[foreign-memaccess+abi] RFR: 8275054: Racy updates when releasing confined scopes

[Maurizio Cimadamore]

On Mon, 11 Oct 2021 13:28:15 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:

> As the subject says, there are cases where a close dependency on a confined parent scope can occur from an unrelated thread:
> 
> 1. the confined scope is acquired by another confined scope featuring implicit cleanup - in which case the cleaner thread will do the release
> 
> 2. the confined scope is acquired, in the same thread, by a shared scope. Since a shared scope can be closed by any other thread, it follows that release can also be done by any thread.
> 
> In such cases we can have races (either between release/release or between acquire/release) and the `lockCount` variable of the updated scope becomes garbage.
> 
> The solution is to add an extra variable `asyncReleaseCount`. If a release request occur from the same thread that owns the confined scope, we proceed as usual, otherwise we atomically increment the `asyncReleaseCount`. When the confined scope is later closed, if `lockCount == 0`, nothing needs to be done, so we can just close. Otherwise, we need to check that `lockCount - asyncReleaseCount == 0`. This works because a confined segment can only be acquired by the same thread owning it. So, if `lockCount == 0` there can be no other pending release.

Another solution would have been to trigger an exception when setting up a dependency from a shared scope to a confined scope - but we still need the same logic for implicitly closeable scopes anyway.

-------------

PR: https://git.openjdk.java.net/panama-foreign/pull/596