cppgc: Thread safe JSMember

Make all writes to JSMember.val_ atomic and atomically check for emptiness in Trace. Bug: chromium:1056170 Change-Id: Ia7034b9318df081aa61c9b6664903dd4f73402a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431569 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70309}
2020-10-02 18:28:57 +02:00 · 2020-10-02 18:28:57 +02:00 · f6bc6b6d0b
commit f6bc6b6d0b
parent ff61743fb0
2 changed files with 17 additions and 5 deletions
--- a/include/v8-cppgc.h
+++ b/include/v8-cppgc.h
@ -14,6 +14,7 @@ namespace v8 {
 class Isolate;
 template <typename T>
 class JSMember;
+class JSVisitor;

 namespace internal {

@ -49,11 +50,21 @@ class V8_EXPORT JSMemberBase {
  inline JSMemberBase& CopyImpl(const JSMemberBase& other);
  inline JSMemberBase& MoveImpl(JSMemberBase&& other);

+  void SetSlotThreadSafe(void* value) {
+    reinterpret_cast<std::atomic<void*>*>(&val_)->store(
+        value, std::memory_order_relaxed);
+  }
+  bool IsEmptyThreadSafe() const {
+    return reinterpret_cast<std::atomic<const void*> const*>(&val_)->load(
+               std::memory_order_relaxed) == nullptr;
+  }
+
  // val_ points to a GlobalHandles node.
  internal::Address* val_ = nullptr;

  template <typename T>
  friend class v8::JSMember;
+  friend class v8::JSVisitor;
  friend class v8::internal::JSMemberBaseExtractor;
 };

@ -79,7 +90,7 @@ JSMemberBase& JSMemberBase::MoveImpl(JSMemberBase&& other) {
 void JSMemberBase::Reset() {
  if (IsEmpty()) return;
  Delete(val_);
-  val_ = nullptr;
+  SetSlotThreadSafe(nullptr);
 }

 }  // namespace internal
@ -144,7 +155,8 @@ class V8_EXPORT JSMember : public internal::JSMemberBase {
            typename = std::enable_if_t<std::is_base_of<T, U>::value>>
  void Set(v8::Isolate* isolate, Local<U> that) {
    Reset();
-    val_ = New(isolate, reinterpret_cast<internal::Address*>(*that), &val_);
+    SetSlotThreadSafe(
+        New(isolate, reinterpret_cast<internal::Address*>(*that), &val_));
  }
 };

@ -200,7 +212,7 @@ class JSVisitor : public cppgc::Visitor {

  template <typename T>
  void Trace(const JSMember<T>& ref) {
-    if (ref.IsEmpty()) return;
+    if (ref.IsEmptyThreadSafe()) return;
    Visit(ref);
  }

--- a/src/handles/global-handles.cc
+++ b/src/handles/global-handles.cc
@ -1073,7 +1073,7 @@ void GlobalHandles::MoveTracedGlobal(Address** from, Address** to) {
      }
    }
    DestroyTraced(*from);
-    *from = nullptr;
+    SetSlotThreadSafe(from, nullptr);
  } else {
    // Pure heap move.
    DestroyTraced(*to);
@ -1086,7 +1086,7 @@ void GlobalHandles::MoveTracedGlobal(Address** from, Address** to) {
    if (to_node->has_destructor()) {
      to_node->set_parameter(to);
    }
-    *from = nullptr;
+    SetSlotThreadSafe(from, nullptr);
  }
  TracedNode::Verify(global_handles, to);
 }