|
Replies:
12
-
Last Post:
May 20, 2005 4:24 PM
by: sasjaa
|
|
|
|
|
|
|
Anybody ever had the classloader deadlock on you?
Posted:
Mar 30, 2005 5:54 AM
|
|
|
There is a major architectural bug in Java that I and several people at my company seem to keep running into. I was wondering how many others had run into this problem?
The problem is that the classloader is locked when you attempt to load a class and that the attempt to load a class can cause a different classloader to be used to load another class. If another thread is also attempting to load a class at the same time then none of the classloading can be completed.
Say thread 1 is loading a class from the extensions classloader. The class in question loads another class and the static initializer uses the System classloader to find another class.
Say thread 2 is loading a class from the System classloader.
Thread 1 locks the extensions classloader.
Thread 2 locks the System classloader and waits for the lock on the extensions classloader.
Thread 1 deadlocks when it trys to load a class from the System classloader because thread 2 has that locked and is waiting for thread 1.
The problem is that the entire classloader stack needs to be locked when a classload request comes in and not just one level of the stack. This has been a problem since Java 2 introduced the heirarchical classloader and I see nothing has been done to fix it. There have been several bugs entered and at least one escalation, but no movement.
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 11:37 AM
in response to: sasjaa
|
|
|
I have just run into this problem with Java (1.4.2_08 on Linux) today. I performed a threaddump on a JVM running our company's application, which was hung. Sure enough, there was a deadlock detected by the JVM. Two threads, both in ClassLoader.loadClass() were both waiting for each other.
Do you have more info about this bug? For example, the ids of bugs in the Sun bug database? I have been searching in vain for information about this problem. Your post was the most relevant thing I could find.
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 11:52 AM
in response to: sasjaa
|
|
|
This is tracked in the javasoft bug 4735126 which they have marked as a low priority bug. The only workaround we have found is to flatten the classloader stack as much as possible.
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 1:54 PM
in response to: sasjaa
|
|
|
Great, this bug does not exist in the java bug database anymore. Only 4948036 exists, which is marked "Closed, duplicate of 4735126". I have filed a new bug report with a threaddump that explicitly shows the deadlock condition.
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 1:57 PM
in response to: sasjaa
|
|
|
It was there when I just looked. It may be masked as a security bug which isn't visible to everyone.
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 1:59 PM
in response to: sasjaa
|
|
|
May I ask what is a security bug & why would this be one?
=)
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 2:02 PM
in response to: alexlamsl
|
|
|
A security bug is anything Sun deems potentially harmful to the general public if a defect is known that has malicious possibilities in its exploitation.
As to why this might be one, I don't know. I didn't make that determination. And, really, I don't think I have the ability to see security bugs either so, since I just saw it, I must be wrong.
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 2:05 PM
in response to: sasjaa
|
|
|
> And, really, I don't think I
> have the ability to see security bugs either so,
> since I just saw it, I must be wrong.
That is what I was trying to imply anyway....
=P
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 2:05 PM
in response to: sasjaa
|
|
|
Also I must note that I don't go in through the public site but through the licensee site. It does not appear to be visible from the public database. Don't know why.
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 2:08 PM
in response to: sasjaa
|
|
|
Here comes a new term - "licensee site"
Looks like there're loads to Java that I really need to learn from scratch....
=D
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 2:11 PM
in response to: alexlamsl
|
|
|
A company can pay a bunch of money to get support and direct updates and source code and all sorts of stuff (which they seem to be giving away free now). One advantage is a different access to the bugs database. They still mask the security related issues though.
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 2:20 PM
in response to: sasjaa
|
|
|
> A company can pay a bunch of money to get support and
> direct updates and source code and all sorts of stuff
> (which they seem to be giving away free now).
I concur ^^"
> One advantage is a different access to the bugs
> database.
> They still mask the security related issues though.
Oh I see. Thanks for the quick reply =)
Now I'm thinking whether the bug report would cause public panic or giving hackers ideas to break Java, both of which seems not too plausible to me.
The only wider harm that this bug can really cause is if MVM is deployed on the system - as all the processes will share the same VM hence crashing it would mean a really bad thing =D
Any other ideas?
|
|
|
|
|
|
|
|
|
Re: Anybody ever had the classloader deadlock on you?
Posted:
May 20, 2005 4:24 PM
in response to: alexlamsl
|
|
|
If you are having a problem then they need to know about it. Otherwise they wonm't think there is a problem so they won't fix it. As for this being an exploitable issue, I don't think it is easy to explot. Certainly it is easy to make happen but I think it happens because of the way the sytem is designed. Malicious code would be hard to come up with.
|
|
|
|
|
java.net RSS
