[objects] Set bit_field as relaxed as TSAN can't see StoreIC transition

Related: https://chromium-review.googlesource.com/c/v8/v8/+/2682641 Bug: v8:7790, v8:11353 Change-Id: Iefbc154b8bc7659e98a0bf8090e2d0cfa78b7063 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773348 Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#73563}
2021-03-22 11:58:01 +00:00 · 2021-03-22 11:58:01 +00:00 · fff952417e
commit fff952417e
parent 77f452edf2
2 changed files with 5 additions and 1 deletions
--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@ -1537,7 +1537,9 @@ Map Factory::InitializeMap(Map map, InstanceType type, int instance_size,
  map.SetInstanceDescriptors(isolate(), *empty_descriptor_array(), 0);
  // Must be called only after |instance_type| and |instance_size| are set.
  map.set_visitor_id(Map::GetVisitorId(map));
-  map.set_bit_field(0);
+  // TODO(solanes, v8:7790, v8:11353): set_relaxed_bit_field could be an atomic
+  // set if TSAN could see the transitions happening in StoreIC.
+  map.set_relaxed_bit_field(0);
  map.set_bit_field2(Map::Bits2::NewTargetIsBaseBit::encode(true));
  int bit_field3 =
      Map::Bits3::EnumLengthBits::encode(kInvalidEnumCacheSentinel) |
--- a/src/objects/map.cc
+++ b/src/objects/map.cc
@ -1441,6 +1441,8 @@ Handle<Map> Map::RawCopy(Isolate* isolate, Handle<Map> map, int instance_size,
  Handle<HeapObject> prototype(map->prototype(), isolate);
  Map::SetPrototype(isolate, result, prototype);
  result->set_constructor_or_back_pointer(map->GetConstructor());
+  // TODO(solanes, v8:7790, v8:11353): set_relaxed_bit_field could be an atomic
+  // set if TSAN could see the transitions happening in StoreIC.
  result->set_relaxed_bit_field(map->bit_field());
  result->set_bit_field2(map->bit_field2());
  int new_bit_field3 = map->bit_field3();