Bug 52213

Summary: Field "org.apache.catalina.tribes.transport.bio.util.FastQueue.enabled" should be volatile.
Product: Tomcat 7 Reporter: Mohsen Vakilian <reprogrammer>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal CC: reprogrammer
Priority: P2    
Version: trunk   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Mohsen Vakilian 2011-11-18 23:29:32 UTC
The boolean flag "org.apache.catalina.tribes.transport.bio.util.FastQueue.enabled" may be read/written by multiple threads concurrently (See <http://svn.apache.org/repos/asf/!svn/bc/1203897/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/MessageDispatchInterceptor.java>). Therefore, accesses to it should be properly synchronized. It is sufficient to make this boolean flag volatile to protect access to it.

See <https://www.securecoding.cert.org/confluence/display/java/VNA00-J.+Ensure+visibility+when+accessing+shared+primitive+variables> for more information about this bug pattern.

Keshmesh (https://keshmesh.cs.illinois.edu/) is an Eclipse plugin that
analyzes the source code of Java programs for common concurrency bug patterns. We used Keshmesh to detect this concurrency bug pattern.
Comment 1 Mohsen Vakilian 2011-11-18 23:31:22 UTC
(In reply to comment #0)
> The boolean flag
> "org.apache.catalina.tribes.transport.bio.util.FastQueue.enabled" may be
> read/written by multiple threads concurrently (See
> <http://svn.apache.org/repos/asf/!svn/bc/1203897/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/MessageDispatchInterceptor.java>).
> Therefore, accesses to it should be properly synchronized. It is sufficient to
> make this boolean flag volatile to protect access to it.
> 
> See
> <https://www.securecoding.cert.org/confluence/display/java/VNA00-J.+Ensure+visibility+when+accessing+shared+primitive+variables>
> for more information about this bug pattern.
> 
> Keshmesh (https://keshmesh.cs.illinois.edu/) is an Eclipse plugin that
> analyzes the source code of Java programs for common concurrency bug patterns.
> We used Keshmesh to detect this concurrency bug pattern.

I made a typo in the URL of Keshmesh the correct URL is <http://keshmesh.cs.illinois.edu/>.
Comment 2 Mohsen Vakilian 2011-11-25 19:02:47 UTC
Please note that the underlying problem is similar to Bug 48235.

Keshmesh <http://keshmesh.cs.illinois.edu/> detected the unprotected flag "FastQueue.enabled" when we annotated "org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor.run()" as an entry method.
Comment 3 Mark Thomas 2011-12-23 21:16:31 UTC
Fixed in trunk and 7.0.x and will be included in 7.0.24 onwards.