if FLAG_fuzzer_gc_analysis was true. The fix uncovered a data race which is fixed here. Bug: v8:12615 Change-Id: I646dc31918d6ebe717716290375e12eac562b4b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452030Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79038}

heap: Fix TSAN race in AllocationTrackerForDebugging
The previous CLs stealth-fixed an issue where we wouldn't receive MoveEvent's even if FLAG_fuzzer_gc_analysis was true. The fix uncovered a data race which is fixed here. Bug: v8:12615 Change-Id: I646dc31918d6ebe717716290375e12eac562b4b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452030Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79038}
f2d4a23d · Michael Lippautz · V8 LUCI CQ · a50d814e · f2d4a23d
Commit f2d4a23d authored Feb 10, 2022 by Michael Lippautz Committed by V8 LUCI CQ Feb 10, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 9 deletions

heap.cc src/heap/heap.cc +11 -9

No files found.
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -738,7 +738,7 @@ class Heap::AllocationTrackerForDebugging final

  void AllocationEvent(Address addr, int size) final {
    if (FLAG_verify_predictable) {
-      ++allocations_count_;
+      allocations_count_.fetch_add(1, std::memory_order_relaxed);
      // Advance synthetic time by making a time request.
      heap_->MonotonicallyIncreasingTimeInMs();

@@ -749,9 +749,9 @@ class Heap::AllocationTrackerForDebugging final
        PrintAllocationsHash();
      }
    } else if (FLAG_fuzzer_gc_analysis) {
-      ++allocations_count_;
+      allocations_count_.fetch_add(1, std::memory_order_relaxed);
    } else if (FLAG_trace_allocation_stack_interval > 0) {
-      ++allocations_count_;
+      allocations_count_.fetch_add(1, std::memory_order_relaxed);
      if (allocations_count_ % FLAG_trace_allocation_stack_interval == 0) {
        heap_->isolate()->PrintStack(stdout, Isolate::kPrintStackConcise);
      }
@@ -760,7 +760,7 @@ class Heap::AllocationTrackerForDebugging final

  void MoveEvent(Address source, Address target, int size) final {
    if (FLAG_verify_predictable) {
-      ++allocations_count_;
+      allocations_count_.fetch_add(1, std::memory_order_relaxed);
      // Advance synthetic time by making a time request.
      heap_->MonotonicallyIncreasingTimeInMs();

@@ -772,7 +772,7 @@ class Heap::AllocationTrackerForDebugging final
        PrintAllocationsHash();
      }
    } else if (FLAG_fuzzer_gc_analysis) {
-      ++allocations_count_;
+      allocations_count_.fetch_add(1, std::memory_order_relaxed);
    }
  }

@@ -803,13 +803,15 @@ class Heap::AllocationTrackerForDebugging final

  void PrintAllocationsHash() {
    uint32_t hash = StringHasher::GetHashCore(raw_allocations_hash_);
-    PrintF("\n### Allocations = %zu, hash = 0x%08x\n", allocations_count_,
-           hash);
+    PrintF("\n### Allocations = %zu, hash = 0x%08x\n",
+           allocations_count_.load(std::memory_order_relaxed), hash);
  }

  Heap* const heap_;
-  // Count of all allocations performed through C++ bottlenecks.
-  size_t allocations_count_ = 0;
+  // Count of all allocations performed through C++ bottlenecks. This needs to
+  // be atomic as objects are moved in parallel in the GC which counts as
+  // allocations.
+  std::atomic<size_t> allocations_count_;
  // Running hash over allocations performed.
  uint32_t raw_allocations_hash_ = 0;
 };