RFR (Unraised): JDK8 ResourceBundle vulnerable to GC

Adam Farley8 adam.farley at uk.ibm.com
Wed Jul 11 13:27:32 UTC 2018

Hi All,

-- Summary: 

When calling "ResourceBundle.getBundle(String, Locale, ClassLoader)" on 
JDK8, the ClassLoader can get GC'd before we're finished with it.

This can result in us getting the wrong result back, like if we asked for 
"Stuff" with the locale "fr, CA" and got back "Stuff_fr.class" instead of 

-- Likely Cause:

Inside the CacheKey object in the getBundleImpl method, we use a soft 
reference that can result in the ClassLoader object getting GC'd before 
we're done with it.

-- Example Fix:

One fix proven to work is to create a static, volatile Object with global 
scope in ResourceBundle, and compare it ("==" style) to the loader right 
before it gets returned from getBundleImpl.

The result of the compare can be something direct like "throw new 
Error("Unexpected error.")", as this compare should never return true.

-- Only seen on...

This defect is only seen on JDK8, on ppcle and zLinux, and hasn't yet been 
seen using the Hotspot VM (defect found using OpenJ9 VM).

Best Regards

Adam Farley 

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

More information about the core-libs-dev mailing list