heap: Fix race on a field used for stress marking mode

The field is updated on the main thread and read on threads using LocalHeap to possibly trigger GC in fuzzing configurations. Bug: chromium:1286699 Change-Id: I15330b7542358ce1a2307a1f258655126b252c03 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383776 Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78591}
2022-01-12 17:28:40 +01:00 · 2022-01-12 17:28:40 +01:00 · ebb23b9434
commit ebb23b9434
parent 6c015e46fb
2 changed files with 7 additions and 5 deletions
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@ -5414,8 +5414,10 @@ Heap::IncrementalMarkingLimit Heap::IncrementalMarkingLimitReached() {
          max_marking_limit_reached_ =
              std::max<double>(max_marking_limit_reached_, current_percent);
        }
-      } else if (current_percent >= stress_marking_percentage_) {
-        stress_marking_percentage_ = NextStressMarkingLimit();
+      } else if (current_percent >=
+                 stress_marking_percentage_.load(std::memory_order_relaxed)) {
+        stress_marking_percentage_.store(NextStressMarkingLimit(),
+                                         std::memory_order_relaxed);
        return IncrementalMarkingLimit::kHardLimit;
      }
    }
--- a/src/heap/heap.h
+++ b/src/heap/heap.h
@ -2290,10 +2290,10 @@ class Heap {

  // Starts marking when stress_marking_percentage_% of the marking start limit
  // is reached.
-  int stress_marking_percentage_ = 0;
+  std::atomic<int> stress_marking_percentage_{0};

-  // Observer that causes more frequent checks for reached incremental marking
-  // limit.
+  // Observer that causes more frequent checks for reached incremental
+  // marking limit.
  AllocationObserver* stress_marking_observer_ = nullptr;

  // Observer that can cause early scavenge start.