Closed
Bug 205297
Opened 22 years ago
Closed 22 years ago
Infinite recursion with LazilyLoadedCtor
Categories
(Rhino Graveyard :: Core, defect)
Rhino Graveyard
Core
Tracking
(Not tracked)
VERIFIED
FIXED
1.5R5
People
(Reporter: igor, Assigned: norrisboyd)
Details
Attachments
(2 files)
438 bytes,
text/plain
|
Details | |
858 bytes,
patch
|
Details | Diff | Splinter Review |
My changes to ScriptableObject.setBySetter, see revision 1.56 that I put to fix
a potential race condition with one-time setters contains a bug that leads to
infinite recursion with rather specific usage of this feature.
----------------------------
revision 1.56
date: 2002/12/03 12:38:55; author: igor%mir2.org; state: Exp; lines: +115 -10
6
...
2. Fixing a potential race condition in setBySetter when a setter slot becomes
an ordinary slot in response to a setter returning a value.
During execution of setBySetter a different thread can see initial null value in
slot.value instead of the result of setter call as it is possible that JVM will
first update slot.flags and only then slot.value for that thread. The fix
replaces the old getter slot by an ordinary one under synchronized block for
that I added new getSlotPosition method and updated the rest of code accordingly.
----------------------------
The problem with the changes is that lastAccess is not cleared in setBySetter
and will contain the old setter so the next get access for the same property
will invoke the old getter which in case of LazilyLoadedCtor will invoke put and
setBySetter recursively.
Reporter | ||
Comment 1•22 years ago
|
||
To test, compile and add to CLASSPATH Test class and then run the following
script in Rhino shell:
Packages.Test.lazilyInit(this);
print("OK");
which should print OK but without the fix the the result is an exception.
Reporter | ||
Comment 2•22 years ago
|
||
Reporter | ||
Comment 3•22 years ago
|
||
I committed fix to the main bramch and Rhino150R4_BRANCH as well since it is a
regression since 1.5R3 even it is hard to trigger.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 4•22 years ago
|
||
Verified FIXED. Igor: thank you for the testcase!
BEFORE:
[ ] java org.mozilla.javascript.tools.shell.Main -f test.js
js: uncaught JavaScript exception: org.mozilla.javascript.WrappedException:
WrappedException of null
AFTER:
[ ] java org.mozilla.javascript.tools.shell.Main -f test.js
OK
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•