[ELY-1096][JBEAP-10473]: Avoid possible race conditions incrementing the size of Rotating File Audit #795
Conversation
|
Can one of the admins verify this patch? |
|
This should not be needed as |
|
Thanks for your review @honza889, yes you're right (I guess you wanted to say the write() method). I agree with you, I didn't check who was calling write(), now I think even the volatile modifier was unnecessary there. |
|
Actually both of them. You are true, feel free to remove the modifier. |
| @@ -50,7 +50,7 @@ | |||
|
|
|||
| private String nextSuffix; | |||
| private long nextRollover = Long.MAX_VALUE; | |||
| private volatile long currentSize = 0; | |||
There was a problem hiding this comment.
This is not a great solution I think, as it relies on synchronization by external parties. Unless the class as a whole does not have a thread-safety contract established, it's better to replace this with an AtomicLong which has an atomic getAndAdd method on it. Same for the other method below.
On the other hand if the class as a whole needs to update multiple fields atomically, then locking is necessary and should be done directly within the class IMO.
| @@ -68,12 +68,18 @@ | |||
| } | |||
| } | |||
|
|
|||
| /** | |||
| * Notice the following, this method is not thread safe and should be called inside a synchronized block | |||
| */ | |||
There was a problem hiding this comment.
Similar javadoc would be better in superimplementation - in FileAuditEndpoint - to define contract as suggested by @dmlloyd. To define that any implementation of this methods are called in synchronization block surrounding one log message processing.
…e in Rotating File Audit log
|
Thanks @honza889 , @dmlloyd for the help. I have updated the FileAuditEndpoint contract, maybe it makes more sense now. |
Although currentSize was declared as volatile, this field modifier is not enough to prevent race conditions. This patch uses an AtomicLong instead.
Jira issues:
https://issues.jboss.org/browse/ELY-1096
https://issues.jboss.org/browse/JBEAP-10473