You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jonathan Ellis (JIRA)" <ji...@apache.org> on 2011/07/27 00:03:10 UTC
[jira] [Created] (CASSANDRA-2951) FreeableMemory can be accessed
after it is invalid
FreeableMemory can be accessed after it is invalid
--------------------------------------------------
Key: CASSANDRA-2951
URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
Project: Cassandra
Issue Type: Bug
Components: Core
Affects Versions: 0.8.0
Reporter: Jonathan Ellis
Assignee: Jonathan Ellis
Priority: Minor
Fix For: 0.8.3
Attachments: 2951.txt
SerializingCache.get looks like this:
{code}
public V get(Object key)
{
FreeableMemory mem = map.get(key);
if (mem == null)
return null;
return deserialize(mem);
}
{code}
If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-2951) FreeableMemory can be accessed
after it is invalid
Posted by "Sylvain Lebresne (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13071813#comment-13071813 ]
Sylvain Lebresne commented on CASSANDRA-2951:
---------------------------------------------
I think there is a race between eviction and remove (or two removes even), so that the references can be < 0. So I think the '== 0' in reference() and finalize() (but not unreference() obviously) should become '<= 0'.
With that corrected, looks good. +1.
> FreeableMemory can be accessed after it is invalid
> --------------------------------------------------
>
> Key: CASSANDRA-2951
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Affects Versions: 0.8.0
> Reporter: Jonathan Ellis
> Assignee: Jonathan Ellis
> Priority: Minor
> Fix For: 0.8.3
>
> Attachments: 2951.txt
>
>
> SerializingCache.get looks like this:
> {code}
> public V get(Object key)
> {
> FreeableMemory mem = map.get(key);
> if (mem == null)
> return null;
> return deserialize(mem);
> }
> {code}
> If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-2951) FreeableMemory can be accessed
after it is invalid
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072018#comment-13072018 ]
Hudson commented on CASSANDRA-2951:
-----------------------------------
Integrated in Cassandra #978 (See [https://builds.apache.org/job/Cassandra/978/])
fix potential use of free'd native memory interface/SerializingCache
patch by jbellis; reviewed by slebresne for CASSANDRA-2951
jbellis : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1151625
Files :
* /cassandra/trunk/src/java/org/apache/cassandra/cache/FreeableMemory.java
* /cassandra/trunk/src/java/org/apache/cassandra/cache/SerializingCache.java
* /cassandra/trunk/CHANGES.txt
> FreeableMemory can be accessed after it is invalid
> --------------------------------------------------
>
> Key: CASSANDRA-2951
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Affects Versions: 0.8.0
> Reporter: Jonathan Ellis
> Assignee: Jonathan Ellis
> Priority: Minor
> Fix For: 0.8.3
>
> Attachments: 2951.txt
>
>
> SerializingCache.get looks like this:
> {code}
> public V get(Object key)
> {
> FreeableMemory mem = map.get(key);
> if (mem == null)
> return null;
> return deserialize(mem);
> }
> {code}
> If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CASSANDRA-2951) FreeableMemory can be accessed
after it is invalid
Posted by "Sylvain Lebresne (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072228#comment-13072228 ]
Sylvain Lebresne commented on CASSANDRA-2951:
---------------------------------------------
You forgot to use <= 0 in finalize in you commit, I took the liberty to change it.
> FreeableMemory can be accessed after it is invalid
> --------------------------------------------------
>
> Key: CASSANDRA-2951
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Affects Versions: 0.8.0
> Reporter: Jonathan Ellis
> Assignee: Jonathan Ellis
> Priority: Minor
> Fix For: 0.8.3
>
> Attachments: 2951.txt
>
>
> SerializingCache.get looks like this:
> {code}
> public V get(Object key)
> {
> FreeableMemory mem = map.get(key);
> if (mem == null)
> return null;
> return deserialize(mem);
> }
> {code}
> If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CASSANDRA-2951) FreeableMemory can be accessed
after it is invalid
Posted by "Jonathan Ellis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Ellis updated CASSANDRA-2951:
--------------------------------------
Attachment: 2951.txt
patch adds reference counting to FreeableMemory
> FreeableMemory can be accessed after it is invalid
> --------------------------------------------------
>
> Key: CASSANDRA-2951
> URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Affects Versions: 0.8.0
> Reporter: Jonathan Ellis
> Assignee: Jonathan Ellis
> Priority: Minor
> Fix For: 0.8.3
>
> Attachments: 2951.txt
>
>
> SerializingCache.get looks like this:
> {code}
> public V get(Object key)
> {
> FreeableMemory mem = map.get(key);
> if (mem == null)
> return null;
> return deserialize(mem);
> }
> {code}
> If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira