Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Call to TypeVariable.getBounds() without synchronization unsafe on some platforms #1408

Closed
ThomasKrieger opened this issue Oct 10, 2016 · 4 comments
Closed

Call to TypeVariable.getBounds() without synchronization unsafe on some platforms #1408

ThomasKrieger opened this issue Oct 10, 2016 · 4 comments

Comments

@ThomasKrieger
Copy link

The method com/fasterxml/jackson/databind/type/TypeFactory._fromVariable calls TypeVariable.getBounds() from multiple threads. TypeVariable.getBounds() is in the current implementation not thread
safe: sun/reflect/generics/reflectiveObjects/TypeVariableImpl.getBounds.

Here is the stack trace found by vmlens, a tool to test multithreaded java:
sun/reflect/generics/reflectiveObjects/TypeVariableImpl.getBounds
com/fasterxml/jackson/databind/type/TypeFactory._fromVariable
com/fasterxml/jackson/databind/type/TypeFactory._fromAny
com/fasterxml/jackson/databind/type/TypeFactory._fromParamType
com/fasterxml/jackson/databind/type/TypeFactory._fromAny
com/fasterxml/jackson/databind/type/TypeFactory._resolveSuperClass
com/fasterxml/jackson/databind/type/TypeFactory._fromClass
com/fasterxml/jackson/databind/type/TypeFactory._fromAny
com/fasterxml/jackson/databind/type/TypeFactory.constructType
com/fasterxml/jackson/databind/ObjectMapper.readValue
com/vmlens/testMultithreadedJson/jackson/JacksonLocalVariable.testRead

I used version 2.8.3
@cowtowncoder
Copy link
Member

cowtowncoder commented Oct 10, 2016
edited
Loading

From caller perspective this does not make much sense: there is no multi-threaded access aside from possibility that same Class value may be passed by different threads. And surely there shouldn't be any assumption that Class introspection would need to be externally synchronized? I haven't seen any javadocs suggesting this.

But if the developers at javasoft have managed to create such a flaw I would be interested in seeing failure stack trace stemming from this. I see that in theory this could be problematic, given that private variable is not volatile, nor access synchronized. However.... the fact that implementation itself does not do syncing, nor warn in javadocs about need to, suggests that perhaps there is no actual problem?
I am fine solving actual problems if they can be shown to exist.

If it was possible to get an actual exception showing the problem (not just theoretical issue a tool suggests), that'd be great.

@cowtowncoder
Copy link
Member

Can not reproduce, closing.

@stipundzya
Copy link

stipundzya commented Jan 14, 2019
edited
Loading

TypeVariable isn't thread safe.
https://vmlens.com/articles/java-lang-reflect-typevariable-getbounds-is-not-thread-safe/

@cowtowncoder cowtowncoder reopened this Jan 15, 2019
@cowtowncoder
Copy link
Member

@stipundzya thank you for providing that link. That looks... unfortunate. I'll see how easy it'd be to add simple locking, given this, even if it's not something easily reproduced.

@cowtowncoder cowtowncoder changed the title Call to not thread safe TypeVariable.getBounds() without synchronization Call to TypeVariable.getBounds() without synchronization unsafe on some platforms Jan 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cowtowncoder @stipundzya @ThomasKrieger