Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 6.1.3
    • Fix Version/s: 6.1.4rc0
    • Component/s: None
    • Labels:
      None
    • Number of attachments :
      0

      Description

      Bad locking behavior in BoundedThreadPool may lead to unexpected deadlocks in conjunction with other code. This is caused by java's special string handling. Every String "LOCK" is the same object. If jetty uses synchronized("LOCK") and some other code which has absolutely nothing to do with jetty, but happens to run inside the same jvm , uses synchronized("LOCK"), they both lock the same object...

      BoundedThreadPool :
      private final String _lock = "LOCK";
      ...
      synchronized(_lock)
      {
      ...
      }

      From the java language specification:

      1. Literal strings within the same class (8) in the same package (7) represent references to the same String object (4.3.1).
      2. Literal strings within different classes in the same package represent references to the same String object.
      3. Literal strings within different classes in different packages likewise represent references to the same String object.
      4. Strings computed by constant expressions (15.28) are computed at compile time and then treated as if they were literals.
      5. Strings computed at run time are newly created and therefore distinct.
      6. The result of explicitly interning a computed string is the same string as any pre-existing literal string with the same contents.

        Activity

        Hide
        Greg Wilkins added a comment -

        thanks - fixed

        Show
        Greg Wilkins added a comment - thanks - fixed
        Hide
        Bill Pugh added a comment -

        Forgot another occurrence:

        M M DL: Synchronization on shared constant could deadlock in org.mortbay.jetty.security.Credential$MD5.digest(String) At Credential.java:[line 185]

        The head version of FindBugs now looks for this bug pattern.

        Show
        Bill Pugh added a comment - Forgot another occurrence: M M DL: Synchronization on shared constant could deadlock in org.mortbay.jetty.security.Credential$MD5.digest(String) At Credential.java: [line 185] The head version of FindBugs now looks for this bug pattern.

          People

          • Assignee:
            Unassigned
            Reporter:
            Yug
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: