AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[heap] Fix a data race in a DCHECK in FreeLinearAllocationArea

Browse Source 
The function was using an non-atomic marking state to check the color
of the object. This is incorrect because concurrent marking may be
running while the linear allocation area is freed.

Bug: chromium:1139165
Change-Id: I20ef22908dfd8dcd75858707e884e87658dcb1cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526391
Auto-Submit: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71057}
This commit is contained in:
Ulan Degenbaev 2020-11-09 17:05:56 +01:00 committed by Commit Bot
parent 4d97ff5900
commit f7e484ee29
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/heap/paged-spaces.cc
View File

@ -435,10 +435,9 @@ void PagedSpace::FreeLinearAllocationArea() {
MemoryChunk::FromAddress(current_top));
}
DCHECK_IMPLIES(
current_limit - current_top >= 2 * kTaggedSize,
heap()->incremental_marking()->non_atomic_marking_state()->IsWhite(
HeapObject::FromAddress(current_top)));
DCHECK_IMPLIES(current_limit - current_top >= 2 * kTaggedSize,
heap()->incremental_marking()->marking_state()->IsWhite(
HeapObject::FromAddress(current_top)));
Free(current_top, current_limit - current_top,
SpaceAccountingMode::kSpaceAccounted);
}