Fix race condition in ExponentiallyDecayingReservoir's rescale method #1033
Conversation
|
Thank you very much for the fix and very detailed unit test! |
|
I have an issue with this. The compareAndSet operation is atomic so it shouldn't allow more than one thread into that if block. Granted 'lockForRescale()' does effectively the same thing, however it is a more expensive operation than the compareAndSet. |
|
The issue as I see it:
Basically, the CAS only guarantees that |
|
In case the fix the correct, I would like to cherry-pick this change to the 3.1.3-maintenance branch to provide users who affected by this bug an easy path to upgrade. |
|
I didn't get more reasons opposing this fix, so I'm going to move this bugfix to the 3.1.3 branch. In the worst case, we have a performance regression, in the best we fix a concurrency bug. |
ho3rexqj
deleted the
fix/exponentially_decaying_reservoir_rescale_race
branch
|
@arteam, I think your comment: |
Fixes issues #1005 and #793 - note that in #793 the
longPeriodsOfInactivityShouldNotCorruptSamplingStatetest did not cover multiple concurrent requests after a long idle period.The race condition currently occurs when two threads update the reservoir concurrently - after the first thread has successfully updated
nextScaleTime(line 162) but before the write lock is obtained (line 163) a second thread updates the reservoir (line 95+). With several threads pushing updates concurrently this presents a narrow window during which the second thread may obtain the lock before the first resulting in a corrupt reservoir state. Note, however, that if a snapshot is requested just prior to the two concurrent updates the read lock will already be active when the two threads enterrescaleIfNeeded, resulting in a much larger window for this race condition.