gnodet opened a new pull request, #1902: URL: https://github.com/apache/maven-resolver/pull/1902
## Thread Safety Improvements This PR addresses 31 thread safety issues identified through a systematic audit of the codebase. Each fix is a separate commit for easy review. ### HIGH severity fixes (6) - **IpcClient close/reconnect lifecycle** — reset `initialized` flag in `close()` to allow proper reconnection - **IpcClient field visibility** — make `socket`/`output`/`input` volatile for cross-thread visibility - **IpcServer clients HashMap** — use `ConcurrentHashMap` instead of plain `HashMap` - **IpcNamedLock context leak** — send unlock on lock timeout to prevent server-side context leak - **BasicAuthCache** — use `ConcurrentHashMap`-backed `AuthCache` to prevent corruption with preemptive auth - **SmartExecutor RejectedExecutionException** — catch REE to prevent `await()` hanging forever ### MEDIUM severity fixes (15) - **DataPool cache initialization** — use `computeIfAbsent` instead of get-then-put race - **WeakInternPool.intern()** — use `compute()` for atomic check-and-update - **Results.addException/addCycle** — synchronize for `parallelStream` safety - **DeferredCredentialsProvider** — extend synchronized block to cover delegate read - **WagonTransporter close-while-executing** — track in-flight wagons for proper cleanup - **DefaultProxySelector** — use `CopyOnWriteArrayList` - **DefaultMirrorSelector** — use `CopyOnWriteArrayList` - **DefaultAuthenticationSelector** — use `ConcurrentHashMap` - **SimpleArtifactTypeRegistry** — use `ConcurrentHashMap` - **CachingArtifactTypeRegistry** — use `ConcurrentHashMap.computeIfAbsent()` - **IpcServer.expirationCheck()** — guard against negative `Thread.sleep()` argument - **IpcServer Lock memory leak** — remove empty locks from map after unlock - **IpcServer Lock.unlock()** — complete futures outside monitor to avoid I/O under lock - **NamedLockFactorySupport getLock/shutdown** — use ReadWriteLock to prevent race - **Redisson trySetPermits()** — log warning when return value is false ### LOW severity fixes (10) - **GenericVersionScheme** — fix racy cache statistics - **Results.errorPath** — add volatile - **BasicRepositoryConnectorFactory.priority** — add volatile - **TransferResource.contentLength/resumeOffset** — add volatile - **Lazy hashCode fields** — add volatile in 4 selector/traverser classes - **ChainedWorkspaceReader.repository** — add volatile - **CompositeNamedLock** — remove redundant double `unlockAll()` - **WagonTransporter pollWagon** — release wagon on reconnect failure - **MinioTransporter implPut** — close InputStream properly - **GnupgSignatureArtifactGenerator** — use `CopyOnWriteArrayList` ### Not addressed (4) - **F-05** (IpcServer phantom lock on partial multi-key acquisition) — complex architectural change; deferred - **F-23** (WebDAV detection redundant OPTIONS) — benign redundancy, accepted - **F-28** (DefaultDependencyNode children aliasing) — risk of functional regression - **F-34** (File transport TOCTOU) — known limitation of filesystem operations -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
