Bug 248631

At the moment, this is manifesting as intermittent timeouts in the arm32 linux test runner, for example: https://build.webkit.org/#/builders/24/builds/17430 After investigation, this is the test `stress/waitasync-waiter-list-order.js` hanging; this manifests as some of the workers hanging on the initial `Atomic.wait` call in that test--using a debugger to examine the memory being waited on reveals that they should all have woken up and moved on. The implementation of both `Atomic.wait` and `Atomic.waitAsync` begin by atomically reading from the array and comparing the result to the expected value, then obtaining a lock on the list of waiters and proceeding from there--this is contrary to the spec [1], which requires that the atomic read happens while the list of waiters is exclusively locked and allows a race where the following interleaving results in A hanging indefinitely if no other calls to Atomic.notify on that address occur: thread A: begin Atomic.wait(buffer, idx, expected_value) thread A: read buffer[idx], get expected_value thread B: perform Atomic.store(buffer, idx, unexpected_value) thread B: perform Atomic.notify(buffer, idx) [nothing is notified since the list of waiters is empty] thread A: lock list of waiters, wait on condition variable, hang waiting for next notify --- This is fixed by performing the atomic read after the list of waiters is locked Patch forthcoming. [1] https://tc39.es/ecma262/multipage/structured-data.html#sec-atomics.wait