Severity: Medium
Type: Concurrency / Thread Safety
Description:
While ApplicationManager uses fine-grained locking per application, there are potential race conditions in operations that span multiple applications or access shared state.
Location:
- platform-core/src/main/java/org/flossware/platform/core/ApplicationManager.java:970-986 (shutdown method)
- Various places where lifecycle listeners are notified
Problem:
- The shutdown() method iterates over applications while other threads might be deploying/undeploying apps
- The ListenerExecutor uses unbounded task submission without backpressure
- Multiple lock acquisitions in sequence can deadlock if ordering is inconsistent across methods
Example race:
Thread 1: shutdown() iterates applications list
Thread 2: deploy() adds a new application
Result: Application might be deployed then immediately undeployed
Impact:
Medium - Can cause:
- Applications left in inconsistent state during shutdown
- Listener notifications lost
- Potential deadlocks if care isn't taken with lock ordering
Recommendation:
- Use consistent lock ordering across all methods that acquire multiple locks
- Use snapshot-based iteration (already done on line 974) consistently everywhere
- Consider a RW-lock for the applications map during bulk operations
- Document lock ordering to prevent deadlocks in future maintenance
Severity: Medium
Type: Concurrency / Thread Safety
Description:
While ApplicationManager uses fine-grained locking per application, there are potential race conditions in operations that span multiple applications or access shared state.
Location:
Problem:
Example race:
Thread 1: shutdown() iterates applications list
Thread 2: deploy() adds a new application
Result: Application might be deployed then immediately undeployed
Impact:
Medium - Can cause:
Recommendation: