[wasm] Fix race on isolate shutdown

backes · V8 LUCI CQ · commit cd41108d8267 · 2021-06-23T14:24:58.000Z
If we were unlucky and start wrapper compilation exactly after the isolate started shutting down, we would not have an isolate info any more in the isolate and would access a nullptr. This CL fixes that by just returning an invalid operations barrier token in that case. R=ahaas@chromium.org Bug: v8:11878 Change-Id: I6dcb28a21debb12ba812f705cd5c6387c76eda09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982339 Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75334}
diff --git a/src/tasks/operations-barrier.cc b/src/tasks/operations-barrier.cc
@@ -9,7 +9,7 @@ namespace internal {
 
 OperationsBarrier::Token OperationsBarrier::TryLock() {
   base::MutexGuard guard(&mutex_);
-  if (cancelled_) return Token(nullptr);
+  if (cancelled_) return {};
   ++operations_count_;
   return Token(this);
 }
diff --git a/src/tasks/operations-barrier.h b/src/tasks/operations-barrier.h
@@ -69,7 +69,9 @@ class V8_EXPORT_PRIVATE OperationsBarrier {
 
    private:
     friend class OperationsBarrier;
-    explicit Token(OperationsBarrier* outer) : outer_(outer) {}
+    explicit Token(OperationsBarrier* outer) : outer_(outer) {
+      DCHECK_NOT_NULL(outer_);
+    }
     OperationsBarrier* outer_ = nullptr;
   };
 
diff --git a/src/wasm/wasm-engine.cc b/src/wasm/wasm-engine.cc
@@ -986,8 +986,9 @@ void WasmEngine::DeleteCompileJobsOnIsolate(Isolate* isolate) {
 
 OperationsBarrier::Token WasmEngine::StartWrapperCompilation(Isolate* isolate) {
   base::MutexGuard guard(&mutex_);
-  DCHECK_EQ(1, isolates_.count(isolate));
-  return isolates_[isolate]->wrapper_compilation_barrier_->TryLock();
+  auto isolate_info_it = isolates_.find(isolate);
+  if (isolate_info_it == isolates_.end()) return {};
+  return isolate_info_it->second->wrapper_compilation_barrier_->TryLock();
 }
 
 void WasmEngine::AddIsolate(Isolate* isolate) {

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ namespace internal {`
`9`	`9`
`10`	`10`	`OperationsBarrier::Token OperationsBarrier::TryLock() {`
`11`	`11`	`base::MutexGuard guard(&mutex_);`
`12`		`- if (cancelled_) return Token(nullptr);`
	`12`	`+ if (cancelled_) return {};`
`13`	`13`	`++operations_count_;`
`14`	`14`	`return Token(this);`
`15`	`15`	`}`