[FLUSS-1855][server] Add Null Safety for TimerTaskEntry Removal #1872
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[server] Added test to reproduce NPE during TimerTaskEntry removal [server] Added test to reproduce NPE during TimerTaskEntry removal
[server] Added Safety Check for TimerTaskEntry Removal to Avoid NPE
There was a problem hiding this comment.
Pull request overview
This PR fixes a potential NullPointerException in the TimerTaskEntry.remove() method caused by a Time-Of-Check-Time-Of-Use (TOCTOU) race condition. The fix implements a single-read snapshot pattern to safely handle the volatile list field in concurrent scenarios.
Key Changes:
- Modified the
remove()method to read the volatilelistfield once per loop iteration using an assignment within the while condition - Added a comprehensive concurrency test (
TimerTaskEntryTest) to verify the fix prevents NPEs during concurrent add/remove operations
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
fluss-server/src/main/java/org/apache/fluss/server/utils/timer/TimerTaskEntry.java |
Updated remove() method to use single-read snapshot pattern, eliminating TOCTOU bug by assigning list directly in the while condition |
fluss-server/src/test/java/org/apache/fluss/server/utils/timer/TimerTaskEntryTest.java |
Added new test class with concurrency test that reproduces the race condition and verifies the fix prevents NullPointerException |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
fluss-server/src/test/java/org/apache/fluss/server/utils/timer/TimerTaskEntryTest.java
Outdated
Show resolved
Hide resolved
fluss-server/src/test/java/org/apache/fluss/server/utils/timer/TimerTaskEntryTest.java
Outdated
Show resolved
Hide resolved
fluss-server/src/test/java/org/apache/fluss/server/utils/timer/TimerTaskEntryTest.java
Outdated
Show resolved
Hide resolved
fluss-server/src/test/java/org/apache/fluss/server/utils/timer/TimerTaskEntryTest.java
Show resolved
Hide resolved
wuchong
approved these changes
Dec 24, 2025
Member
wuchong
left a comment
wuchong
left a comment
There was a problem hiding this comment.
Thanks @rionmonster for the awesome work and for providing a reproducible test case! The proposed fix looks solid to me.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
Linked Issue: Close #1855
Per Issue #1855, this pull request addresses a potential issue that could arise during the
remove()operation forTimerTaskEntrythat could result in a null pointer exception being thrown. This was possible as the underlying object to support the internal list was volatile and subject to operations from other threads.Brief change log
Update the logic within the
TimerTaskEntry.remove()operation to use a more concurrency-safe single-read snapshot pattern to avoid separate reads (e.g., reading during iteration and within the body as well). These changes were originally reproduced via a newly added unit test and retained to ensure the issue was resolved as expected.Tests
Added a new
TimerTaskEntryTestclass along with an associatedTimerTaskEntryTest.testRemoveEnsuresCurrentListNullSafetycase that originally reproduced this issue (via concurrent, oscillating add/removals across separate threads) which was eventually updated after the fix was applied to confirm the exception will no longer be thrown.API and Format
N/A
Documentation
N/A