Skip to content

test: add concurrency hazard test suite (16 confirmed races)#2838

Open
hongwei1 wants to merge 4 commits into
OpenBankProject:developfrom
hongwei1:feature/concurrency-hazard-tests
Open

test: add concurrency hazard test suite (16 confirmed races)#2838
hongwei1 wants to merge 4 commits into
OpenBankProject:developfrom
hongwei1:feature/concurrency-hazard-tests

Conversation

@hongwei1

@hongwei1 hongwei1 commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds a tagged ScalaTest suite (code.concurrency) that simulates 16 confirmed database concurrency hazards in OBP-API across 5 hazard categories: lost-update, check-then-act, check-then-insert, unique-constraint-unhandled, and counter-sequence.
  • Each scenario asserts the theoretically correct outcome so that a hazard surfaces as a FAILED test (red bar = evidence the hazard is real). Two safeguard scenarios verify the connection pool and per-request context isolation remain intact (green).
  • All scenarios are tagged ConcurrencyRace and excluded from the CI main flow by default.

Test files (8 classes · 19 scenarios · 1,277 lines)

File Scenarios
ConcurrentTransferRaceTest A (balance lost-update), B (double-spend), S (historical payment)
ConcurrentDuplicateCreationTest C (entitlement), D (accountHolder), F (metadata), I (OAuth user), L (UserCustomerLink), W (consumer)
ConcurrentSecurityRaceTest H (bad-login counter), K (challenge counter)
ConcurrentConsentRaceTest J (expired consent scheduler), U (unfinished consent scheduler)
ConcurrentViewPermissionRaceTest N (custom public view), O (resetViewPermissions), R (orphan AccountAccess)
ConcurrentConnectionMechanismTest G1 (pool back-pressure), G2 (context isolation)
ConcurrentProviderRaceTest AA (in-memory counter)

Run

# Run only concurrency tests
mvn -pl obp-commons,obp-api scalatest:test \
  -DtagsToInclude=code.concurrency.ConcurrencyRace \
  -DfailIfNoTests=false

# Already excluded from CI by default
mvn ... -DtagsToExclude=code.concurrency.ConcurrencyRace

Confirmed results

  • 16 FAILED (hazards confirmed): A, B, S, C, D, F, I, L, W, H, K, J, U, N, O, R
  • 3 PASSED (safeguards verified): G1, G2, AA

See obp-api/src/test/scala/code/concurrency/CONCURRENCY_HAZARDS.md for the full taxonomy, source locations, three-tier protection analysis, and fix patterns.

hongwei1 added 4 commits June 11, 2026 15:25
@hongwei1
test: add concurrency hazard test suite
89e9753 
Adds a tagged ScalaTest suite that simulates 16 confirmed database
concurrency hazards in OBP-API: lost-update, check-then-act,
check-then-insert, unique-constraint-unhandled, and counter-sequence
races across money movement, security, consent scheduling, view
permissions, and OAuth user creation paths.

Each scenario asserts the theoretically-correct outcome so that a
hazard surfaces as a FAILED test (red bar = evidence the hazard is
real). Two safeguard scenarios (connection pool back-pressure,
per-request context isolation) are verified to PASS.

All scenarios are tagged ConcurrencyRace and excluded from the CI
main flow. See CONCURRENCY_HAZARDS.md for the full taxonomy, source
locations, and three-tier protection analysis.

Run only these tests:
  mvn -pl obp-commons,obp-api scalatest:test \
    -DtagsToInclude=code.concurrency.ConcurrencyRace \
    -DfailIfNoTests=false
@hongwei1
docs: add concurrency test suite summary
9209722
@hongwei1
docs: merge concurrency hazard docs into single CONCURRENCY_HAZARDS.md
cd8adee
@hongwei1
docs: add ScalaTest simulation plan for concurrent race condition haz…
5fdc6b1 
…ards
@sonarqubecloud

sonarqubecloud Bot commented Jun 11, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
5 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
3.8% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hongwei1