According to the documentation for the methods in question,
java.lang.Class#desiredAssertionStatus() states that it:
Returns the assertion status that would be assigned to
this class if it were to be initialized at the time this
method is invoked. If this class has had its assertion
status set, the most recent setting will be returned etc.
and then, in the API Note, it couches in an oracle worthy
of Croesus:
Note that this method is not guaranteed to return
the actual assertion status that was (or will be)
associated with the specified class when it was (or will
be) initialized.
java.lang.ClassLoader#setClassAssertionStatus(String, boolean)
states that it:
Sets the desired assertion status for the named top-level
class in this class loader and any nested classes
contained therein.
and, finally, it puts in a caveat:
If the named class is not a top-level class, this
invocation will have no effect on the actual assertion
status of any class.
In the context of these contracts, it could be demonstrated
that desiredAssertionStatus professes ignorance about
top-level-class and nested-class relations unless, despite
the above caveat, the assertion status has been explicitly
set for each nested class name.
For example,
package assertions;
class NestHost
{
static abstract class Base
{
private static boolean assertableStatus(Class<?> klass)
{
return klass.desiredAssertionStatus();
}
private static boolean assertableContext()
{
boolean assertable = false;
assert assertable = true;
return assertable;
}
void tryAsserting()
{
final String className = getClass().getName();
if (!assertableContext())
throw new IllegalStateException(className);
System.err.format("%s: assertion status: %b%n",
className,
assertableStatus(getClass()));
try {
assert false;
} catch (final AssertionError expected) {
System.err.format("%s: enabled assertions%n%n",
className);
return;
}
throw new IllegalStateException(className);
}
}
static final class A extends Base { }
static final class B extends Base { }
}
package assertions;
class NestedClassAssertionTests
{
static void assertWithImplicitStatusSettingOfA()
{
new NestHost.A().tryAsserting();
}
static void assertWithExplicitStatusSettingOfA(ClassLoader loader)
{
loader.setClassAssertionStatus(NestHost.A.class.getName(), true);
new NestHost.A().tryAsserting();
}
static void assertWithImplicitStatusSettingOfB()
{
new NestHost.B().tryAsserting();
}
static void assertWithExplicitStatusSettingOfB(ClassLoader loader)
{
loader.setClassAssertionStatus(NestHost.B.class.getName(), true);
new NestHost.B().tryAsserting();
}
public static void main(String[] args)
{
final ClassLoader loader = ClassLoader.getSystemClassLoader();
loader.clearAssertionStatus(); /* Discard `-da' and `-ea'. */
loader.setClassAssertionStatus(NestHost.class.getName(), true);
assertWithImplicitStatusSettingOfA();
assertWithExplicitStatusSettingOfA(loader);
assertWithImplicitStatusSettingOfB();
assertWithExplicitStatusSettingOfB(loader);
}
}
By launching the compiled (OpenJDK 17.0.4+8-Debian-1deb11u1)
entry-point class and observing its output, it could be
seen, with assertions enabled throughout, that the assertion
status needs to be explicitly set for each nested class.
Shouldn't desiredAssertionStatus and setClassAssertionStatus
be complementary in a nested-class context? In other words,
why doesn't the invocation of desiredAssertionStatus pan
out for the nested classes after setClassAssertionStatus
has been invoked for the top-level class?
Looking at the source (OpenJDK 17.0.4+8-Debian-1deb11u1)
of setClassAssertionStatus, there appears no distinct logic
for either top-level-class or nested-class names, on which
ClassLoader's own desiredAssertionStatus could have relied.
Has fulfilling the contract of setClassAssertionStatus
proved rather extravagant for desiredAssertionStatus to
share with, hence the latter's oracle?
(The desiredAssertionStatus method is casually resorted to
in an xUnit engine implementation I tinker at, whenever
clients wish to use assert statements in a test class and
a formal verification is sought as to whether assertion is
enabled.)
I work on a project where we use a library that is not guaranteed thread-safe (and isn't) and single-threaded in a Java 8 streams scenario, which works as expected.
We would like to use parallel streams to get the low hanging scalability fruit.
Unfortunately this cause the library to fail - most likely because one instance interferes with variables shared with the other instance - hence we need isolation.
I was considering using a separate classloader for each instance (possibly thread local) which to my knowledge should mean that for all practical purposes that I get the isolation needed but I am unfamiliar with deliberately constructing classloaders for this purpose.
Is this the right approach? How shall I do this in order to have proper production quality?
Edit: I was asked for additional information about the situation triggering the question, in order to understand it better. The question is still about the general situation, not fixing the library.
I have full control over the object created by the library (which is https://github.com/veraPDF/) as pulled in by
<dependency>
<groupId>org.verapdf</groupId>
<artifactId>validation-model</artifactId>
<version>1.1.6</version>
</dependency>
using the project maven repository for artifacts.
<repositories>
<repository>
<snapshots>
<enabled>true</enabled>
</snapshots>
<id>vera-dev</id>
<name>Vera development</name>
<url>http://artifactory.openpreservation.org/artifactory/vera-dev</url>
</repository>
</repositories>
For now it is unfeasible to harden the library.
EDIT: I was asked to show code. Our core adapter is roughly:
public class VeraPDFValidator implements Function<InputStream, byte[]> {
private String flavorId;
private Boolean prettyXml;
public VeraPDFValidator(String flavorId, Boolean prettyXml) {
this.flavorId = flavorId;
this.prettyXml = prettyXml;
VeraGreenfieldFoundryProvider.initialise();
}
#Override
public byte[] apply(InputStream inputStream) {
try {
return apply0(inputStream);
} catch (RuntimeException e) {
throw e;
} catch (ModelParsingException | ValidationException | JAXBException | EncryptedPdfException e) {
throw new RuntimeException("invoking VeraPDF validation", e);
}
}
private byte[] apply0(InputStream inputStream) throws ModelParsingException, ValidationException, JAXBException, EncryptedPdfException {
PDFAFlavour flavour = PDFAFlavour.byFlavourId(flavorId);
PDFAValidator validator = Foundries.defaultInstance().createValidator(flavour, false);
PDFAParser loader = Foundries.defaultInstance().createParser(inputStream, flavour);
ValidationResult result = validator.validate(loader);
// do in-memory generation of XML byte array - as we need to pass it to Fedora we need it to fit in memory anyway.
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XmlSerialiser.toXml(result, baos, prettyXml, false);
final byte[] byteArray = baos.toByteArray();
return byteArray;
}
}
which is a function that maps from an InputStream (providing a PDF-file) to a byte array (representing the XML report output).
(Seeing the code, I've noticed that there is a call to the initializer in the constructor, which may be the culprit here in my particular case. I'd still like a solution to the generic problem.
We have faced similar challenges. Issues usually came from from static properties which became unwillingly "shared" between the various threads.
Using different classloaders worked for us as long as we could guarantee that the static properties were actually set on classes loaded by our class loader. Java may have a few classes which provide properties or methods which are not isolated among threads or are not thread-safe ('System.setProperties() and Security.addProvider() are OK - any canonical documentation on this matter is welcomed btw).
A potentially workable and fast solution - that at least can give you a chance to test this theory for your library - is to use a servlet engine such as Jetty or Tomcat.
Build a few wars that contain your library and start processes in parallel (1 per war).
When running code inside a servlet thread, the WebappClassLoaders of these engines attempt to load a classes from the parent class loader first (the same as the engine) and if it does not find the class, attempts to load it from the jars/classes packaged with the war.
With jetty you can programmatically hot deploy wars to the context of your choice and then theoretically scale the number of processors (wars) as required.
We have implemented our own class loader by extending URLClassLoader and have taken inspiration from the Jetty Webapp ClassLoader. It is not as hard a job as as it seems.
Our classloader does the exact opposite: it attempts to load a class from the jars local to the 'package' first , then tries to get them from the parent class loader. This guarantees that a library accidentally loaded by the parent classloader is never considered (first). Our 'package' is actually a jar that contains other jars/libraries with a customized manifest file.
Posting this class loader code "as is" would not make a lot of sense (and create a few copyright issues). If you want to explore that route further, I can try coming up with a skeleton.
Source of the Jetty WebappClassLoader
The answer actually depends on what your library relies on:
If your library relies on at least one native library, using ClassLoaders to isolate your library's code won't help because according to the JNI Specification, it is not allowed to load the same JNI native library into more than one class loader such that you would end up with a UnsatisfiedLinkError.
If you library relies on at least one external resource that is not meant to be shared like for example a file and that is modified by your library, you could end up with complex bugs and/or the corruption of the resource.
Assuming that you are not in the cases listed above, generally speaking if a class is known as non thread safe and doesn't modify any static fields, using a dedicated instance of this class per call or per thread is good enough as the class instance is then no more shared.
Here as your library obviously relies and modifies some static fields that are not meant to be shared, you indeed need to isolate the classes of your library in a dedicated ClassLoader and of course make sure that your threads don't share the same ClassLoader.
For this you could simply create an URLClassLoader to which you would provide the location of your library as URL (using URLClassLoader.newInstance(URL[] urls, ClassLoader parent)), then by reflection you would retrieve the class of your library corresponding to the entry point and invoke your target method. To avoid building a new URLClassLoader at each call, you could consider relying on a ThreadLocal to store the URLClassLoader or the Class or the Method instance to be used for a given thread.
So here is how you could proceed:
Let's say that the entry point of my library is the class Foo that looks like this:
package com.company;
public class Foo {
// A static field in which we store the name of the current thread
public static String threadName;
public void execute() {
// We print the value of the field before setting a value
System.out.printf(
"%s: The value before %s%n", Thread.currentThread().getName(), threadName
);
// We set a new value
threadName = Thread.currentThread().getName();
// We print the value of the field after setting a value
System.out.printf(
"%s: The value after %s%n", Thread.currentThread().getName(), threadName
);
}
}
This class is clearly not thread safe and the method execute modifies the value of a static field that is not meant to be modified by concurrent threads just like your use case.
Assuming that to launch my library I simply need to create an instance of Foo and invoke the method execute. I could store the corresponding Method in a ThreadLocal to retrieve it by reflection only once per thread using ThreadLocal.withInitial(Supplier<? extends S> supplier) as next:
private static final ThreadLocal<Method> TL = ThreadLocal.withInitial(
() -> {
try {
// Create the instance of URLClassLoader using the context
// CL as parent CL to be able to retrieve the potential
// dependencies of your library assuming that they are
// thread safe otherwise you will need to provide their
// URL to isolate them too
URLClassLoader cl = URLClassLoader.newInstance(
new URL[]{/* Here the URL of my library*/},
Thread.currentThread().getContextClassLoader()
);
// Get by reflection the class Foo
Class<?> myClass = cl.loadClass("com.company.Foo");
// Get by reflection the method execute
return myClass.getMethod("execute");
} catch (Exception e) {
// Here deal with the exceptions
throw new IllegalStateException(e);
}
}
);
And finally let's simulate a concurrent execution of my library:
// Launch 50 times concurrently my library
IntStream.rangeClosed(1, 50).parallel().forEach(
i -> {
try {
// Get the method instance from the ThreadLocal
Method myMethod = TL.get();
// Create an instance of my class using the default constructor
Object myInstance = myMethod.getDeclaringClass().newInstance();
// Invoke the method
myMethod.invoke(myInstance);
} catch (Exception e) {
// Here deal with the exceptions
throw new IllegalStateException(e);
}
}
);
You will get an output of the next type that shows that we have no conflicts between threads and the threads properly reuse its corresponding class/field's value from one call of execute to another:
ForkJoinPool.commonPool-worker-7: The value before null
ForkJoinPool.commonPool-worker-7: The value after ForkJoinPool.commonPool-worker-7
ForkJoinPool.commonPool-worker-7: The value before ForkJoinPool.commonPool-worker-7
ForkJoinPool.commonPool-worker-7: The value after ForkJoinPool.commonPool-worker-7
main: The value before null
main: The value after main
main: The value before main
main: The value after main
...
Since this approach will create one ClassLoader per thread, make sure to apply this approach using a thread pool with a fixed number of threads and the number of threads should be chosen wisely to prevent running out of memory because a ClassLoader is not free in term of memory footprint so you need to limit the total amount of instances according to your heap size.
Once you are done with your library, you should cleanup the ThreadLocal for each thread of your thread pool to prevent memory leaks and to do so here is how you could proceed:
// The size of your the thread pool
// Here as I used for my example the common pool, its size by default is
// Runtime.getRuntime().availableProcessors()
int poolSize = Runtime.getRuntime().availableProcessors();
// The cyclic barrier used to make sure that all the threads of the pool
// will execute the code that will cleanup the ThreadLocal
CyclicBarrier barrier = new CyclicBarrier(poolSize);
// Launch one cleanup task per thread in the pool
IntStream.rangeClosed(1, poolSize).parallel().forEach(
i -> {
try {
// Wait for all other threads of the pool
// This is needed to fill up the thread pool in order to make sure
// that all threads will execute the cleanup code
barrier.await();
// Close the URLClassLoader to prevent memory leaks
((URLClassLoader) TL.get().getDeclaringClass().getClassLoader()).close();
} catch (Exception e) {
// Here deal with the exceptions
throw new IllegalStateException(e);
} finally {
// Remove the URLClassLoader instance for this thread
TL.remove();
}
}
);
I found the question interesing and created a little tool for you:
https://github.com/kriegaex/ThreadSafeClassLoader
Currently it is not available as an official release on Maven Central yet, but you can get a snapshot like this:
<dependency>
<groupId>de.scrum-master</groupId>
<artifactId>threadsafe-classloader</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
<!-- (...) -->
<repositories>
<repository>
<snapshots>
<enabled>true</enabled>
</snapshots>
<id>ossrh</id>
<name>Sonatype OSS Snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</repository>
</repositories>
Class ThreadSafeClassLoader:
It uses JCL (Jar Class Loader) under the hood because it already offers class-loading, object instantiation and proxy generation features discussed in other parts of this thread. (Why re-invent the wheel?) What I added on top is a nice interface for exactly what we need here:
package de.scrum_master.thread_safe;
import org.xeustechnologies.jcl.JarClassLoader;
import org.xeustechnologies.jcl.JclObjectFactory;
import org.xeustechnologies.jcl.JclUtils;
import org.xeustechnologies.jcl.proxy.CglibProxyProvider;
import org.xeustechnologies.jcl.proxy.ProxyProviderFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
public class ThreadSafeClassLoader extends JarClassLoader {
private static final JclObjectFactory OBJECT_FACTORY = JclObjectFactory.getInstance();
static {
ProxyProviderFactory.setDefaultProxyProvider(new CglibProxyProvider());
}
private final List<Class> classes = new ArrayList<>();
public static ThreadLocal<ThreadSafeClassLoader> create(Class... classes) {
return ThreadLocal.withInitial(
() -> new ThreadSafeClassLoader(classes)
);
}
private ThreadSafeClassLoader(Class... classes) {
super();
this.classes.addAll(Arrays.asList(classes));
for (Class clazz : classes)
add(clazz.getProtectionDomain().getCodeSource().getLocation());
}
public <T> T newObject(ObjectConstructionRules rules) {
rules.validate(classes);
Class<T> castTo = rules.targetType;
return JclUtils.cast(createObject(rules), castTo, castTo.getClassLoader());
}
private Object createObject(ObjectConstructionRules rules) {
String className = rules.implementingType.getName();
String factoryMethod = rules.factoryMethod;
Object[] arguments = rules.arguments;
Class[] argumentTypes = rules.argumentTypes;
if (factoryMethod == null) {
if (argumentTypes == null)
return OBJECT_FACTORY.create(this, className, arguments);
else
return OBJECT_FACTORY.create(this, className, arguments, argumentTypes);
} else {
if (argumentTypes == null)
return OBJECT_FACTORY.create(this, className, factoryMethod, arguments);
else
return OBJECT_FACTORY.create(this, className, factoryMethod, arguments, argumentTypes);
}
}
public static class ObjectConstructionRules {
private Class targetType;
private Class implementingType;
private String factoryMethod;
private Object[] arguments;
private Class[] argumentTypes;
private ObjectConstructionRules(Class targetType) {
this.targetType = targetType;
}
public static ObjectConstructionRules forTargetType(Class targetType) {
return new ObjectConstructionRules(targetType);
}
public ObjectConstructionRules implementingType(Class implementingType) {
this.implementingType = implementingType;
return this;
}
public ObjectConstructionRules factoryMethod(String factoryMethod) {
this.factoryMethod = factoryMethod;
return this;
}
public ObjectConstructionRules arguments(Object... arguments) {
this.arguments = arguments;
return this;
}
public ObjectConstructionRules argumentTypes(Class... argumentTypes) {
this.argumentTypes = argumentTypes;
return this;
}
private void validate(List<Class> classes) {
if (implementingType == null)
implementingType = targetType;
if (!classes.contains(implementingType))
throw new IllegalArgumentException(
"Class " + implementingType.getName() + " is not protected by this thread-safe classloader"
);
}
}
}
I tested my concept with several unit and integration tests, among them one showing how to reproduce and solve the veraPDF problem.
Now this is what your code looks like when using my special classloader:
Class VeraPDFValidator:
We are just adding a static ThreadLocal<ThreadSafeClassLoader> member to our class, telling it which classes/libraries to put into the new classloader (mentioning one class per library is enough, subsequently my tool identifies the library automatically).
Then via threadSafeClassLoader.get().newObject(forTargetType(VeraPDFValidatorHelper.class)) we instantiate our helper class inside the thread-safe classloader and create a proxy object for it so we can call it from outside.
BTW, static boolean threadSafeMode only exists to switch between the old (unsafe) and new (thread-safe) usage of veraPDF so as to make the original problem reproducible for the negative integration test case.
package de.scrum_master.app;
import de.scrum_master.thread_safe.ThreadSafeClassLoader;
import org.verapdf.core.*;
import org.verapdf.pdfa.*;
import javax.xml.bind.JAXBException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.util.function.Function;
import static de.scrum_master.thread_safe.ThreadSafeClassLoader.ObjectConstructionRules.forTargetType;
public class VeraPDFValidator implements Function<InputStream, byte[]> {
public static boolean threadSafeMode = true;
private static ThreadLocal<ThreadSafeClassLoader> threadSafeClassLoader =
ThreadSafeClassLoader.create( // Add one class per artifact for thread-safe classloader:
VeraPDFValidatorHelper.class, // - our own helper class
PDFAParser.class, // - veraPDF core
VeraGreenfieldFoundryProvider.class // - veraPDF validation-model
);
private String flavorId;
private Boolean prettyXml;
public VeraPDFValidator(String flavorId, Boolean prettyXml)
throws ClassNotFoundException, NoSuchMethodException, InvocationTargetException, IllegalAccessException {
this.flavorId = flavorId;
this.prettyXml = prettyXml;
}
#Override
public byte[] apply(InputStream inputStream) {
try {
VeraPDFValidatorHelper validatorHelper = threadSafeMode
? threadSafeClassLoader.get().newObject(forTargetType(VeraPDFValidatorHelper.class))
: new VeraPDFValidatorHelper();
return validatorHelper.validatePDF(inputStream, flavorId, prettyXml);
} catch (ModelParsingException | ValidationException | JAXBException | EncryptedPdfException e) {
throw new RuntimeException("invoking veraPDF validation", e);
}
}
}
Class VeraPDFValidatorHelper:
In this class we isolate all access to the broken library. Nothing special here, just code copied from the OP's question. Everything done here happens inside the thread-safe classloader.
package de.scrum_master.app;
import org.verapdf.core.*;
import org.verapdf.pdfa.*;
import org.verapdf.pdfa.flavours.PDFAFlavour;
import org.verapdf.pdfa.results.ValidationResult;
import javax.xml.bind.JAXBException;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
public class VeraPDFValidatorHelper {
public byte[] validatePDF(InputStream inputStream, String flavorId, Boolean prettyXml)
throws ModelParsingException, ValidationException, JAXBException, EncryptedPdfException
{
VeraGreenfieldFoundryProvider.initialise();
PDFAFlavour flavour = PDFAFlavour.byFlavourId(flavorId);
PDFAValidator validator = Foundries.defaultInstance().createValidator(flavour, false);
PDFAParser loader = Foundries.defaultInstance().createParser(inputStream, flavour);
ValidationResult result = validator.validate(loader);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XmlSerialiser.toXml(result, baos, prettyXml, false);
return baos.toByteArray();
}
}
By isolating a library on a class loader per thread, you can guarantee any classes concurrency properties as you suggest. The only exception are libraries that explicitly interact with the bootstrap class loader or the system class loader. It is possible to inject classes into these class loaders by either reflection or the Instrumentation API. One example for such functionality would be Mockito's inline mock maker that does however not suffer a concurrency constraint as of my knowledge.
Implementing a class loader with this behavior is not all too difficult. The easiest solution would be to explicitly include the required jars in your project, e.g. as a resource. This way, you could use a URLClassLoader for loading your classes:
URL url = getClass().getClassLoader().getResource("validation-model-1.1.6.jar");
ClassLoader classLoader = new URLClassLoader(new URL[] {url}, null);
By referencing null as the super class loader of the URLClassLoader (second argument), you guarantee that there are no shared classes outside of the bootstrap classes. Note that you cannot use any classes of this created class loader from outside of it. However, if you add a second jar containing a class that triggers your logic, you can offer an entry point that becomes accessible without reflection:
class MyEntryPoint implements Callable<File> {
#Override public File call() {
// use library code.
}
}
Simply add this class to its own jar and supply it as a second element to the above URL array. Note that you cannot reference a library type as a return value as this type will not be available to the consumer that lives outside the class loader that makes use of the entry point.
By wrapping the class loader creation into a ThreadLocal, you can guarantee the class loaders uniqunes:
class Unique extends ThreadLocal<ClassLoader> implements Closable {
#Override protected ClassLoader initialValue() {
URL validation = Unique.class.getClassLoader()
.getResource("validation-model-1.1.6.jar");
URL entry = Unique.class.getClassLoader()
.getResource("my-entry.jar");
return new URLClassLoader(new URL[] {validation, entry}, null);
}
#Override public void close() throws IOException {
get().close(); // If Java 7+, avoid handle leaks.
set(null); // Make class loader eligable for GC.
}
public File doSomethingLibrary() throws Exception {
Class<?> type = Class.forName("pkg.MyEntryPoint", false, get());
return ((Callable<File>) type.newInstance()).call();
}
}
Note that class loaders are expensive objects and should be dereferenced when you do no longer need them even if a thread continues to live. Also, to avoid file leaks, you should close a URLClassLoader previously to dereferencing.
Finally, in order to continue using Maven's dependency resolution and in order to simplify your code, you can create a seperate Maven module where you define your entry point code and declare your Maven library dependencies. Upon packaging, use the Maven shade plugin to create an Uber jar that includes everything you need. This way, you only need to provide a single jar to your URLClassLoader and do not need to ensure all (transitive) dependencies manually.
This answer is based on my original "plugin" comment. And it starts with a class loader that inherits from boot and extensions class loaders only.
package safeLoaderPackage;
import java.net.URL;
import java.net.URLClassLoader;
public final class SafeClassLoader extends URLClassLoader{
public SafeClassLoader(URL[] paths){
super(paths, ClassLoader.getSystemClassLoader().getParent());
}
}
This is the only class that needs to be included in the user's class path. This url class loader inherits from the parent of ClassLoader.getSystemClassLoader(). It just includes the boot and the extensions class loader. It has no notion of the class path used by the user.
Next
package safeLoaderClasses;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
public class SecureClassLoaderPlugin <R> {
private URL[] paths;
private Class[] args;
private String method;
private String unsafe;
public void setMethodData(final String u, final URL[] p, String m, Class[] a){
method = m;
args = a;
paths = p;
unsafe = u;
}
public Collection<R> processUnsafe(Object[][] p){
int i;
BlockingQueue<Runnable> q;
ArrayList<R> results = new ArrayList<R>();
try{
i = p.length;
q = new ArrayBlockingQueue<Runnable>(i);
ThreadPoolExecutor tpe = new ThreadPoolExecutor(i, i, 0, TimeUnit.NANOSECONDS, q);
for(Object[] params : p)
tpe.execute(new SafeRunnable<R>(unsafe, paths, method, args, params, results));
while(tpe.getActiveCount() != 0){
Thread.sleep(10);
}
for(R r: results){
System.out.println(r);
}
tpe.shutdown();
}
catch(Throwable t){
}
finally{
}
return results;
}
}
and
package safeLoaderClasses;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URL;
import java.util.ArrayList;
import safeLoaderInterface.SafeClassLoader;
class SafeRunnable <R> implements Runnable{
final URL[] paths;
final private String unsafe;
final private String method;
final private Class[] args;
final private Object[] processUs;
final ArrayList<R> result;
SafeRunnable(String u, URL[] p, String m, Class[] a, Object[] params, ArrayList<R> r){
unsafe = u;
paths = p;
method = m;
args = a;
processUs = params;
result = r;
}
public void run() {
Class clazz;
Object instance;
Method m;
SafeClassLoader sl = null;
try{
sl = new SafeClassLoader(paths);
System.out.println(sl);
clazz = sl.loadClass(unsafe);
m = clazz.getMethod(method, args);
instance = clazz.newInstance();
synchronized(result){
result.add((R) m.invoke(instance, processUs));
}
}
catch(Throwable t){
t.printStackTrace();
}
finally{
try {
sl.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
are the plugin jar. No lambdas. Just a thread pool executor. Each thread just adds to a result list after execution.
The generics need polishing but I have tested these against this class (resides in a different jar)
package stackoverflow4;
public final class CrazyClass {
static int i = 0;
public int returnInt(){
System.out.println(i);
return 8/++i;
}
}
This would be the way to connect from one's code. The path to the class loader needs to be included because it is lost with the getParent() call
private void process(final String plugin, final String unsafe, final URL[] paths) throws Exception{
Object[][] passUs = new Object[][] {{},{}, {},{}, {},{},{},{},{},{}};
URL[] pathLoader = new URL[]{new File(new String(".../safeLoader.jar")).toURI().toURL(),
new File(new String(".../safeLoaderClasses.jar")).toURI().toURL()};
//instantiate the loader
SafeClassLoader sl = new SafeClassLoader(pathLoader);
System.out.println(sl);
Class clazz = sl.loadClass("safeLoaderClasses.SecureClassLoaderPlugin");
//Instance of the class that loads the unsafe jar and launches the thread pool executor
Object o = clazz.newInstance();
//Look up the method that set ups the unsafe library
Method m = clazz.getMethod("setMethodData",
new Class[]{unsafe.getClass(), paths.getClass(), String.class, new Class[]{}.getClass()});
//invoke it
m.invoke(o, new Object[]{unsafe,paths,"returnInt", new Class[]{}});
//Look up the method that invokes the library
m = clazz.getMethod("processUnsafe", new Class[]{ passUs.getClass()});
//invoke it
o = m.invoke(o, passUs);
//Close the loader
sl.close();
}
with up to 30+ threads and it seems to work. The plugin uses a separate class loader and each of the threads use their own class loader. After leaving the method everything is gc'ed.
I believe you should try to fix the problem before seeking for workaround.
You can always run you code in two threads, classloaders, processes, containers, VM, or machines. But they are none of the ideal.
I saw two defaultInstance() from the code. Do the instance threadsafe? If not, can we have two instance? Is it a factory or a singleton?
Second, where the conflicts happen? If it was about initialization/cache problem, a pre warming should fix.
Last but not least, if the library was open-source, fork it fix it and pull request.
"It is unfeasible to harden the library" but it is feasible to introduce such a bloody workaround like a custom class loader?
OK. I am the first who dislikes the replies which are not a reply to the original question. But I honestly believe that patching the library is much easier to do and to mantain than introducing a custom class loader.
The blocker is class org.verapdf.gf.model.impl.containers.StaticContainers which static fields can be easily changed to work per thread as shown below. This impacts six other classes
org.verapdf.gf.model.GFModelParser
org.verapdf.gf.model.factory.colors.ColorSpaceFactory
org.verapdf.gf.model.impl.cos.GFCosFileSpecification
org.verapdf.gf.model.impl.external.GFEmbeddedFile
org.verapdf.gf.model.impl.pd.colors.GFPDSeparation
org.verapdf.gf.model.tools.FileSpecificationKeysHelper
You can still have only one PDFAParser per thread. But the fork takes ten minutes to do and worked for me in a basic multithread smoke test. I'd test this and contact the original author of the library. Maybe he is happy to merge and you can just keep a Maven reference to the updated and mantained library.
package org.verapdf.gf.model.impl.containers;
import org.verapdf.as.ASAtom;
import org.verapdf.cos.COSKey;
import org.verapdf.gf.model.impl.pd.colors.GFPDSeparation;
import org.verapdf.gf.model.impl.pd.util.TaggedPDFRoleMapHelper;
import org.verapdf.model.pdlayer.PDColorSpace;
import org.verapdf.pd.PDDocument;
import org.verapdf.pdfa.flavours.PDFAFlavour;
import java.util.*;
public class StaticContainers {
private static ThreadLocal<PDDocument> document;
private static ThreadLocal<PDFAFlavour> flavour;
// TaggedPDF
public static ThreadLocal<TaggedPDFRoleMapHelper> roleMapHelper;
//PBoxPDSeparation
public static ThreadLocal<Map<String, List<GFPDSeparation>>> separations;
public static ThreadLocal<List<String>> inconsistentSeparations;
//ColorSpaceFactory
public static ThreadLocal<Map<String, PDColorSpace>> cachedColorSpaces;
public static ThreadLocal<Set<COSKey>> fileSpecificationKeys;
public static void clearAllContainers() {
document = new ThreadLocal<PDDocument>();
flavour = new ThreadLocal<PDFAFlavour>();
roleMapHelper = new ThreadLocal<TaggedPDFRoleMapHelper>();
separations = new ThreadLocal<Map<String, List<GFPDSeparation>>>();
separations.set(new HashMap<String,List<GFPDSeparation>>());
inconsistentSeparations = new ThreadLocal<List<String>>();
inconsistentSeparations.set(new ArrayList<String>());
cachedColorSpaces = new ThreadLocal<Map<String, PDColorSpace>>();
cachedColorSpaces.set(new HashMap<String,PDColorSpace>());
fileSpecificationKeys = new ThreadLocal<Set<COSKey>>();
fileSpecificationKeys.set(new HashSet<COSKey>());
}
public static PDDocument getDocument() {
return document.get();
}
public static void setDocument(PDDocument document) {
StaticContainers.document.set(document);
}
public static PDFAFlavour getFlavour() {
return flavour.get();
}
public static void setFlavour(PDFAFlavour flavour) {
StaticContainers.flavour.set(flavour);
if (roleMapHelper.get() != null) {
roleMapHelper.get().setFlavour(flavour);
}
}
public static TaggedPDFRoleMapHelper getRoleMapHelper() {
return roleMapHelper.get();
}
public static void setRoleMapHelper(Map<ASAtom, ASAtom> roleMap) {
StaticContainers.roleMapHelper.set(new TaggedPDFRoleMapHelper(roleMap, StaticContainers.flavour.get()));
}
}
Driven by curiosity, I tried to export the bytecode of GeneratedMethodAccessor1 (generated by the JVM when using reflection).
I try to get the bytecode of the class the following way:
public class MethodExtractor {
public static void main(String[] args) throws Exception {
ExampleClass example = new ExampleClass();
Method exampleMethod = ExampleClass.class
.getDeclaredMethod("exampleMethod");
exampleMethod.setAccessible(true);
int rndSum = 0;
for (int i = 0; i < 20; i++) {
rndSum += (Integer) exampleMethod.invoke(example);
}
Field field = Method.class.getDeclaredField("methodAccessor");
field.setAccessible(true);
Object methodAccessor = field.get(exampleMethod);
Field delegate = methodAccessor.getClass().getDeclaredField("delegate");
delegate.setAccessible(true);
Object gma = delegate.get(methodAccessor);
ByteBuddyAgent.installOnOpenJDK();
try {
ClassFileLocator classFileLocator = ClassFileLocator.AgentBased
.fromInstalledAgent(gma.getClass().getClassLoader());
Unloaded<? extends Object> unloaded = new ByteBuddy().redefine(
gma.getClass(), classFileLocator).make();
Map<TypeDescription, File> saved = unloaded.saveIn(Files
.createTempDirectory("javaproxy").toFile());
saved.forEach((t, u) -> System.out.println(u.getAbsolutePath()));
} catch (IOException e) {
throw new RuntimeException("Failed to save class to file");
}
}
}
I however get the following error when executing this class:
Exception in thread "main" java.lang.NullPointerException
at net.bytebuddy.dynamic.scaffold.TypeWriter$Engine$ForRedefinition.create(TypeWriter.java:172)
at net.bytebuddy.dynamic.scaffold.TypeWriter$Default.make(TypeWriter.java:1182)
at net.bytebuddy.dynamic.scaffold.inline.InlineDynamicTypeBuilder.make(InlineDynamicTypeBuilder.java:244)
at reegnz.dyna.proxy.extractor.MethodExtractor.main(MethodExtractor.java:48)
Basically I first iterate on the method call enough times for the JVM to inflate the method (generate the GeneratedMethodAccessor) and then try to redefine the class to get the bytecode.
I tried the same method to export a generated Proxy class, and it worked flawlessly. That's what drove me to try this.
It seems that the DelegatingClassLoader of the GeneratedMethodAccessor1 class can't even reload the class when I try to load the class with the loadClass method.
Any ideas how I could retrieve the bytecode for GeneratedMethodAccessor classes?
First of all, the NullPointerException is a bug, I just fixed that. The loader should have thrown an IllegalArgumentException instead but it never got that far. Thanks for bringing this to my attention.
Boiled down, the problem Byte Buddy is facing is that
gma.getClass().getClassLoader().findClass(gma.getClass().getName());
throws a ClassNotFoundException. This is a consequence of using a DelegatingClassLoader for the accessor classes. As an educated guess, I think that this class loader intends to shield its classes from the outside in order to make them easily garbage collectable. However, not allowing the lookup of a class what somewhat breaks the contract for a ClassLoader. Apart from that, I assume that this loading routine will be refactored to use the JDK's anonymous class loaders at some point in the future (similar to classes representing lambda expressions). Strangely enough, it seems like the source code for the DelegatingClassLoader is not available in the JDK even though I can find it in the distribution. Probably, the VM treats these loader specially at some place.
For now, you can use the following ClassFileTransformer which uses some reflection magic on the class loader to locate the loaded class and to then extract the byte array. (The ClassFileLocator interface only takes a name instead of a loaded class in order to allow working with unloaded types which is normally always the case. No idea why this does not work in this case.)
class DelegateExtractor extends ClassFileLocator.AgentBased {
private final ClassLoader classLoader;
private final Instrumentation instrumentation;
public DelegateExtractor(ClassLoader classLoader, Instrumentation instrumentation) {
super(classLoader, instrumentation);
this.classLoader = classLoader;
this.instrumentation = instrumentation;
}
#Override
public Resolution locate(String typeName) {
try {
ExtractionClassFileTransformer classFileTransformer =
new ExtractionClassFileTransformer(classLoader, typeName);
try {
instrumentation.addTransformer(classFileTransformer, true);
// Start nasty hack
Field field = ClassLoader.class.getDeclaredField("classes");
field.setAccessible(true);
instrumentation.retransformClasses(
(Class<?>) ((Vector<?>) field.get(classLoader)).get(0));
// End nasty hack
byte[] binaryRepresentation = classFileTransformer.getBinaryRepresentation();
return binaryRepresentation == null
? Resolution.Illegal.INSTANCE
: new Resolution.Explicit(binaryRepresentation);
} finally {
instrumentation.removeTransformer(classFileTransformer);
}
} catch (Exception ignored) {
return Resolution.Illegal.INSTANCE;
}
}
}
To further simplify your code, you can use the ClassFileLocators directly instead of applying a rewrite which as a matter of fact might slightly modify the class file even if you do not apply any changes to a class.
I have utility class U that depends on a library X, and must go in a package that will be used from programs with X available (where it should do its normal stuff), and places without X (where it should do nothing). Without splitting the class in two, I have found a simple pattern that solves this:
package foo;
import bar.MisteriousX;
public class U {
static private boolean isXPresent = false;
static {
try {
isXPresent = (null != U.class.getClassLoader().loadClass("bar.MisteriousX"));
} catch (Exception e) {
// loading of a sample X class failed: no X for you
}
}
public static void doSomething() {
if (isXPresent) {
new Runnable() {
public void run() {
System.err.println("X says " + MisteriousX.say());
}
}.run();
} else {
System.err.println("X is not there");
}
}
public static void main(String args[]) { doSomething(); }
}
With this pattern, U requires X present to compile, but works as expected when run with or without X present. Unless all accesses to the X library are inside internal classes, this code launches a classloader exception.
Questions: is import resolution guaranteed to work like this everywhere, or will it depend on JVM/ClassLoader implementation? Is there an established pattern for this? Is the above code-snippet too hackish to make it into production?
Generally, when a class is first loaded, then if it refers to a class which does not exist, that might lead to an error. So yes, having one class do the check and another class actually access the external package without reflection will work as intended, at least on all implementations I've seen so far. It doesn't have to be an inner class.
The Linking section in the JVM specs give great freedom to implementations. If you don't use the two-class approach, then the verification of U in an implementation using eager linking will cause an attempt to load X which results in a LinkageError. The specs don't require the references class to be verified as well, but neither does it forbid such early verification. It does however require that
any error detected during resolution must be thrown at a point in the
program that (directly or indirectly) uses a symbolic reference to the
class or interface.
Seems you should be safe to assume that the error is only thrown when you actually access your inner class. If you look at the history of this answer, you will find that I already changed my opinion twice, so there will be no guarantees that I read it correctly this timeā¦ :-/
I do a similar thing in jOOQ, in order to load optional logging framework dependencies. I share your feelings about the fact that this is a bit of a hack, though. A sample code snippet of field initialisation, depending on class availability:
public final class JooqLogger {
private org.slf4j.Logger slf4j;
private org.apache.log4j.Logger log4j;
private java.util.logging.Logger util;
public static JooqLogger getLogger(Class<?> clazz) {
JooqLogger result = new JooqLogger();
// Prioritise slf4j
try {
result.slf4j = org.slf4j.LoggerFactory.getLogger(clazz);
}
// If that's not on the classpath, try log4j instead
catch (Throwable e1) {
try {
result.log4j = org.apache.log4j.Logger.getLogger(clazz);
}
// If that's not on the classpath either, ignore most of logging
catch (Throwable e2) {
result.util= java.util.logging.Logger.getLogger(clazz.getName());
}
}
return result;
}
[...]
And then, later on, the logger switch, depending on previously loaded classes:
public boolean isTraceEnabled() {
if (slf4j != null) {
return slf4j.isTraceEnabled();
}
else if (log4j != null) {
return log4j.isTraceEnabled();
}
else {
return util.isLoggable(Level.FINER);
}
}
The rest of the source code can be seen here. In essence, I have a compile-time dependency to both slf4j, and log4j, which I render optional at runtime using a similar pattern as you.
This could cause problems in OSGi environments, for instance, where classloading is a bit more complex than when you just use the standard JDK / JRE classloading mechanisms. However, so far I wasn't made aware of any issues