RFR: 8229867: Re-examine synchronization usages in http and https protocol handlers
Daniel Fuchs
dfuchs at openjdk.java.net
Thu Oct 8 15:24:44 UTC 2020
Hi,
This is a fix that upgrades the old HTTP and HTTPS legacy stack to use virtual-thread friendly locking instead of
synchronized monitors.
Most of the changes are mechanical - but there are still a numbers of subtle non-mechanical differences that are
outlined below:
1. src/java.base/share/classes/sun/net/www/MessageHeader.java:
`MessageHeader::print(PrintStream)` => synchronization modified to not synchronize on this while printing
( a snapshot of the data is taken before printing instead)
2. src/java.base/share/classes/sun/net/www/MeteredStream.java:
`MeteredStream::close` was missing synchronization: it is now protected by the lock
3. src/java.base/share/classes/sun/net/www/http/ChunkedOutputStream.java:
`ChunkedOutputStream` no longer extends `PrintStream` but extends `OutputStream` directly.
Extending `PrintStream` is problematic for virtual thread. After careful analysis, it appeared that
`ChunkedOutputStream` didn't really need to extend `PrintStream`. `ChunkedOutputStream`
is already wrapping a `PrintStream`. `ChunkedOutputStream` is never returned directly to user
code but is wrapped in another stream. `ChunkedOutputStream` completely reimplement and
reverse the flush logic implemented by its old super class`PrintStream` which leads me to believe
there was no real reason for it to extend `PrintStream` - except for being able to call its `checkError`
method - which can be done by using `instanceof ChunkedOutputStream` in the caller instead of
casting to PrintStream.
4. src/java.base/share/classes/sun/net/www/http/HttpClient.java:
Synchronization removed from `HttpClient::privilegedOpenServer` and replaced by an `assert`.
There is no need for a synchronized here as the method is only called from a method that already
holds the lock.
5. src/java.base/share/classes/sun/net/www/http/KeepAliveCache.java:
Synchronization removed from `KeepAliveCache::removeVector` and replaced by an `assert`.
This method is only called from methods already protected by the lock.
Also the method has been made private.
6. src/java.base/share/classes/sun/net/www/http/KeepAliveStream.java
`queuedForCleanup` is made volatile as it is read and written directly from outside the class
and without protection by the `KeepAliveCleanerEntry`.
Lock protection is also added to `close()`, which was missing it.
Some methods that have no lock protection and did not need it because only called from
within code blocks protected by the lock have aquired an `assert isLockHeldByCurrentThread();`
7. Concrete subclasses of `AuthenticationInfo` that provide an implementation for
`AuthenticationInfo::setHeaders(HttpURLConnection conn, HeaderParser p, String raw)` have
acquired an `assert conn.isLockheldByCurrentThread();` as the method should only be called
from within a lock-protected block in `s.n.w.p.h.HttpURLConnection`
8. src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
Several methods in this class have a acquired an `assert isLockheldByCurrentThread();`
to help track the fact that AuthenticationInfo::setHeaders is only called while
holding the lock.
Synchronization was also removed from some method that didn't need it because only
called from within code blocks protected by the lock:
`getOutputStream0()`: synchronization removed and replaced by an `assert isLockheldByCurrentThread();`
`setCookieHeader()`: synchronization removed and replaced by an `assert isLockheldByCurrentThread();`
`getInputStream0()`: synchronization removed and replaced by an `assert isLockheldByCurrentThread();`
`StreamingOutputStream`: small change to accomodate point 3. above (changes in ChunkedOutputStream).
9. src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java.:
synchronization removed from `setHeaders` and replace by an assert. See point 7. above.
10. src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java:
synchronization removed from `setHeaders` and replace by an assert. See point 7. above.
11. src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java:
synchronization removed from `setHeaders` and replace by an assert. See point 7. above.
-------------
Commit messages:
- 8229867: Re-examine synchronization usages in http and https protocol handlers
Changes: https://git.openjdk.java.net/jdk/pull/558/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=558&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8229867
Stats: 1116 lines in 18 files changed: 551 ins; 149 del; 416 mod
Patch: https://git.openjdk.java.net/jdk/pull/558.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/558/head:pull/558
PR: https://git.openjdk.java.net/jdk/pull/558
More information about the security-dev
mailing list