Fwd: Re: Code review request: 7063647, jsse/runtime, To use synchronized map in key manager

Xuelei Fan xuelei.fan at oracle.com
Mon Aug 15 03:32:28 UTC 2011 

On 8/15/2011 11:28 AM, Weijun Wang wrote:
> So you mean you don't really care if the serverAliasCache.put(*,*)
> method would be executed twice for the same keyType, because the value
> will always be the same and there will be no harm made. Right?
> 
Yes.

I don't want to synchronize the get/put block because of performance and
potential deadlock issues. Once the alias is out into the cache, line
262~267 will not be executed any more.

> If so, I'm fine with the code change.
> 
Thanks for the code review.

Xuelei (Andrew)

> [ I add CC back, otherwise no one can prove you get a yes for the code
> review ]
> 
> -Max
> 
> 
> On 08/15/2011 11:09 AM, Xuelei Fan wrote:
>> On 8/15/2011 11:02 AM, Xuelei Fan wrote:
>>> On 8/15/2011 10:35 AM, Weijun Wang wrote:
>>>> I'm not sure what action on serverAliasCache you want to protect.
>>>>
>>>> For example,
>>>>
>>>>   260             aliases = serverAliasCache.get(keyType);
>>>>   261             if (aliases == null) {
>>>>   262                 aliases = getServerAliases(keyType, issuers);
>>>>   263                 // Cache the result (positive and negative
>>>> lookups)
>>>>   264                 if (aliases == null) {
>>>>   265                     aliases = STRING0;
>>>>   266                 }
>>>>   267                 serverAliasCache.put(keyType, aliases);
>>>>   268             }
>>>>
>>>> Here it's still possible that two threads run at the same time and both
>>>> going into lines 262. Is this what you want to see?
>>>>
>>> Not exactly, I want to ensure that when one thread works on line 260,
>>> another thread does not work on 267.
>>>
>> The logic of line 262 is a little strange that it will always return the
>> same value. So I don't worried about it.
>>
>> Andrew
>>
>>> Thanks,
>>> Andrew
>>>
>>>> Thanks
>>>> Max
>>>>
>>>>
>>>> On 08/14/2011 08:49 AM, Xuelei Fan wrote:
>>>>> Max,
>>>>>
>>>>> Are you available to review this simple fix?
>>>>>
>>>>> Thanks,
>>>>> Andrew
>>>>>
>>>>> -------- Original Message --------
>>>>> Subject: Re: Code review request: 7063647, jsse/runtime, To use
>>>>> synchronized map in key manager
>>>>> Date: Fri, 12 Aug 2011 09:24:03 +0800
>>>>> From: Xuelei Fan<xuelei.fan at oracle.com>
>>>>> To: Brad Wetmore<bradford.wetmore at oracle.com>
>>>>> CC: OpenJDK<security-dev at openjdk.java.net>
>>>>>
>>>>> Since the all writes done during the constructor, we don't need to use
>>>>> synchronized map for credentialsMap. The HashMap.iterator() is
>>>>> thread-safe for read-only HashMap.
>>>>>
>>>>> new webrev: http://cr.openjdk.java.net/~xuelei/7063647/webrev.01/
>>>>>
>>>>> Xuelei
>>>>>
>>>>> On 8/9/2011 8:58 AM, Xuelei Fan wrote:
>>>>>> On 8/9/2011 8:03 AM, Brad Wetmore wrote:
>>>>>>> Why do you need the "syncronchized (credentialsMap)" at line 344?
>>>>>>> Aren't
>>>>>>> all writes done during the constructor init?
>>>>>>>
>>>>>> The credentialsMap.entrySet() returns the reference of the
>>>>>> backed/internal set, the iteration of the set is not thread safe. The
>>>>>> Collections.synchronizedMap specification requires:
>>>>>> ------------------
>>>>>> It is imperative that the user manually synchronize on the
>>>>>> returned map
>>>>>> when iterating over any of its collection views:
>>>>>>
>>>>>>     Map m = Collections.synchronizedMap(new HashMap());
>>>>>>         ...
>>>>>>     Set s = m.keySet();  // Needn't be in synchronized block
>>>>>>         ...
>>>>>>     synchronized (m) {  // Synchronizing on m, not s!
>>>>>>         Iterator i = s.iterator(); // Must be in synchronized block
>>>>>>         while (i.hasNext())
>>>>>>             foo(i.next());
>>>>>>     }
>>>>>>
>>>>>>
>>>>>> Failure to follow this advice may result in non-deterministic
>>>>>> behavior.
>>>>>> ------------------
>>>>>>
>>>>>> Thanks for the code review.
>>>>>>
>>>>>> Xuelei
>>>>>>
>>>>>>> Otherwise, looks ok.
>>>>>>>
>>>>>>> Brad
>>>>>>>
>>>>>>>
>>>>>>> On 8/7/2011 8:43 PM, Xuelei Fan wrote:
>>>>>>>> webrev: http://cr.openjdk.java.net/~xuelei/7063647/webrev.00/
>>>>>>>>
>>>>>>>> SunX509KeyManagerImpl should be multiple thread safe, need to
>>>>>>>> synchronize cached map:
>>>>>>>>        private Map<String,X509Credentials>    credentialsMap;
>>>>>>>>        private Map<String,String[]>    serverAliasCache;
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Xuelei
>>>>>>
>>>>>
>>>
>>

More information about the security-dev mailing list