tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 29060] - synchronized block too small in method createSession class session/ManagerBase.java
Date Tue, 18 May 2004 13:48:24 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29060>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29060

synchronized block too small in method createSession class session/ManagerBase.java





------- Additional Comments From rainer.jung@kippdata.de  2004-05-18 13:48 -------
It's not speculation, I just read and understand what's in the code.

The code synchronizes on the HashMap "sessions" when creating a new session. One
of the reasons is to ensure that a newly generated sessionId is not used
already. The code says:

"// Guarantee uniqueness"

Now assume thread A generates a new sessionId X, and a parallely running thread
B creates the same sessionId X after A leaves the synchronized block but before
A calls setId. Then B will not find this session in the HashMap "sessions" and
use the same sessionId X as new.

If you move the call to setId() inside the synchronized block, then the
sessionId X is written into the HashMap before B is able to access the HashMap,
so B will find X as already existing sessionId and generate another one.

The proof is mathematically/logically. 

Of course this bug will only show up, if 
a) generateSessionId does not create unique sessionIDs
b) and one thread is thrown off the CPU exactly between the end of the
synchronized block and the next line or threads excuting in parallel on
multi-CPU systems.

Assumption b) is not under your control, so this might happen often, especially
under high load. Assumption a) seems to be true, because in the existing code
there is already the comment

"// Guarantee uniqueness"

and the author checks every newly generated sessionId for existence.

javadoc says the author is Craig R. McClanahan. Maybe you could pass the
information to him?

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message