RFR (Unraised): JDK8 ResourceBundle vulnerable to GC
Alan.Bateman at oracle.com
Mon Jul 16 14:00:16 UTC 2018
On 16/07/2018 14:12, Peter Levart wrote:
> Checking the differences shows that instead of
> WeakReference<ClassLoader>, CacheKey uses two WeakReference<Module>
> instead in JDK 9+. One is the caller module and the other is the
> module of the bundle (unnamed module if ClassLoader is used to search
> for the bundle). The caller module is guaranteed to stay reachable for
> the entire call (as it holds the calling code), but the Module of the
> bundle could go out of scope during the call, so I think there is a
> theoretical possibility that the lookup CacheKey becomes non-equal to
> a key in the cache before the cache lookup is executed.
This would require module layers or custom class loaders in the picture
for that to happen but I agree we should fix it.
More information about the core-libs-dev