[
https://issues.apache.org/jira/browse/RANGER-5542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18071435#comment-18071435
]
Vyom Mani Tiwari commented on RANGER-5542:
------------------------------------------
Debug log statements across the Ranger codebase use Java string concatenation
({{{}"text" + object{}}}) instead of SLF4J parameterized logging
({{{}LOG.debug("text {}", object){}}}). String concatenation eagerly evaluates
{{toString()}} at the call site even when {{isDebugEnabled()}} is wrapped in an
{{if}} block but the concatenation itself is outside the check. SLF4J
parameterized logging defers {{toString()}} evaluation and also gracefully
handles exceptions from it.
> ConcurrentModificationException in debug log statements causes intermittent
> test failures and suppressed exceptions due to unsafe string concatenation on
> shared HashMaps
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-5542
> URL: https://issues.apache.org/jira/browse/RANGER-5542
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 2.7.0, 2.8.0
> Reporter: Vyom Mani Tiwari
> Assignee: Vyom Mani Tiwari
> Priority: Minor
>
> While investigating intermittent failures of
> {{TestRangerBasePluginRaceCondition.testVisibilityOfPolicyEngine()}}
> (observed after checking out version 2.8 on macOS), two related
> {{ConcurrentModificationException}} occurrences were identified in debug
> logging code paths.
> Thread-crashing exception in
> {{RangerDefaultPolicyResourceMatcher.getMatchType()}} A worker thread crashes
> with an uncaught {{ConcurrentModificationException}}
> Exception in thread "Thread-12"
> java.util.ConcurrentModificationException
> at java.util.HashMap$HashIterator.nextNode(HashMap.java:1469)
> at java.util.AbstractMap.toString(AbstractMap.java:554)
> at
> org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher.getMatchType(RangerDefaultPolicyResourceMatcher.java:601)
> at
> org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator.evaluate(RangerDefaultPolicyEvaluator.java:228)
> {{The root cause is a log statement using string concatenation:}}
> LOG.debug("==> getMatchType(" + resource + evalContext + ")");
> When {{isDebugEnabled()}} is true, this eagerly calls {{toString()}} on
> {{resource}} and {{{}evalContext{}}}, which iterate over live {{HashMap}}
> instances. Concurrently, {{setPolicies()}} in another thread modifies these
> same HashMaps, triggering the exception. The crashed worker thread never
> reports the expected DENY outcome, causing the test to fail intermittently
> Suppressed exception in {{RangerAccessRequestImpl.toString()}}
> SLF4J: Failed toString() invocation on an object of type
> [RangerAccessRequestImpl]
> Reported exception:
> java.util.ConcurrentModificationException
> at java.util.HashMap$HashIterator.nextNode(HashMap.java:1469)
> at
> org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl.toString(RangerAccessRequestImpl.java:411)
> at
> org.slf4j.helpers.MessageFormatter.safeObjectAppend(MessageFormatter.java:277)
> at
> org.apache.ranger.plugin.service.RangerDefaultRequestProcessor.preProcess(RangerDefaultRequestProcessor.java:77)
> Currently safe in production because {{isDebugEnabled()}} returns {{false}}
> in production environments, preventing these code paths from executing.
> However, any developer running tests with debug logging enabled is at risk of
> intermittent failures.{{{}{}}}
> {{}}
> {{}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
