Fix race condition between GCDaemon and DeleteLocalReference
There is a race condition between the GCDaemon visiting
thread local roots starting from the thread's indirect ref table (IRT)
and another thread calling JNI::DeleteLocalReference, which is clearing
one of the indirect references.
To cope with the race condition the DeleteLocalReference used to transit
from suspended to running state by creating a ScopedObjectReference(env).
But this transition was removed with the following patch:
https://android.googlesource.com/platform/art/+/ef28b14268ed0f9db0c7bbd571aa514354a360bd%5E!/#F0
If so the GCDaemon must be careful to work with IRT entries.
This new patch:
1. calls the visitor only if the reference is not null. This if-null
behavior of ART GC is consistent with what Dalvik GC does.
2. But this might be not enough for some future sophisticated GC algorithms.
For example, if GC moves an object, then the IRT entry must be changed
with CAS only if it has not been cleared. So, for the safety reasons
the patch put backs the ScopedObjectReference soa(env) to
DeleteLocalReference.
Only one of those two changes would be enough.
mathieuc note: I decided to delete the root null check but kept the
ScopedObjectAccess in DeleteLocalRef and added missing annotations as
well as more ScopedObjectAccess in jni internals.
Bug: 14626564
Change-Id: I90d4b8494f61404579ecdd2918d1482093d99387
Signed-off-by: Yevgeny Rouban <yevgeny.y.rouban@intel.com>
Signed-off-by: Yang Chang <yang.chang@intel.com>
5 files changed