3 files changed, 106 insertions, 21 deletions
diff --git a/libutils/include/utils/Mutex.h b/libutils/include/utils/Mutex.h
index d106185f0..af6076cf3 100644
--- a/libutils/include/utils/Mutex.h
+++ b/libutils/include/utils/Mutex.h
@@ -28,6 +28,53 @@
 #include <utils/Errors.h>
 #include <utils/Timers.h>
+// Enable thread safety attributes only with clang.
+// The attributes can be safely erased when compiling with other compilers.
+#if defined(__clang__) && (!defined(SWIG))
+#define THREAD_ANNOTATION_ATTRIBUTE__(x) __attribute__((x))
+#else
+#define THREAD_ANNOTATION_ATTRIBUTE__(x)  // no-op
+#endif
+#define CAPABILITY(x) THREAD_ANNOTATION_ATTRIBUTE__(capability(x))
+#define SCOPED_CAPABILITY THREAD_ANNOTATION_ATTRIBUTE__(scoped_lockable)
+#define GUARDED_BY(x) THREAD_ANNOTATION_ATTRIBUTE__(guarded_by(x))
+#define PT_GUARDED_BY(x) THREAD_ANNOTATION_ATTRIBUTE__(pt_guarded_by(x))
+#define ACQUIRED_BEFORE(...) THREAD_ANNOTATION_ATTRIBUTE__(acquired_before(__VA_ARGS__))
+#define ACQUIRED_AFTER(...) THREAD_ANNOTATION_ATTRIBUTE__(acquired_after(__VA_ARGS__))
+#define REQUIRES(...) THREAD_ANNOTATION_ATTRIBUTE__(requires_capability(__VA_ARGS__))
+#define REQUIRES_SHARED(...) THREAD_ANNOTATION_ATTRIBUTE__(requires_shared_capability(__VA_ARGS__))
+#define ACQUIRE(...) THREAD_ANNOTATION_ATTRIBUTE__(acquire_capability(__VA_ARGS__))
+#define ACQUIRE_SHARED(...) THREAD_ANNOTATION_ATTRIBUTE__(acquire_shared_capability(__VA_ARGS__))
+#define RELEASE(...) THREAD_ANNOTATION_ATTRIBUTE__(release_capability(__VA_ARGS__))
+#define RELEASE_SHARED(...) THREAD_ANNOTATION_ATTRIBUTE__(release_shared_capability(__VA_ARGS__))
+#define TRY_ACQUIRE(...) THREAD_ANNOTATION_ATTRIBUTE__(try_acquire_capability(__VA_ARGS__))
+#define TRY_ACQUIRE_SHARED(...) \
+    THREAD_ANNOTATION_ATTRIBUTE__(try_acquire_shared_capability(__VA_ARGS__))
+#define EXCLUDES(...) THREAD_ANNOTATION_ATTRIBUTE__(locks_excluded(__VA_ARGS__))
+#define ASSERT_CAPABILITY(x) THREAD_ANNOTATION_ATTRIBUTE__(assert_capability(x))
+#define ASSERT_SHARED_CAPABILITY(x) THREAD_ANNOTATION_ATTRIBUTE__(assert_shared_capability(x))
+#define RETURN_CAPABILITY(x) THREAD_ANNOTATION_ATTRIBUTE__(lock_returned(x))
+#define NO_THREAD_SAFETY_ANALYSIS THREAD_ANNOTATION_ATTRIBUTE__(no_thread_safety_analysis)
 // ---------------------------------------------------------------------------
 namespace android {
 // ---------------------------------------------------------------------------
@@ -44,24 +91,24 @@ class Condition;
 * The mutex must be unlocked by the thread that locked it.  They are not
 * recursive, i.e. the same thread can't lock it multiple times.
 */
-class Mutex {
+class CAPABILITY("mutex") Mutex {
-public:
+  public:
    enum {
        PRIVATE = 0,
        SHARED = 1
    };
-                Mutex();
+    Mutex();
-    explicit    Mutex(const char* name);
+    explicit Mutex(const char* name);
-    explicit    Mutex(int type, const char* name = NULL);
+    explicit Mutex(int type, const char* name = NULL);
-                ~Mutex();
+    ~Mutex();
    // lock or unlock the mutex
-    status_t    lock();
+    status_t lock() ACQUIRE();
-    void        unlock();
+    void unlock() RELEASE();
    // lock if possible; returns 0 on success, error otherwise
-    status_t    tryLock();
+    status_t tryLock() TRY_ACQUIRE(true);
 #if defined(__ANDROID__)
    // Lock the mutex, but don't wait longer than timeoutNs (relative time).
@@ -75,32 +122,36 @@ public:
    // which is subject to NTP adjustments, and includes time during suspend,
    // so a timeout may occur even though no processes could run.
    // Not holding a partial wakelock may lead to a system suspend.
-    status_t    timedLock(nsecs_t timeoutNs);
+    status_t timedLock(nsecs_t timeoutNs) TRY_ACQUIRE(true);
 #endif
    // Manages the mutex automatically. It'll be locked when Autolock is
    // constructed and released when Autolock goes out of scope.
-    class Autolock {
+    class SCOPED_CAPABILITY Autolock {
-    public:
+      public:
-        inline explicit Autolock(Mutex& mutex) : mLock(mutex)  { mLock.lock(); }
+        inline explicit Autolock(Mutex& mutex) ACQUIRE(mutex) : mLock(mutex) { mLock.lock(); }
-        inline explicit Autolock(Mutex* mutex) : mLock(*mutex) { mLock.lock(); }
+        inline explicit Autolock(Mutex* mutex) ACQUIRE(mutex) : mLock(*mutex) { mLock.lock(); }
-        inline ~Autolock() { mLock.unlock(); }
+        inline ~Autolock() RELEASE() { mLock.unlock(); }
-    private:
+      private:
        Mutex& mLock;
+        // Cannot be copied or moved - declarations only
+        Autolock(const Autolock&);
+        Autolock& operator=(const Autolock&);
    };
-private:
+  private:
    friend class Condition;
    // A mutex cannot be copied
-                Mutex(const Mutex&);
+    Mutex(const Mutex&);
-    Mutex&      operator = (const Mutex&);
+    Mutex& operator=(const Mutex&);
 #if !defined(_WIN32)
    pthread_mutex_t mMutex;
 #else
-    void    _init();
+    void _init();
-    void*   mState;
+    void* mState;
 #endif
 };
diff --git a/libutils/tests/Android.bp b/libutils/tests/Android.bp
index 7b62c2436..08691756a 100644
--- a/libutils/tests/Android.bp
+++ b/libutils/tests/Android.bp
@@ -23,6 +23,7 @@ cc_test {
    srcs: [
        "BitSet_test.cpp",
        "LruCache_test.cpp",
+        "Mutex_test.cpp",
        "Singleton_test.cpp",
        "String8_test.cpp",
        "StrongPointer_test.cpp",
@@ -71,6 +72,7 @@ cc_test {
        "-Wall",
        "-Wextra",
        "-Werror",
+        "-Wthread-safety",
    ],
 }
diff --git a/libutils/tests/Mutex_test.cpp b/libutils/tests/Mutex_test.cpp
new file mode 100644
index 000000000..8a1805f51
--- /dev/null
+++ b/libutils/tests/Mutex_test.cpp
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <utils/Mutex.h>
+#include <gtest/gtest.h>
+static android::Mutex mLock;
+static int i GUARDED_BY(mLock);
+void modifyLockedVariable() REQUIRES(mLock) {
+    i = 1;
+}
+TEST(Mutex, compile) {
+    android::Mutex::Autolock _l(mLock);
+    i = 0;
+    modifyLockedVariable();
+}
+\ No newline at end of file

diff --git a/libutils/include/utils/Mutex.h b/libutils/include/utils/Mutex.h index d106185f0..af6076cf3 100644 --- a/libutils/include/utils/Mutex.h +++ b/libutils/include/utils/Mutex.h
@@ -28,6 +28,53 @@
28	#include <utils/Errors.h>	28	#include <utils/Errors.h>
29	#include <utils/Timers.h>	29	#include <utils/Timers.h>
30		30
		31	// Enable thread safety attributes only with clang.
		32	// The attributes can be safely erased when compiling with other compilers.
		33	#if defined(__clang__) && (!defined(SWIG))
		34	#define THREAD_ANNOTATION_ATTRIBUTE__(x) __attribute__((x))
		35	#else
		36	#define THREAD_ANNOTATION_ATTRIBUTE__(x) // no-op
		37	#endif
		38
		39	#define CAPABILITY(x) THREAD_ANNOTATION_ATTRIBUTE__(capability(x))
		40
		41	#define SCOPED_CAPABILITY THREAD_ANNOTATION_ATTRIBUTE__(scoped_lockable)
		42
		43	#define GUARDED_BY(x) THREAD_ANNOTATION_ATTRIBUTE__(guarded_by(x))
		44
		45	#define PT_GUARDED_BY(x) THREAD_ANNOTATION_ATTRIBUTE__(pt_guarded_by(x))
		46
		47	#define ACQUIRED_BEFORE(...) THREAD_ANNOTATION_ATTRIBUTE__(acquired_before(__VA_ARGS__))
		48
		49	#define ACQUIRED_AFTER(...) THREAD_ANNOTATION_ATTRIBUTE__(acquired_after(__VA_ARGS__))
		50
		51	#define REQUIRES(...) THREAD_ANNOTATION_ATTRIBUTE__(requires_capability(__VA_ARGS__))
		52
		53	#define REQUIRES_SHARED(...) THREAD_ANNOTATION_ATTRIBUTE__(requires_shared_capability(__VA_ARGS__))
		54
		55	#define ACQUIRE(...) THREAD_ANNOTATION_ATTRIBUTE__(acquire_capability(__VA_ARGS__))
		56
		57	#define ACQUIRE_SHARED(...) THREAD_ANNOTATION_ATTRIBUTE__(acquire_shared_capability(__VA_ARGS__))
		58
		59	#define RELEASE(...) THREAD_ANNOTATION_ATTRIBUTE__(release_capability(__VA_ARGS__))
		60
		61	#define RELEASE_SHARED(...) THREAD_ANNOTATION_ATTRIBUTE__(release_shared_capability(__VA_ARGS__))
		62
		63	#define TRY_ACQUIRE(...) THREAD_ANNOTATION_ATTRIBUTE__(try_acquire_capability(__VA_ARGS__))
		64
		65	#define TRY_ACQUIRE_SHARED(...) \
		66	THREAD_ANNOTATION_ATTRIBUTE__(try_acquire_shared_capability(__VA_ARGS__))
		67
		68	#define EXCLUDES(...) THREAD_ANNOTATION_ATTRIBUTE__(locks_excluded(__VA_ARGS__))
		69
		70	#define ASSERT_CAPABILITY(x) THREAD_ANNOTATION_ATTRIBUTE__(assert_capability(x))
		71
		72	#define ASSERT_SHARED_CAPABILITY(x) THREAD_ANNOTATION_ATTRIBUTE__(assert_shared_capability(x))
		73
		74	#define RETURN_CAPABILITY(x) THREAD_ANNOTATION_ATTRIBUTE__(lock_returned(x))
		75
		76	#define NO_THREAD_SAFETY_ANALYSIS THREAD_ANNOTATION_ATTRIBUTE__(no_thread_safety_analysis)
		77
31	// ---------------------------------------------------------------------------	78	// ---------------------------------------------------------------------------
32	namespace android {	79	namespace android {
33	// ---------------------------------------------------------------------------	80	// ---------------------------------------------------------------------------
@@ -44,24 +91,24 @@ class Condition;
44	* The mutex must be unlocked by the thread that locked it. They are not	91	* The mutex must be unlocked by the thread that locked it. They are not
45	* recursive, i.e. the same thread can't lock it multiple times.	92	* recursive, i.e. the same thread can't lock it multiple times.
46	*/	93	*/
47	class Mutex {	94	class CAPABILITY("mutex") Mutex {
48	public:	95	public:
49	enum {	96	enum {
50	PRIVATE = 0,	97	PRIVATE = 0,
51	SHARED = 1	98	SHARED = 1
52	};	99	};
53		100
54	Mutex();	101	Mutex();
55	explicit Mutex(const char* name);	102	explicit Mutex(const char* name);
56	explicit Mutex(int type, const char* name = NULL);	103	explicit Mutex(int type, const char* name = NULL);
57	~Mutex();	104	~Mutex();
58		105
59	// lock or unlock the mutex	106	// lock or unlock the mutex
60	status_t lock();	107	status_t lock() ACQUIRE();
61	void unlock();	108	void unlock() RELEASE();
62		109
63	// lock if possible; returns 0 on success, error otherwise	110	// lock if possible; returns 0 on success, error otherwise
64	status_t tryLock();	111	status_t tryLock() TRY_ACQUIRE(true);
65		112
66	#if defined(__ANDROID__)	113	#if defined(__ANDROID__)
67	// Lock the mutex, but don't wait longer than timeoutNs (relative time).	114	// Lock the mutex, but don't wait longer than timeoutNs (relative time).
@@ -75,32 +122,36 @@ public:
75	// which is subject to NTP adjustments, and includes time during suspend,	122	// which is subject to NTP adjustments, and includes time during suspend,
76	// so a timeout may occur even though no processes could run.	123	// so a timeout may occur even though no processes could run.
77	// Not holding a partial wakelock may lead to a system suspend.	124	// Not holding a partial wakelock may lead to a system suspend.
78	status_t timedLock(nsecs_t timeoutNs);	125	status_t timedLock(nsecs_t timeoutNs) TRY_ACQUIRE(true);
79	#endif	126	#endif
80		127
81	// Manages the mutex automatically. It'll be locked when Autolock is	128	// Manages the mutex automatically. It'll be locked when Autolock is
82	// constructed and released when Autolock goes out of scope.	129	// constructed and released when Autolock goes out of scope.
83	class Autolock {	130	class SCOPED_CAPABILITY Autolock {
84	public:	131	public:
85	inline explicit Autolock(Mutex& mutex) : mLock(mutex) { mLock.lock(); }	132	inline explicit Autolock(Mutex& mutex) ACQUIRE(mutex) : mLock(mutex) { mLock.lock(); }
86	inline explicit Autolock(Mutex* mutex) : mLock(*mutex) { mLock.lock(); }	133	inline explicit Autolock(Mutex* mutex) ACQUIRE(mutex) : mLock(*mutex) { mLock.lock(); }
87	inline ~Autolock() { mLock.unlock(); }	134	inline ~Autolock() RELEASE() { mLock.unlock(); }
88	private:	135
		136	private:
89	Mutex& mLock;	137	Mutex& mLock;
		138	// Cannot be copied or moved - declarations only
		139	Autolock(const Autolock&);
		140	Autolock& operator=(const Autolock&);
90	};	141	};
91		142
92	private:	143	private:
93	friend class Condition;	144	friend class Condition;
94		145
95	// A mutex cannot be copied	146	// A mutex cannot be copied
96	Mutex(const Mutex&);	147	Mutex(const Mutex&);
97	Mutex& operator = (const Mutex&);	148	Mutex& operator=(const Mutex&);
98		149
99	#if !defined(_WIN32)	150	#if !defined(_WIN32)
100	pthread_mutex_t mMutex;	151	pthread_mutex_t mMutex;
101	#else	152	#else
102	void _init();	153	void _init();
103	void* mState;	154	void* mState;
104	#endif	155	#endif
105	};	156	};
106		157


diff --git a/libutils/tests/Android.bp b/libutils/tests/Android.bp index 7b62c2436..08691756a 100644 --- a/libutils/tests/Android.bp +++ b/libutils/tests/Android.bp
@@ -23,6 +23,7 @@ cc_test {
23	srcs: [	23	srcs: [
24	"BitSet_test.cpp",	24	"BitSet_test.cpp",
25	"LruCache_test.cpp",	25	"LruCache_test.cpp",
		26	"Mutex_test.cpp",
26	"Singleton_test.cpp",	27	"Singleton_test.cpp",
27	"String8_test.cpp",	28	"String8_test.cpp",
28	"StrongPointer_test.cpp",	29	"StrongPointer_test.cpp",
@@ -71,6 +72,7 @@ cc_test {
71	"-Wall",	72	"-Wall",
72	"-Wextra",	73	"-Wextra",
73	"-Werror",	74	"-Werror",
		75	"-Wthread-safety",
74	],	76	],
75	}	77	}
76		78


diff --git a/libutils/tests/Mutex_test.cpp b/libutils/tests/Mutex_test.cpp new file mode 100644 index 000000000..8a1805f51 --- /dev/null +++ b/libutils/tests/Mutex_test.cpp
@@ -0,0 +1,32 @@
		1	/*
		2	* Copyright (C) 2016 The Android Open Source Project
		3	*
		4	* Licensed under the Apache License, Version 2.0 (the "License");
		5	* you may not use this file except in compliance with the License.
		6	* You may obtain a copy of the License at
		7	*
		8	* http://www.apache.org/licenses/LICENSE-2.0
		9	*
		10	* Unless required by applicable law or agreed to in writing, software
		11	* distributed under the License is distributed on an "AS IS" BASIS,
		12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		13	* See the License for the specific language governing permissions and
		14	* limitations under the License.
		15	*/
		16
		17	#include <utils/Mutex.h>
		18
		19	#include <gtest/gtest.h>
		20
		21	static android::Mutex mLock;
		22	static int i GUARDED_BY(mLock);
		23
		24	void modifyLockedVariable() REQUIRES(mLock) {
		25	i = 1;
		26	}
		27
		28	TEST(Mutex, compile) {
		29	android::Mutex::Autolock _l(mLock);
		30	i = 0;
		31	modifyLockedVariable();
		32	} \ No newline at end of file