[
https://issues.apache.org/jira/browse/ZOOKEEPER-1990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16578285#comment-16578285
]
Norbert Kalmar edited comment on ZOOKEEPER-1990 at 8/13/18 1:35 PM:
--------------------------------------------------------------------
The options mentioned in this ticket (and basically these are the only options
in the JDK):
- call Random() -> yes, since java 7, it uses this(seedUniquifier() ^
System.nanoTime()); - This should give randomly distributed uncorrelated seeds
even after subsequent initializations and across different threads.
- The currently used "new Random(System.currentTimeMillis() ^
this.hashCode());" - basically yields the same results as the Random() call
(since java 7)
- ThreadLocalRandom - it has a Random instance per thread - so basically
safeguards against multiple threads using the same Random instance, which we
already making sure to use different instances. (Otherwise
System.currentTimeMillis() ^ this.hashCode() would be useless as well). One
downside is you cannot control the initial seed. But I don't think that's a
problem.
I personally don't see these Random instantiations as suspicious, so I'm not
sure why this is critical. We could change it to ThreadLocalRandom if needed,
but I just don't see the advantages this would bring (other then it would be
more "fail-safe" in terms of future refactor / modification - which might be a
valid reason to still go with the changes).
was (Author: nkalmar):
The options mentioned in this ticket (and basically these are the only options
in the JDK):
- call Random() -> yes, since java 7, it uses this(seedUniquifier() ^
System.nanoTime()); - This should give randomly distributed uncorrelated seeds
even after subsequent initializations and across different threads.
- The currently used "new Random(System.currentTimeMillis() ^
this.hashCode());" - basically yields the same results as the Random() call
(since java 7)
- ThreadLocalRandom - it has a Random instance per thread - so basically
safeguards against multiple threads using the same Random instance, which we
already making sure to use different instances. (Otherwise
System.currentTimeMillis() ^ this.hashCode() would be useless as well). One
downside is you cannot control the initial seed. But I don't think that's a
problem.
I personally don't see these Random instantiations as suspicious, so I'm not
sure why this is critical. We could change it to ThreadLocalRandom if needed,
but I just don't see the advantages this would bring (other then it would be
more "fail-safe" in terms of future refactor / modification - which might be a
valid reason to still go with teh changes).
> suspicious instantiation of java Random instances
> -------------------------------------------------
>
> Key: ZOOKEEPER-1990
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1990
> Project: ZooKeeper
> Issue Type: Bug
> Affects Versions: 3.5.0
> Reporter: Patrick Hunt
> Assignee: Norbert Kalmar
> Priority: Critical
> Fix For: 3.6.0, 3.5.5
>
>
> It's not clear to me why we are doing this, but it looks very suspicious. Why
> aren't we just calling "new Random()" in these cases? (even for the tests I
> don't really see it - typically that would just be for repeatability)
> {noformat}
> ag "new Random[ \t]*\(" .
> src/java/main/org/apache/zookeeper/ClientCnxn.java
> 817: private Random r = new Random(System.nanoTime());
> src/java/main/org/apache/zookeeper/client/StaticHostProvider.java
> 75: sourceOfRandomness = new Random(System.currentTimeMillis() ^
> this.hashCode());
> 98: sourceOfRandomness = new Random(randomnessSeed);
> src/java/main/org/apache/zookeeper/server/quorum/AuthFastLeaderElection.java
> 420: rand = new Random(java.lang.Thread.currentThread().getId()
> src/java/main/org/apache/zookeeper/server/SyncRequestProcessor.java
> 64: private final Random r = new Random(System.nanoTime());
> src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java
> 537: Random r = new Random(id ^ superSecret);
> 554: Random r = new Random(sessionId ^ superSecret);
> src/java/test/org/apache/zookeeper/server/quorum/WatchLeakTest.java
> 271: Random r = new Random(SESSION_ID ^ superSecret);
> src/java/test/org/apache/zookeeper/server/quorum/CommitProcessorTest.java
> 151: Random rand = new Random(Thread.currentThread().getId());
> 258: Random rand = new Random(Thread.currentThread().getId());
> 288: Random rand = new Random(Thread.currentThread().getId());
> src/java/test/org/apache/zookeeper/test/StaticHostProviderTest.java
> 40: private Random r = new Random(1);
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
