FilePermission Canonical path optimization

Peter Levart peter.levart at
Thu Dec 18 08:26:17 UTC 2014

On 12/17/2014 07:36 PM, Sean Mullan wrote:
> On 12/05/2014 08:00 AM, Peter Levart wrote:
>> The question is what to do with the remaining data race that was present
>> before. The 'mask' field. The best would be to make it final, but
>> deserialization needs to set it.
> I don't see the pre-existing race condition on the mask field, but I'm 
> probably missing something subtle. Can you provide more details?
> Thanks,
> Sean

Hi Sean,

When an object initializes it's non-final fields in constructor and is 
then published unsafely (via data race) to other threads, it can be 
observed not fully initialized in other threads (because of reordering 
of stores and loads by compiler and/or architecture). The blame is 
usually on the code that unsafely publishes references to such objects, 
but if a class is part of security infrastructure then such unsafe 
publication can be intentional and used to compromise security. If other 
code makes use of unsafely published FilePermission objects not 
possible, then this is just theoretical. On the other hand, who can make 
sure that such use will not be possible in the future?

Regards, Peter

More information about the core-libs-dev mailing list