-
Notifications
You must be signed in to change notification settings - Fork 829
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Read methods should not mutate direct buffer #259
Comments
@brianfromoregon Yes, this issue is mentioned on the front-page. It is a known fact that our default String reader mutates the buffer. It is also pretty easy to write your own String serializer which would avoid doing so at the expense of being a bit slower. That being said, we would accept patches that try to fix problems in a reasonable way. @NathanSweet @magro |
@NathanSweet @magro Nate, it seems that a half or at least one third of all bug reports that we receive are related to problems with deserialization in multi-threaded environments, because we mutate the input buffer. I'm slowly getting more and more convinced that we should better be safe by default, rather than fast by default. I think even in a safe mode, Kryo will still be very fast. In the worst case, only String serialization/deseralization is affected. Yes, it is an important use-case. But at the same time, virtually all other serialization libs do not have this problem related to buffer mutation, because they use a "slow-path" and let JDK create Strings by (eventually) creating a copy. And yet, those libs are not that slow and are widely used. What do you think? Should we try to make String deserialization safe by default? |
Being safer/more robust sounds good to me. AFAICS it should be possible Cheers,
|
Yep, we should fix it. Using an additional 0x80 byte for each string would We should also look at using reflection/ReflectASM for creating Strings On Sun, Nov 30, 2014 at 9:45 PM, romix notifications@github.com wrote:
|
Fully agree. Regarding your second paragraph, if UNSAFE is available, you can also perform this way instead of using that package private constructor (which don’t exist in all implementations):
This works like a charm (except maybe in IBM J9 and JRockit in which Unsafe.allocateInstance seems less efficient as invoking sun.reflect.ReflectionFactory.newConstructorForSerialization). Anyway, performance of any solution decided should be carefully tested, as many times System.arraycopy has the same or better performance than these tricks (maybe some modern VMs on modern systems perform COW optimizations?), except of course for GC pressure. Cheers! De: Nathan Sweet [mailto:notifications@github.com] Yep, we should fix it. Using an additional 0x80 byte for each string would We should also look at using reflection/ReflectASM for creating Strings On Sun, Nov 30, 2014 at 9:45 PM, romix notifications@github.com wrote:
— |
Just a thought, if Kryo provided an ascii-only CharSequence Serializer which avoided String entirely, I'd prefer that and avoid the String construction issue. Many LL code bases have some AsciiString equivalent class so it should be a familiar concept for a number of your users. |
Good! If we all agree that we should fix it, who is going to try and submit a PR? |
@NathanSweet I think this is fixed in 5.0, right? |
Yep. |
Somewhat related to #128. UnsafeMemoryInput's readAscii is calling nioBuffer.put to temporarily mutate the data. This is no good, my buffer is a region of mmap file and a process bounce inside readAscii could corrupt the data. Read methods cannot write to the buffer.
The text was updated successfully, but these errors were encountered: