[vm/concurrency] Ensure no races can occur when setting identity hash code

mkustermann · commit-bot@chromium.org · commit 2505b6c64e19 · 2021-06-03T14:45:44.000Z
Usually the identity hashcode is implemented by returning if present and otherwise generating a random number, setting the hash code and returning it. This works fine in single-mutator environments, though when multiple mutators might race to install identity hash codes we should ensure only one of them wins and all others will obtain whatever hash code has been set by the winner. This will matter once we start sharing more objects across isolates. Issue dart-lang/sdk#36097 TEST=vm/cc/AsmIntrinsifier_SetHashIfNotSetYet Change-Id: Ie760ca9658e6ec0640255361544d6822b07574e2 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/201827 Commit-Queue: Martin Kustermann <kustermann@google.com> Reviewed-by: Slava Egorov <vegorov@google.com>
diff --git a/runtime/lib/object.cc b/runtime/lib/object.cc
@@ -52,19 +52,15 @@ DEFINE_NATIVE_ENTRY(Object_getHash, 0, 1) {
 
 DEFINE_NATIVE_ENTRY(Object_setHashIfNotSetYet, 0, 2) {
   GET_NON_NULL_NATIVE_ARGUMENT(Smi, hash, arguments->NativeArgAt(1));
-  const intptr_t current_hash = GetHash(isolate, arguments->NativeArgAt(0));
-  if (current_hash != 0) {
-    return Smi::New(current_hash);
-  }
 #if defined(HASH_IN_OBJECT_HEADER)
-  Object::SetCachedHash(arguments->NativeArgAt(0), hash.Value());
+  return Smi::New(
+      Object::SetCachedHashIfNotSet(arguments->NativeArgAt(0), hash.Value()));
 #else
   const Instance& instance =
       Instance::CheckedHandle(zone, arguments->NativeArgAt(0));
-  Heap* heap = isolate->group()->heap();
-  heap->SetHash(instance.ptr(), hash.Value());
+  Heap* heap = thread->heap();
+  return Smi::New(heap->SetHashIfNotSet(instance.ptr(), hash.Value()));
 #endif
-  return hash.ptr();
 }
 
 DEFINE_NATIVE_ENTRY(Object_toString, 0, 1) {
diff --git a/runtime/vm/compiler/asm_intrinsifier_arm64.cc b/runtime/vm/compiler/asm_intrinsifier_arm64.cc
@@ -1601,26 +1601,27 @@ void AsmIntrinsifier::Object_getHash(Assembler* assembler,
 
 void AsmIntrinsifier::Object_setHashIfNotSetYet(Assembler* assembler,
                                                 Label* normal_ir_body) {
-  Label already_set;
-  __ ldr(R0, Address(SP, 1 * target::kWordSize));  // Object.
-  __ ldr(R1, FieldAddress(R0, target::String::hash_offset(), kFourBytes),
-         kUnsignedFourBytes);
-  __ cbnz(&already_set, R1, kFourBytes);
-  __ ldr(R1, Address(SP, 0 * target::kWordSize));  // Value.
+  __ ldp(/*Value=*/R1, /*Object=*/R0, Address(SP, 0, Address::PairOffset));
   // R0: Untagged address of header word (ldxr/stxr do not support offsets).
   __ sub(R0, R0, Operand(kHeapObjectTag));
   __ SmiUntag(R1);
   __ LslImmediate(R3, R1, target::UntaggedObject::kHashTagPos);
-  Label retry;
+
+  Label retry, already_set_in_r4;
   __ Bind(&retry);
   __ ldxr(R2, R0, kEightBytes);
+  __ LsrImmediate(R4, R2, target::UntaggedObject::kHashTagPos);
+  __ cbnz(&already_set_in_r4, R4);
   __ orr(R2, R2, Operand(R3));
   __ stxr(R4, R2, R0, kEightBytes);
   __ cbnz(&retry, R4);
   // Fall-through with R1 containing new hash value (untagged).
-  __ Bind(&already_set);
   __ SmiTag(R0, R1);
   __ ret();
+  __ Bind(&already_set_in_r4);
+  __ clrex();
+  __ SmiTag(R0, R4);
+  __ ret();
 }
 
 void GenerateSubstringMatchesSpecialization(Assembler* assembler,
diff --git a/runtime/vm/compiler/asm_intrinsifier_test.cc b/runtime/vm/compiler/asm_intrinsifier_test.cc
@@ -0,0 +1,81 @@
+// Copyright (c) 2021, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+#include "platform/assert.h"
+
+#include "vm/globals.h"
+#include "vm/symbols.h"
+#include "vm/unit_test.h"
+
+namespace dart {
+
+static intptr_t GetHash(Isolate* isolate, const ObjectPtr obj) {
+#if defined(HASH_IN_OBJECT_HEADER)
+  return Object::GetCachedHash(obj);
+#else
+  Heap* heap = isolate->group()->heap();
+  ASSERT(obj->IsDartInstance());
+  return heap->GetHash(obj);
+#endif
+}
+
+ISOLATE_UNIT_TEST_CASE(AsmIntrinsifier_SetHashIfNotSetYet) {
+  auto I = Isolate::Current();
+  const auto& corelib = Library::Handle(Library::CoreLibrary());
+  const auto& name = String::Handle(String::New("_setHashIfNotSetYet"));
+  const auto& symbol = String::Handle(Symbols::New(thread, name));
+
+  const auto& function =
+      Function::Handle(corelib.LookupFunctionAllowPrivate(symbol));
+  const auto& object_class =
+      Class::Handle(corelib.LookupClass(Symbols::Object()));
+
+  auto& smi0 = Smi::Handle(Smi::New(0));
+  auto& smi21 = Smi::Handle(Smi::New(21));
+  auto& smi42 = Smi::Handle(Smi::New(42));
+  const auto& obj = Object::Handle(Instance::New(object_class));
+  const auto& args = Array::Handle(Array::New(2));
+
+  const auto& args_descriptor_array =
+      Array::Handle(ArgumentsDescriptor::NewBoxed(0, 2, Array::empty_array()));
+
+  // Initialized to 0
+  EXPECT_EQ(smi0.ptr(), Smi::New(GetHash(I, obj.ptr())));
+
+  // Lazily set to 42 on first call.
+  args.SetAt(0, obj);
+  args.SetAt(1, smi42);
+  EXPECT_EQ(smi42.ptr(),
+            DartEntry::InvokeFunction(function, args, args_descriptor_array));
+  EXPECT_EQ(smi42.ptr(), Smi::New(GetHash(I, obj.ptr())));
+
+  // Stays at 42 on subsequent calls.
+  args.SetAt(0, obj);
+  args.SetAt(1, smi21);
+  EXPECT_EQ(smi42.ptr(),
+            DartEntry::InvokeFunction(function, args, args_descriptor_array));
+  EXPECT_EQ(smi42.ptr(), Smi::New(GetHash(I, obj.ptr())));
+
+  const auto& obj2 = Object::Handle(Instance::New(object_class));
+  const auto& smiMax = Smi::Handle(Smi::New(0xffffffff));
+
+  // Initialized to 0
+  EXPECT_EQ(smi0.ptr(), Smi::New(GetHash(I, obj2.ptr())));
+
+  // Lazily set to smiMax first call.
+  args.SetAt(0, obj2);
+  args.SetAt(1, smiMax);
+  EXPECT_EQ(smiMax.ptr(),
+            DartEntry::InvokeFunction(function, args, args_descriptor_array));
+  EXPECT_EQ(smiMax.ptr(), Smi::New(GetHash(I, obj2.ptr())));
+
+  // Stays at smiMax on subsequent calls.
+  args.SetAt(0, obj2);
+  args.SetAt(1, smi21);
+  EXPECT_EQ(smiMax.ptr(),
+            DartEntry::InvokeFunction(function, args, args_descriptor_array));
+  EXPECT_EQ(smiMax.ptr(), Smi::New(GetHash(I, obj2.ptr())));
+}
+
+}  // namespace dart
diff --git a/runtime/vm/compiler/asm_intrinsifier_x64.cc b/runtime/vm/compiler/asm_intrinsifier_x64.cc
@@ -1455,23 +1455,35 @@ void AsmIntrinsifier::Object_getHash(Assembler* assembler,
 
 void AsmIntrinsifier::Object_setHashIfNotSetYet(Assembler* assembler,
                                                 Label* normal_ir_body) {
-  Label already_set;
-  __ movq(RAX, Address(RSP, +2 * target::kWordSize));  // Object.
-  __ movl(RDX, FieldAddress(RAX, target::String::hash_offset()));
-  __ testl(RDX, RDX);
-  __ j(NOT_ZERO, &already_set, AssemblerBase::kNearJump);
-  __ movq(RDX, Address(RSP, +1 * target::kWordSize));  // Value.
-  __ SmiUntag(RDX);
-  __ shlq(RDX, Immediate(target::UntaggedObject::kHashTagPos));
-  // lock+orq is an atomic read-modify-write.
-  __ lock();
-  __ orq(FieldAddress(RAX, target::Object::tags_offset()), RDX);
-  __ movq(RAX, Address(RSP, +1 * target::kWordSize));
-  __ ret();
-  __ Bind(&already_set);
-  __ movl(RAX, RDX);
+  ASSERT(target::String::hash_offset() == 4);
+
+  __ movq(RBX, Address(RSP, +2 * target::kWordSize));  // Object.
+  __ movq(RCX, Address(RSP, +1 * target::kWordSize));  // Value.
+  __ SmiUntag(RCX);
+  __ MoveRegister(RDX, RCX);
+  __ shlq(RDX, Immediate(32));
+
+  Label retry, success, already_in_rax;
+  __ Bind(&retry);
+  // RAX is used by "cmpxchgq" as comparison value (if comparison succeeds the
+  // store is performed).
+  __ movq(RAX, FieldAddress(RBX, 0));
+  __ TestImmediate(RAX, Immediate(0xffffffff00000000));
+  __ BranchIf(NOT_ZERO, &already_in_rax);
+  __ MoveRegister(RSI, RAX);
+  __ orq(RSI, RDX);
+  __ LockCmpxchgq(FieldAddress(RBX, 0), RSI);
+  __ BranchIf(NOT_ZERO, &retry);
+  // Fall-through with RCX containing new hash value (untagged)
+  __ Bind(&success);
+  __ SmiTag(RCX);
+  __ MoveRegister(RAX, RCX);
+  __ Ret();
+
+  __ Bind(&already_in_rax);
+  __ shrq(RAX, Immediate(32));
   __ SmiTag(RAX);
-  __ ret();
+  __ Ret();
 }
 
 void GenerateSubstringMatchesSpecialization(Assembler* assembler,
diff --git a/runtime/vm/compiler/compiler_sources.gni b/runtime/vm/compiler/compiler_sources.gni
@@ -154,6 +154,7 @@ compiler_sources = [
 ]
 
 compiler_sources_tests = [
+  "asm_intrinsifier_test.cc",
   "assembler/assembler_arm64_test.cc",
   "assembler/assembler_arm_test.cc",
   "assembler/assembler_ia32_test.cc",
diff --git a/runtime/vm/heap/become.cc b/runtime/vm/heap/become.cc
@@ -297,7 +297,7 @@ void Become::ElementsForwardIdentity(const Array& before, const Array& after) {
     ForwardObjectTo(before_obj, after_obj);
     heap->ForwardWeakEntries(before_obj, after_obj);
 #if defined(HASH_IN_OBJECT_HEADER)
-    Object::SetCachedHash(after_obj, Object::GetCachedHash(before_obj));
+    Object::SetCachedHashIfNotSet(after_obj, Object::GetCachedHash(before_obj));
 #endif
   }
 
diff --git a/runtime/vm/heap/heap.cc b/runtime/vm/heap/heap.cc
@@ -893,6 +893,17 @@ void Heap::SetWeakEntry(ObjectPtr raw_obj, WeakSelector sel, intptr_t val) {
   }
 }
 
+intptr_t Heap::SetWeakEntryIfNonExistent(ObjectPtr raw_obj,
+                                         WeakSelector sel,
+                                         intptr_t val) {
+  if (!raw_obj->IsSmiOrOldObject()) {
+    return new_weak_tables_[sel]->SetValueIfNonExistent(raw_obj, val);
+  } else {
+    ASSERT(raw_obj->IsSmiOrOldObject());
+    return old_weak_tables_[sel]->SetValueIfNonExistent(raw_obj, val);
+  }
+}
+
 void Heap::ForwardWeakEntries(ObjectPtr before_object, ObjectPtr after_object) {
   const auto before_space =
       !before_object->IsSmiOrOldObject() ? Heap::kNew : Heap::kOld;
diff --git a/runtime/vm/heap/heap.h b/runtime/vm/heap/heap.h
@@ -211,8 +211,8 @@ class Heap {
 #if !defined(HASH_IN_OBJECT_HEADER)
   // Associate an identity hashCode with an object. An non-existent hashCode
   // is equal to 0.
-  void SetHash(ObjectPtr raw_obj, intptr_t hash) {
-    SetWeakEntry(raw_obj, kIdentityHashes, hash);
+  intptr_t SetHashIfNotSet(ObjectPtr raw_obj, intptr_t hash) {
+    return SetWeakEntryIfNonExistent(raw_obj, kIdentityHashes, hash);
   }
   intptr_t GetHash(ObjectPtr raw_obj) const {
     return GetWeakEntry(raw_obj, kIdentityHashes);
@@ -251,6 +251,9 @@ class Heap {
   // Used by the GC algorithms to propagate weak entries.
   intptr_t GetWeakEntry(ObjectPtr raw_obj, WeakSelector sel) const;
   void SetWeakEntry(ObjectPtr raw_obj, WeakSelector sel, intptr_t val);
+  intptr_t SetWeakEntryIfNonExistent(ObjectPtr raw_obj,
+                                     WeakSelector sel,
+                                     intptr_t val);
 
   WeakTable* GetWeakTable(Space space, WeakSelector selector) const {
     if (space == kNew) {
diff --git a/runtime/vm/heap/weak_table.h b/runtime/vm/heap/weak_table.h
@@ -62,6 +62,16 @@ class WeakTable {
     return SetValueExclusive(key, val);
   }
 
+  intptr_t SetValueIfNonExistent(ObjectPtr key, intptr_t val) {
+    MutexLocker ml(&mutex_);
+    const auto old_value = GetValueExclusive(key);
+    if (old_value == kNoValue) {
+      SetValueExclusive(key, val);
+      return val;
+    }
+    return old_value;
+  }
+
   // The following "exclusive" methods must only be called from call sites
   // which are known to have exclusive access to the weak table.
   //
diff --git a/runtime/vm/isolate_reload.cc b/runtime/vm/isolate_reload.cc
@@ -224,7 +224,7 @@ InstancePtr InstanceMorpher::Morph(const Instance& instance) const {
   }
 #if defined(HASH_IN_OBJECT_HEADER)
   const uint32_t hash = Object::GetCachedHash(instance.ptr());
-  Object::SetCachedHash(result.ptr(), hash);
+  Object::SetCachedHashIfNotSet(result.ptr(), hash);
 #endif
 
   // Morph the context from instance to result using mapping_.
diff --git a/runtime/vm/object.cc b/runtime/vm/object.cc
@@ -1323,7 +1323,7 @@ class FinalizeVMIsolateVisitor : public ObjectVisitor {
           counter_ += 2011;  // The year Dart was announced and a prime.
           counter_ &= 0x3fffffff;
           if (counter_ == 0) counter_++;
-          Object::SetCachedHash(obj, counter_);
+          Object::SetCachedHashIfNotSet(obj, counter_);
         }
       }
 #endif
@@ -1431,7 +1431,7 @@ void Object::FinalizeReadOnlyObject(ObjectPtr object) {
     OneByteStringPtr str = static_cast<OneByteStringPtr>(object);
     if (String::GetCachedHash(str) == 0) {
       intptr_t hash = String::Hash(str);
-      String::SetCachedHash(str, hash);
+      String::SetCachedHashIfNotSet(str, hash);
     }
     intptr_t size = OneByteString::UnroundedSize(str);
     ASSERT(size <= str->untag()->HeapSize());
@@ -1441,7 +1441,7 @@ void Object::FinalizeReadOnlyObject(ObjectPtr object) {
     TwoByteStringPtr str = static_cast<TwoByteStringPtr>(object);
     if (String::GetCachedHash(str) == 0) {
       intptr_t hash = String::Hash(str);
-      String::SetCachedHash(str, hash);
+      String::SetCachedHashIfNotSet(str, hash);
     }
     ASSERT(String::GetCachedHash(str) != 0);
     intptr_t size = TwoByteString::UnroundedSize(str);
@@ -1453,14 +1453,14 @@ void Object::FinalizeReadOnlyObject(ObjectPtr object) {
         static_cast<ExternalOneByteStringPtr>(object);
     if (String::GetCachedHash(str) == 0) {
       intptr_t hash = String::Hash(str);
-      String::SetCachedHash(str, hash);
+      String::SetCachedHashIfNotSet(str, hash);
     }
   } else if (cid == kExternalTwoByteStringCid) {
     ExternalTwoByteStringPtr str =
         static_cast<ExternalTwoByteStringPtr>(object);
     if (String::GetCachedHash(str) == 0) {
       intptr_t hash = String::Hash(str);
-      String::SetCachedHash(str, hash);
+      String::SetCachedHashIfNotSet(str, hash);
     }
   } else if (cid == kCodeSourceMapCid) {
     CodeSourceMapPtr map = CodeSourceMap::RawCast(object);
@@ -2592,6 +2592,9 @@ void Object::InitializeObject(uword address,
   tags = UntaggedObject::OldAndNotMarkedBit::update(is_old, tags);
   tags = UntaggedObject::OldAndNotRememberedBit::update(is_old, tags);
   tags = UntaggedObject::NewBit::update(!is_old, tags);
+#if defined(HASH_IN_OBJECT_HEADER)
+  tags = UntaggedObject::HashTag::update(0, tags);
+#endif
   reinterpret_cast<UntaggedObject*>(address)->tags_ = tags;
 }
 
@@ -23712,7 +23715,9 @@ TwoByteStringPtr TwoByteString::New(intptr_t len, Heap::Space space) {
     NoSafepointScope no_safepoint;
     result ^= raw;
     result.SetLength(len);
-    result.SetHash(0);
+#if !defined(HASH_IN_OBJECT_HEADER)
+    result.ptr()->untag()->set_hash(Smi::New(0));
+#endif
   }
   return TwoByteString::raw(result);
 }
@@ -23869,7 +23874,9 @@ ExternalOneByteStringPtr ExternalOneByteString::New(
     NoSafepointScope no_safepoint;
     result ^= raw;
     result.SetLength(len);
-    result.SetHash(0);
+#if !defined(HASH_IN_OBJECT_HEADER)
+    result.ptr()->untag()->set_hash(Smi::New(0));
+#endif
     SetExternalData(result, data, peer);
   }
   AddFinalizer(result, peer, callback, external_allocation_size);
@@ -23899,7 +23906,9 @@ ExternalTwoByteStringPtr ExternalTwoByteString::New(
     NoSafepointScope no_safepoint;
     result ^= raw;
     result.SetLength(len);
-    result.SetHash(0);
+#if !defined(HASH_IN_OBJECT_HEADER)
+    result.ptr()->untag()->set_hash(Smi::New(0));
+#endif
     SetExternalData(result, data, peer);
   }
   AddFinalizer(result, peer, callback, external_allocation_size);
diff --git a/runtime/vm/object.h b/runtime/vm/object.h
diff --git a/runtime/vm/object_graph.cc b/runtime/vm/object_graph.cc
diff --git a/runtime/vm/raw_object.h b/runtime/vm/raw_object.h

Original file line number	Diff line number	Diff line change
`@@ -154,6 +154,7 @@ compiler_sources = [`
`154`	`154`	`]`
`155`	`155`
`156`	`156`	`compiler_sources_tests = [`
	`157`	`+ "asm_intrinsifier_test.cc",`
`157`	`158`	`"assembler/assembler_arm64_test.cc",`
`158`	`159`	`"assembler/assembler_arm_test.cc",`
`159`	`160`	`"assembler/assembler_ia32_test.cc",`
Original file line number	Diff line number	Diff line change
`@@ -297,7 +297,7 @@ void Become::ElementsForwardIdentity(const Array& before, const Array& after) {`
`297`	`297`	`ForwardObjectTo(before_obj, after_obj);`
`298`	`298`	`heap->ForwardWeakEntries(before_obj, after_obj);`
`299`	`299`	`#if defined(HASH_IN_OBJECT_HEADER)`
`300`		`- Object::SetCachedHash(after_obj, Object::GetCachedHash(before_obj));`
	`300`	`+ Object::SetCachedHashIfNotSet(after_obj, Object::GetCachedHash(before_obj));`
`301`	`301`	`#endif`
`302`	`302`	`}`
`303`	`303`
Original file line number	Diff line number	Diff line change
`@@ -224,7 +224,7 @@ InstancePtr InstanceMorpher::Morph(const Instance& instance) const {`
`224`	`224`	`}`
`225`	`225`	`#if defined(HASH_IN_OBJECT_HEADER)`
`226`	`226`	`const uint32_t hash = Object::GetCachedHash(instance.ptr());`
`227`		`- Object::SetCachedHash(result.ptr(), hash);`
	`227`	`+ Object::SetCachedHashIfNotSet(result.ptr(), hash);`
`228`	`228`	`#endif`
`229`	`229`
`230`	`230`	`// Morph the context from instance to result using mapping_.`