Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/rmi/transport/DGCClient.java
38831 views
/*1* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/24package sun.rmi.transport;2526import java.io.InvalidClassException;27import java.lang.ref.PhantomReference;28import java.lang.ref.ReferenceQueue;29import java.net.SocketPermission;30import java.rmi.UnmarshalException;31import java.security.AccessController;32import java.security.PrivilegedAction;33import java.util.HashMap;34import java.util.HashSet;35import java.util.Iterator;36import java.util.List;37import java.util.Map;38import java.util.Set;39import java.rmi.ConnectException;40import java.rmi.RemoteException;41import java.rmi.dgc.DGC;42import java.rmi.dgc.Lease;43import java.rmi.dgc.VMID;44import java.rmi.server.ObjID;4546import sun.misc.GC;47import sun.rmi.runtime.Log;48import sun.rmi.runtime.NewThreadAction;49import sun.rmi.server.UnicastRef;50import sun.rmi.server.Util;51import sun.security.action.GetLongAction;5253import java.security.AccessControlContext;54import java.security.Permissions;55import java.security.ProtectionDomain;5657/**58* DGCClient implements the client-side of the RMI distributed garbage59* collection system.60*61* The external interface to DGCClient is the "registerRefs" method.62* When a LiveRef to a remote object enters the VM, it needs to be63* registered with the DGCClient to participate in distributed garbage64* collection.65*66* When the first LiveRef to a particular remote object is registered,67* a "dirty" call is made to the server-side distributed garbage68* collector for the remote object, which returns a lease guaranteeing69* that the server-side DGC will not collect the remote object for a70* certain period of time. While LiveRef instances to remote objects71* on a particular server exist, the DGCClient periodically sends more72* "dirty" calls to renew its lease.73*74* The DGCClient tracks the local reachability of registered LiveRef75* instances (using phantom references). When the LiveRef instance76* for a particular remote object becomes garbage collected locally,77* a "clean" call is made to the server-side distributed garbage78* collector, indicating that the server no longer needs to keep the79* remote object alive for this client.80*81* @see java.rmi.dgc.DGC, sun.rmi.transport.DGCImpl82*83* @author Ann Wollrath84* @author Peter Jones85*/86final class DGCClient {8788/** next sequence number for DGC calls (access synchronized on class) */89private static long nextSequenceNum = Long.MIN_VALUE;9091/** unique identifier for this VM as a client of DGC */92private static VMID vmid = new VMID();9394/** lease duration to request (usually ignored by server) */95private static final long leaseValue = // default 10 minutes96AccessController.doPrivileged(97new GetLongAction("java.rmi.dgc.leaseValue",98600000)).longValue();99100/** maximum interval between retries of failed clean calls */101private static final long cleanInterval = // default 3 minutes102AccessController.doPrivileged(103new GetLongAction("sun.rmi.dgc.cleanInterval",104180000)).longValue();105106/** maximum interval between complete garbage collections of local heap */107private static final long gcInterval = // default 1 hour108AccessController.doPrivileged(109new GetLongAction("sun.rmi.dgc.client.gcInterval",1103600000)).longValue();111112/** minimum retry count for dirty calls that fail */113private static final int dirtyFailureRetries = 5;114115/** retry count for clean calls that fail with ConnectException */116private static final int cleanFailureRetries = 5;117118/** constant empty ObjID array for lease renewal optimization */119private static final ObjID[] emptyObjIDArray = new ObjID[0];120121/** ObjID for server-side DGC object */122private static final ObjID dgcID = new ObjID(ObjID.DGC_ID);123124/**125* An AccessControlContext with only socket permissions,126* suitable for an RMIClientSocketFactory.127*/128private static final AccessControlContext SOCKET_ACC;129static {130Permissions perms = new Permissions();131perms.add(new SocketPermission("*", "connect,resolve"));132ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };133SOCKET_ACC = new AccessControlContext(pd);134}135136/*137* Disallow anyone from creating one of these.138*/139private DGCClient() {}140141/**142* Register the LiveRef instances in the supplied list to participate143* in distributed garbage collection.144*145* All of the LiveRefs in the list must be for remote objects at the146* given endpoint.147*/148static void registerRefs(Endpoint ep, List<LiveRef> refs) {149/*150* Look up the given endpoint and register the refs with it.151* The retrieved entry may get removed from the global endpoint152* table before EndpointEntry.registerRefs() is able to acquire153* its lock; in this event, it returns false, and we loop and154* try again.155*/156EndpointEntry epEntry;157do {158epEntry = EndpointEntry.lookup(ep);159} while (!epEntry.registerRefs(refs));160}161162/**163* Get the next sequence number to be used for a dirty or clean164* operation from this VM. This method should only be called while165* synchronized on the EndpointEntry whose data structures the166* operation affects.167*/168private static synchronized long getNextSequenceNum() {169return nextSequenceNum++;170}171172/**173* Given the length of a lease and the time that it was granted,174* compute the absolute time at which it should be renewed, giving175* room for reasonable computational and communication delays.176*/177private static long computeRenewTime(long grantTime, long duration) {178/*179* REMIND: This algorithm should be more sophisticated, waiting180* a longer fraction of the lease duration for longer leases.181*/182return grantTime + (duration / 2);183}184185/**186* EndpointEntry encapsulates the client-side DGC information specific187* to a particular Endpoint. Of most significance is the table that188* maps LiveRef value to RefEntry objects and the renew/clean thread189* that handles asynchronous client-side DGC operations.190*/191private static class EndpointEntry {192193/** the endpoint that this entry is for */194private Endpoint endpoint;195/** synthesized reference to the remote server-side DGC */196private DGC dgc;197198/** table of refs held for endpoint: maps LiveRef to RefEntry */199private Map<LiveRef, RefEntry> refTable = new HashMap<>(5);200/** set of RefEntry instances from last (failed) dirty call */201private Set<RefEntry> invalidRefs = new HashSet<>(5);202203/** true if this entry has been removed from the global table */204private boolean removed = false;205206/** absolute time to renew current lease to this endpoint */207private long renewTime = Long.MAX_VALUE;208/** absolute time current lease to this endpoint will expire */209private long expirationTime = Long.MIN_VALUE;210/** count of recent dirty calls that have failed */211private int dirtyFailures = 0;212/** absolute time of first recent failed dirty call */213private long dirtyFailureStartTime;214/** (average) elapsed time for recent failed dirty calls */215private long dirtyFailureDuration;216217/** renew/clean thread for handling lease renewals and clean calls */218private Thread renewCleanThread;219/** true if renew/clean thread may be interrupted */220private boolean interruptible = false;221222/** reference queue for phantom references */223private ReferenceQueue<LiveRef> refQueue = new ReferenceQueue<>();224/** set of clean calls that need to be made */225private Set<CleanRequest> pendingCleans = new HashSet<>(5);226227/** global endpoint table: maps Endpoint to EndpointEntry */228private static Map<Endpoint,EndpointEntry> endpointTable = new HashMap<>(5);229/** handle for GC latency request (for future cancellation) */230private static GC.LatencyRequest gcLatencyRequest = null;231232/**233* Look up the EndpointEntry for the given Endpoint. An entry is234* created if one does not already exist.235*/236public static EndpointEntry lookup(Endpoint ep) {237synchronized (endpointTable) {238EndpointEntry entry = endpointTable.get(ep);239if (entry == null) {240entry = new EndpointEntry(ep);241endpointTable.put(ep, entry);242/*243* While we are tracking live remote references registered244* in this VM, request a maximum latency for inspecting the245* entire heap from the local garbage collector, to place246* an upper bound on the time to discover remote references247* that have become unreachable (see bugid 4171278).248*/249if (gcLatencyRequest == null) {250gcLatencyRequest = GC.requestLatency(gcInterval);251}252}253return entry;254}255}256257private EndpointEntry(final Endpoint endpoint) {258this.endpoint = endpoint;259try {260LiveRef dgcRef = new LiveRef(dgcID, endpoint, false);261dgc = (DGC) Util.createProxy(DGCImpl.class,262new UnicastRef(dgcRef), true);263} catch (RemoteException e) {264throw new Error("internal error creating DGC stub");265}266renewCleanThread = AccessController.doPrivileged(267new NewThreadAction(new RenewCleanThread(),268"RenewClean-" + endpoint, true));269renewCleanThread.start();270}271272/**273* Register the LiveRef instances in the supplied list to participate274* in distributed garbage collection.275*276* This method returns false if this entry was removed from the277* global endpoint table (because it was empty) before these refs278* could be registered. In that case, a new EndpointEntry needs279* to be looked up.280*281* This method must NOT be called while synchronized on this entry.282*/283public boolean registerRefs(List<LiveRef> refs) {284assert !Thread.holdsLock(this);285286Set<RefEntry> refsToDirty = null; // entries for refs needing dirty287long sequenceNum; // sequence number for dirty call288289synchronized (this) {290if (removed) {291return false;292}293294Iterator<LiveRef> iter = refs.iterator();295while (iter.hasNext()) {296LiveRef ref = iter.next();297assert ref.getEndpoint().equals(endpoint);298299RefEntry refEntry = refTable.get(ref);300if (refEntry == null) {301LiveRef refClone = (LiveRef) ref.clone();302refEntry = new RefEntry(refClone);303refTable.put(refClone, refEntry);304if (refsToDirty == null) {305refsToDirty = new HashSet<>(5);306}307refsToDirty.add(refEntry);308}309310refEntry.addInstanceToRefSet(ref);311}312313if (refsToDirty == null) {314return true;315}316317refsToDirty.addAll(invalidRefs);318invalidRefs.clear();319320sequenceNum = getNextSequenceNum();321}322323makeDirtyCall(refsToDirty, sequenceNum);324return true;325}326327/**328* Remove the given RefEntry from the ref table. If that makes329* the ref table empty, remove this entry from the global endpoint330* table.331*332* This method must ONLY be called while synchronized on this entry.333*/334private void removeRefEntry(RefEntry refEntry) {335assert Thread.holdsLock(this);336assert !removed;337assert refTable.containsKey(refEntry.getRef());338339refTable.remove(refEntry.getRef());340invalidRefs.remove(refEntry);341if (refTable.isEmpty()) {342synchronized (endpointTable) {343endpointTable.remove(endpoint);344Transport transport = endpoint.getOutboundTransport();345transport.free(endpoint);346/*347* If there are no longer any live remote references348* registered, we are no longer concerned with the349* latency of local garbage collection here.350*/351if (endpointTable.isEmpty()) {352assert gcLatencyRequest != null;353gcLatencyRequest.cancel();354gcLatencyRequest = null;355}356removed = true;357}358}359}360361/**362* Make a DGC dirty call to this entry's endpoint, for the ObjIDs363* corresponding to the given set of refs and with the given364* sequence number.365*366* This method must NOT be called while synchronized on this entry.367*/368private void makeDirtyCall(Set<RefEntry> refEntries, long sequenceNum) {369assert !Thread.holdsLock(this);370371ObjID[] ids;372if (refEntries != null) {373ids = createObjIDArray(refEntries);374} else {375ids = emptyObjIDArray;376}377378long startTime = System.currentTimeMillis();379try {380Lease lease =381dgc.dirty(ids, sequenceNum, new Lease(vmid, leaseValue));382long duration = lease.getValue();383384long newRenewTime = computeRenewTime(startTime, duration);385long newExpirationTime = startTime + duration;386387synchronized (this) {388dirtyFailures = 0;389setRenewTime(newRenewTime);390expirationTime = newExpirationTime;391}392393} catch (Exception e) {394long endTime = System.currentTimeMillis();395396synchronized (this) {397dirtyFailures++;398399if (e instanceof UnmarshalException400&& e.getCause() instanceof InvalidClassException) {401DGCImpl.dgcLog.log(Log.BRIEF, "InvalidClassException exception in DGC dirty call", e);402return; // protocol error, do not register these refs403}404405if (dirtyFailures == 1) {406/*407* If this was the first recent failed dirty call,408* reschedule another one immediately, in case there409* was just a transient network problem, and remember410* the start time and duration of this attempt for411* future calculations of the delays between retries.412*/413dirtyFailureStartTime = startTime;414dirtyFailureDuration = endTime - startTime;415setRenewTime(endTime);416} else {417/*418* For each successive failed dirty call, wait for a419* (binary) exponentially increasing delay before420* retrying, to avoid network congestion.421*/422int n = dirtyFailures - 2;423if (n == 0) {424/*425* Calculate the initial retry delay from the426* average time elapsed for each of the first427* two failed dirty calls. The result must be428* at least 1000ms, to prevent a tight loop.429*/430dirtyFailureDuration =431Math.max((dirtyFailureDuration +432(endTime - startTime)) >> 1, 1000);433}434long newRenewTime =435endTime + (dirtyFailureDuration << n);436437/*438* Continue if the last known held lease has not439* expired, or else at least a fixed number of times,440* or at least until we've tried for a fixed amount441* of time (the default lease value we request).442*/443if (newRenewTime < expirationTime ||444dirtyFailures < dirtyFailureRetries ||445newRenewTime < dirtyFailureStartTime + leaseValue)446{447setRenewTime(newRenewTime);448} else {449/*450* Give up: postpone lease renewals until next451* ref is registered for this endpoint.452*/453setRenewTime(Long.MAX_VALUE);454}455}456457if (refEntries != null) {458/*459* Add all of these refs to the set of refs for this460* endpoint that may be invalid (this VM may not be in461* the server's referenced set), so that we will462* attempt to explicitly dirty them again in the463* future.464*/465invalidRefs.addAll(refEntries);466467/*468* Record that a dirty call has failed for all of these469* refs, so that clean calls for them in the future470* will be strong.471*/472Iterator<RefEntry> iter = refEntries.iterator();473while (iter.hasNext()) {474RefEntry refEntry = iter.next();475refEntry.markDirtyFailed();476}477}478479/*480* If the last known held lease will have expired before481* the next renewal, all refs might be invalid.482*/483if (renewTime >= expirationTime) {484invalidRefs.addAll(refTable.values());485}486}487}488}489490/**491* Set the absolute time at which the lease for this entry should492* be renewed.493*494* This method must ONLY be called while synchronized on this entry.495*/496private void setRenewTime(long newRenewTime) {497assert Thread.holdsLock(this);498499if (newRenewTime < renewTime) {500renewTime = newRenewTime;501if (interruptible) {502AccessController.doPrivileged(503new PrivilegedAction<Void>() {504public Void run() {505renewCleanThread.interrupt();506return null;507}508});509}510} else {511renewTime = newRenewTime;512}513}514515/**516* RenewCleanThread handles the asynchronous client-side DGC activity517* for this entry: renewing the leases and making clean calls.518*/519private class RenewCleanThread implements Runnable {520521public void run() {522do {523long timeToWait;524RefEntry.PhantomLiveRef phantom = null;525boolean needRenewal = false;526Set<RefEntry> refsToDirty = null;527long sequenceNum = Long.MIN_VALUE;528529synchronized (EndpointEntry.this) {530/*531* Calculate time to block (waiting for phantom532* reference notifications). It is the time until the533* lease renewal should be done, bounded on the low534* end by 1 ms so that the reference queue will always535* get processed, and if there are pending clean536* requests (remaining because some clean calls537* failed), bounded on the high end by the maximum538* clean call retry interval.539*/540long timeUntilRenew =541renewTime - System.currentTimeMillis();542timeToWait = Math.max(timeUntilRenew, 1);543if (!pendingCleans.isEmpty()) {544timeToWait = Math.min(timeToWait, cleanInterval);545}546547/*548* Set flag indicating that it is OK to interrupt this549* thread now, such as if a earlier lease renewal time550* is set, because we are only going to be blocking551* and can deal with interrupts.552*/553interruptible = true;554}555556try {557/*558* Wait for the duration calculated above for any of559* our phantom references to be enqueued.560*/561phantom = (RefEntry.PhantomLiveRef)562refQueue.remove(timeToWait);563} catch (InterruptedException e) {564}565566synchronized (EndpointEntry.this) {567/*568* Set flag indicating that it is NOT OK to interrupt569* this thread now, because we may be undertaking I/O570* operations that should not be interrupted (and we571* will not be blocking arbitrarily).572*/573interruptible = false;574Thread.interrupted(); // clear interrupted state575576/*577* If there was a phantom reference enqueued, process578* it and all the rest on the queue, generating579* clean requests as necessary.580*/581if (phantom != null) {582processPhantomRefs(phantom);583}584585/*586* Check if it is time to renew this entry's lease.587*/588long currentTime = System.currentTimeMillis();589if (currentTime > renewTime) {590needRenewal = true;591if (!invalidRefs.isEmpty()) {592refsToDirty = invalidRefs;593invalidRefs = new HashSet<>(5);594}595sequenceNum = getNextSequenceNum();596}597}598599boolean needRenewal_ = needRenewal;600Set<RefEntry> refsToDirty_ = refsToDirty;601long sequenceNum_ = sequenceNum;602AccessController.doPrivileged(new PrivilegedAction<Void>() {603public Void run() {604if (needRenewal_) {605makeDirtyCall(refsToDirty_, sequenceNum_);606}607608if (!pendingCleans.isEmpty()) {609makeCleanCalls();610}611return null;612}}, SOCKET_ACC);613} while (!removed || !pendingCleans.isEmpty());614}615}616617/**618* Process the notification of the given phantom reference and any619* others that are on this entry's reference queue. Each phantom620* reference is removed from its RefEntry's ref set. All ref621* entries that have no more registered instances are collected622* into up to two batched clean call requests: one for refs623* requiring a "strong" clean call, and one for the rest.624*625* This method must ONLY be called while synchronized on this entry.626*/627private void processPhantomRefs(RefEntry.PhantomLiveRef phantom) {628assert Thread.holdsLock(this);629630Set<RefEntry> strongCleans = null;631Set<RefEntry> normalCleans = null;632633do {634RefEntry refEntry = phantom.getRefEntry();635refEntry.removeInstanceFromRefSet(phantom);636if (refEntry.isRefSetEmpty()) {637if (refEntry.hasDirtyFailed()) {638if (strongCleans == null) {639strongCleans = new HashSet<>(5);640}641strongCleans.add(refEntry);642} else {643if (normalCleans == null) {644normalCleans = new HashSet<>(5);645}646normalCleans.add(refEntry);647}648removeRefEntry(refEntry);649}650} while ((phantom =651(RefEntry.PhantomLiveRef) refQueue.poll()) != null);652653if (strongCleans != null) {654pendingCleans.add(655new CleanRequest(createObjIDArray(strongCleans),656getNextSequenceNum(), true));657}658if (normalCleans != null) {659pendingCleans.add(660new CleanRequest(createObjIDArray(normalCleans),661getNextSequenceNum(), false));662}663}664665/**666* CleanRequest holds the data for the parameters of a clean call667* that needs to be made.668*/669private static class CleanRequest {670671final ObjID[] objIDs;672final long sequenceNum;673final boolean strong;674675/** how many times this request has failed */676int failures = 0;677678CleanRequest(ObjID[] objIDs, long sequenceNum, boolean strong) {679this.objIDs = objIDs;680this.sequenceNum = sequenceNum;681this.strong = strong;682}683}684685/**686* Make all of the clean calls described by the clean requests in687* this entry's set of "pending cleans". Clean requests for clean688* calls that succeed are removed from the "pending cleans" set.689*690* This method must NOT be called while synchronized on this entry.691*/692private void makeCleanCalls() {693assert !Thread.holdsLock(this);694695Iterator<CleanRequest> iter = pendingCleans.iterator();696while (iter.hasNext()) {697CleanRequest request = iter.next();698try {699dgc.clean(request.objIDs, request.sequenceNum, vmid,700request.strong);701iter.remove();702} catch (Exception e) {703/*704* Many types of exceptions here could have been705* caused by a transient failure, so try again a706* few times, but not forever.707*/708if (++request.failures >= cleanFailureRetries) {709iter.remove();710}711}712}713}714715/**716* Create an array of ObjIDs (needed for the DGC remote calls)717* from the ids in the given set of refs.718*/719private static ObjID[] createObjIDArray(Set<RefEntry> refEntries) {720ObjID[] ids = new ObjID[refEntries.size()];721Iterator<RefEntry> iter = refEntries.iterator();722for (int i = 0; i < ids.length; i++) {723ids[i] = iter.next().getRef().getObjID();724}725return ids;726}727728/**729* RefEntry encapsulates the client-side DGC information specific730* to a particular LiveRef value. In particular, it contains a731* set of phantom references to all of the instances of the LiveRef732* value registered in the system (but not garbage collected733* locally).734*/735private class RefEntry {736737/** LiveRef value for this entry (not a registered instance) */738private LiveRef ref;739/** set of phantom references to registered instances */740private Set<PhantomLiveRef> refSet = new HashSet<>(5);741/** true if a dirty call containing this ref has failed */742private boolean dirtyFailed = false;743744public RefEntry(LiveRef ref) {745this.ref = ref;746}747748/**749* Return the LiveRef value for this entry (not a registered750* instance).751*/752public LiveRef getRef() {753return ref;754}755756/**757* Add a LiveRef to the set of registered instances for this entry.758*759* This method must ONLY be invoked while synchronized on this760* RefEntry's EndpointEntry.761*/762public void addInstanceToRefSet(LiveRef ref) {763assert Thread.holdsLock(EndpointEntry.this);764assert ref.equals(this.ref);765766/*767* Only keep a phantom reference to the registered instance,768* so that it can be garbage collected normally (and we can be769* notified when that happens).770*/771refSet.add(new PhantomLiveRef(ref));772}773774/**775* Remove a PhantomLiveRef from the set of registered instances.776*777* This method must ONLY be invoked while synchronized on this778* RefEntry's EndpointEntry.779*/780public void removeInstanceFromRefSet(PhantomLiveRef phantom) {781assert Thread.holdsLock(EndpointEntry.this);782assert refSet.contains(phantom);783refSet.remove(phantom);784}785786/**787* Return true if there are no registered LiveRef instances for788* this entry still reachable in this VM.789*790* This method must ONLY be invoked while synchronized on this791* RefEntry's EndpointEntry.792*/793public boolean isRefSetEmpty() {794assert Thread.holdsLock(EndpointEntry.this);795return refSet.size() == 0;796}797798/**799* Record that a dirty call that explicitly contained this800* entry's ref has failed.801*802* This method must ONLY be invoked while synchronized on this803* RefEntry's EndpointEntry.804*/805public void markDirtyFailed() {806assert Thread.holdsLock(EndpointEntry.this);807dirtyFailed = true;808}809810/**811* Return true if a dirty call that explicitly contained this812* entry's ref has failed (and therefore a clean call for this813* ref needs to be marked "strong").814*815* This method must ONLY be invoked while synchronized on this816* RefEntry's EndpointEntry.817*/818public boolean hasDirtyFailed() {819assert Thread.holdsLock(EndpointEntry.this);820return dirtyFailed;821}822823/**824* PhantomLiveRef is a PhantomReference to a LiveRef instance,825* used to detect when the LiveRef becomes permanently826* unreachable in this VM.827*/828private class PhantomLiveRef extends PhantomReference<LiveRef> {829830public PhantomLiveRef(LiveRef ref) {831super(ref, EndpointEntry.this.refQueue);832}833834public RefEntry getRefEntry() {835return RefEntry.this;836}837}838}839}840}841842843