Unsafe double-checked locking in SpelExpression#compileExpression #24265
Comments
spring-projects-issues
added
the
status: waiting-for-triage
|
@aclement, can you please take a look at this? |
sbrannen
added
the
in: core
|
Yep @PascalSchumacher I think you are right. Syncing on string has a chance to cause trouble (but I'm not aware of anyone reporting it actually did). Also, I think ideally we should make compiledAst volatile - although I don't think that causes us breaking issues other than not being optimal in this case (I am not an expert on java concurrency though!). We just might compile the same expression twice (the latest one winning), but It think there is no harm in that other than creating an unnecessary duplicate class representing the compiled expression, things shouldn't blow up. Want to submit a PR? |
snicoll
added
the
status: waiting-for-feedback
jhoeller
added
type: bug
|
@aclement @PascalSchumacher Thanks for the report and for the analysis! I'll take care of this, aligning it with similar arrangements in other parts of the codebase, and also backporting it. So no need for a PR, however, happy to take any further insight into account... |
jhoeller
changed the title
jhoeller
added
the
for: backport-to-5.1.x
spring-projects-issues
added
status: backported
The double-checked locking
SpelExpression#compileExpressiondoes not seem to be thread safe, becausecompiledAstis notvolatile, see:https://github.com/spring-projects/spring-framework/blob/master/spring-expression/src/main/java/org/springframework/expression/spel/standard/SpelExpression.java#L506
Or am I missing something?
Edit:
Also
SpelExpression#compileExpressionusesthis.expression(aString) as a lock object. Shouldn't this be avoided, as Strings objects are shared throughout the program?The text was updated successfully, but these errors were encountered: