Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_art / 65f5f247a367af9d6b9ac63767b69ecf3ab079bc^! / . / runtime / gc / reference_queue.cc
commit65f5f247a367af9d6b9ac63767b69ecf3ab079bc[log] [tgz]
authorHiroshi Yamauchi <yamauchi@google.com>Mon Dec 19 11:44:47 2016 -0800
committerHiroshi Yamauchi <yamauchi@google.com>Mon Dec 19 11:44:47 2016 -0800
treebff631b0efd7e8fe77be9c445ea9224e2b67433b
parent5b32b91d731d6187ada4c6fc804041b7b3b6903c [diff] [blame]
Fix race condition btw DelayReferenceRefernent vs Reference.clear().

Rename IsMarkedHeapReference to IsNullOrMarkedHeapReference.

Move the null check from the caller of IsMarkedHeapReference into
IsNullOrMarkedHeapReference.

Make sure that the referent is only loaded once between the null
check and the IsMarked call.

Use a CAS in ConcurrentCopying::IsNullOrMarkedHeapReference when
called from DelayReferenceRefernent.

Bug: 33389022
Test: test-art-host without and with CC.

Change-Id: I20edab4dac2a4bb02dbb72af0f09de77b55ac08e

diff --git a/runtime/gc/reference_queue.cc b/runtime/gc/reference_queue.cc
index a0eb197..734caea 100644
--- a/runtime/gc/reference_queue.cc
+++ b/runtime/gc/reference_queue.cc

@@ -129,8 +129,9 @@
   while (!IsEmpty()) {
     ObjPtr<mirror::Reference> ref = DequeuePendingReference();
     mirror::HeapReference<mirror::Object>* referent_addr = ref->GetReferentReferenceAddr();
-    if (referent_addr->AsMirrorPtr() != nullptr &&
-        !collector->IsMarkedHeapReference(referent_addr)) {
+    // do_atomic_update is false because this happens during the reference processing phase where
+    // Reference.clear() would block.
+    if (!collector->IsNullOrMarkedHeapReference(referent_addr, /*do_atomic_update*/false)) {
       // Referent is white, clear it.
       if (Runtime::Current()->IsActiveTransaction()) {
         ref->ClearReferent<true>();
@@ -147,8 +148,9 @@
   while (!IsEmpty()) {
     ObjPtr<mirror::FinalizerReference> ref = DequeuePendingReference()->AsFinalizerReference();
     mirror::HeapReference<mirror::Object>* referent_addr = ref->GetReferentReferenceAddr();
-    if (referent_addr->AsMirrorPtr() != nullptr &&
-        !collector->IsMarkedHeapReference(referent_addr)) {
+    // do_atomic_update is false because this happens during the reference processing phase where
+    // Reference.clear() would block.
+    if (!collector->IsNullOrMarkedHeapReference(referent_addr, /*do_atomic_update*/false)) {
       ObjPtr<mirror::Object> forward_address = collector->MarkObject(referent_addr->AsMirrorPtr());
       // Move the updated referent to the zombie field.
       if (Runtime::Current()->IsActiveTransaction()) {