Fix HermesNode property access on released JSI objects

[kharrop]

This PR prevents a rare but high-impact Android crash in Hermes where the app can hit a native NullPointerException while reading JS backed objects. It does not change Player flow/state behavior; it only improves safety and diagnostics in a teardown race window.

Context

The crash occurs when native code tries to read a property from a Hermes JSI object that has already been released (often due to timing/lifecycle during teardown or navigation).

This shows up as a fatal NullPointerException inside Hermes/JSI property access (getProperty), which crashes the app process.

Testing

bazel test //jvm/hermes:test //jvm/core:test

Change Type (required)

Indicate the type of change your pull request is:

• patch
• minor
• major
• N/A

Does your PR have any documentation updates?

• Updated docs
• No Update needed
• Unable to update docs

Release Notes

Added a defensive guard in HermesNode so property reads on a released runtime/object fail safely by throwing a PlayerRuntimeException with context instead of a fatal native NPE.

Added regression tests:

• A deterministic unit test for “released JSI object property read”
• A small concurrency test that reads player.state while player.release() is happening

📦 Published PR as canary version: 0.15.2--canary.825.33564

Try this version out locally by upgrading relevant packages to 0.15.2--canary.825.33564

[kharrop]

/canary

[kharrop]

/canary

[kharrop]

/canary

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (2ce16b6) to head (236f900).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@     Coverage Diff     @@
##   main   #825   +/-   ##
===========================
===========================

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[intuit-svc]

Build Preview

Your PR was deployed by CircleCI #33564 on Tue, 17 Mar 2026 16:36:06 GMT with this version:

0.15.2--canary.825.33564

📖 Docs (View site)

[brocollie08]

these shouldn't be impacted since they'll be on the same thread

[brocollie08]

i wrapped the whole thing here and above. mapUndefineToNull as well as decoding can both run into similar race conditions since they need to reach the c++ layer

[sugarmanz]

Don't those operations re-enter evaluateInJSThreadBlocking though? Would we be able to remove that? Or is keeping it in the same block just activating the shortcut?

[sugarmanz]

Do we need to make these updates for the other node impls?

[brocollie08]

mapUndefinedToNull doesn't, decoding does, i moved decoding back out to minimize changes

[sugarmanz]

Looks fine — main concern is consistency across runtime impls. Even if functionally equivalent, the more it diverges, the more difficult it is to maintain.

[sugarmanz]

Do we need to make these updates for the other node impls?

[sugarmanz]

Why do ensureNotReleased here? You're ignoring it for this case in graal:
https://github.com/player-ui/player/pull/825/changes#r3017129498

Just want to be consistent.

[brocollie08]

yea you right, this shouldn't be necessary

[sugarmanz]

Should this whole function be wrapped in ensureNotReleased to avoid needing to call it multiple times?

[sugarmanz]

Do we need the check here if we're sure evaluateInJSThread will wrap block with it?

[brocollie08]

it does, though evaluateInJSThread has the guard as well