RFR (Unraised): JDK8 ResourceBundle vulnerable to GC

Alan Bateman Alan.Bateman at oracle.com
Mon Jul 16 14:00:16 UTC 2018

On 16/07/2018 14:12, Peter Levart wrote:
> Checking the differences shows that instead of 
> WeakReference<ClassLoader>, CacheKey uses two WeakReference<Module> 
> instead in JDK 9+. One is the caller module and the other is the 
> module of the bundle (unnamed module if ClassLoader is used to search 
> for the bundle). The caller module is guaranteed to stay reachable for 
> the entire call (as it holds the calling code), but the Module of the 
> bundle could go out of scope during the call, so I think there is a 
> theoretical possibility that the lookup CacheKey becomes non-equal to 
> a key in the cache before the cache lookup is executed.
This would require module layers or custom class loaders in the picture 
for that to happen but I agree we should fix it.


More information about the core-libs-dev mailing list