From de49a22034cfb5b50467cde52cdcb268d6b7423a Mon Sep 17 00:00:00 2001 From: Mathieu Chartier Date: Thu, 4 Sep 2014 13:54:08 -0700 Subject: Fix race in finalizeAllEnqueued. The problem was as follows: The GC finishes and enqueues all cleared references on the ReferenceQueue.unenqueued list. Then someone calls finalizeAllEnqueued which enqueues a finalizer reference directly on the finalizer reference queue. However the recently cleared references had not yet been processed by the ReferenceQueueDaemon resulting in the sentinal being finalized before the objects which were freed in the GC. The fix is enqueuing the sentinel finalizer reference on the unenqueued queue. (cherry picked from commit 2cc3d41ff2dfd673fa1ab4ef2a46525933d523ec) Change-Id: I0598199ef56aa8bd9e1fa40c39d50b2785dc5c10 --- luni/src/main/java/java/lang/ref/FinalizerReference.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'luni') diff --git a/luni/src/main/java/java/lang/ref/FinalizerReference.java b/luni/src/main/java/java/lang/ref/FinalizerReference.java index 14eaae4..47dc0b4 100644 --- a/luni/src/main/java/java/lang/ref/FinalizerReference.java +++ b/luni/src/main/java/java/lang/ref/FinalizerReference.java @@ -98,7 +98,13 @@ public final class FinalizerReference extends Reference { FinalizerReference sentinelReference = (FinalizerReference) r; sentinelReference.referent = null; sentinelReference.zombie = sentinel; - sentinelReference.enqueueInternal(); + // Make a single element list, then enqueue the reference on the daemon unenqueued + // list. This is required instead of enqueuing directly on the finalizer queue + // since there could be recently freed objects in the unqueued list which are not + // yet on the finalizer queue. This could cause the sentinel to run before the + // objects are finalized. b/17381967 + sentinelReference.pendingNext = sentinelReference; + ReferenceQueue.add(sentinelReference); return; } } -- cgit v1.1