We have a pool implementation where we had to call abort especially for revoked long running transactions, since they regularly have been locked up in a connection wide synchronized in the close. However we only use it for that case and try to close the objects after the abort anyway. We don’t use it to close connections when they are only idle or too old - owned by the pool.
It seems to be however still a good idea to run the abort/close in a separate task as it can also take ages for example when TLS close handshakes hang (we did try to reduce the connection timeout before but that also can be blocked before the abort) Gruss Bernd -- https://Bernd.eckenfels.net ________________________________ Von: Gary Gregory <garydgreg...@gmail.com> Gesendet: Saturday, August 29, 2020 10:02:42 PM An: Commons Developers List <dev@commons.apache.org> Betreff: Re: [dbcp][pool] Use abort instead of close for abandoned connections? On Sat, Aug 29, 2020 at 2:41 PM Phil Steitz <phil.ste...@gmail.com> wrote: > > On 8/29/20 11:03 AM, Gary Gregory wrote: > > On Sat, Aug 29, 2020 at 1:35 PM Phil Steitz <phil.ste...@gmail.com> > wrote: > > > >> A pool-related deadlock was reported recently in [1] to tomcat-user. > >> The OP was using a different pool, but it looks to me like the same > >> deadlock could happen with dbcp. The source is arguably a driver bug, > >> but in [2], the driver maintainer makes the good point that to avoid the > >> problem in [1] (and others like it) it would be better if pool > >> maintainers used abort instead of close to disconnect "stuck" or > >> abandoned connections. That makes sense to me. > >> > >> To implement this in dbcp, we would need to either always use abort > >> instead of close when closing physical connections (a bad idea, IMO, as > >> it could mess up counters due to async execution and add overhead) > > > > I agree that changing the happy path from close() to abort() is a bad > idea; > > especially since the Connection#close() Javadoc contract releases > database > > resources while abort() does not or is vague about it (at least in the > Java > > 8 Javadoc). > > Yes, bad idea to do that, I think. > > > > > > >> or > >> modify pool to call a different factory method than destroy when > >> triggering close-abandoned. I think the latter makes sense and it could > >> be useful for other pool clients to be able to this kind of thing as > well. > >> > > This means that we would treat abandoned connections like a real resource > > leak in the sense that (if) abort() leaks database resources, then the > DBA > > would have to deal with that. > > Yeah, unless the driver does it cleanly. The other thing to note here > is that abort is async and is supposed to allow ops in progress to > complete, etc. That is kinder to clients but technically allows > maxActive to exceed the cap while the abort is in progress. > > > > > I think formally surfacing an abort path vs. the current close/destroy is > > OK since it reflects what JDBC allows. If that means trickling the > concept > > down to Pool, then that's OK as well IMO. This could be generically > > surfaced with a "close mode" enum passed to close/destroy APIs. This is > > similar to what we did in HttpCore's CloseMode(IMMEDIATE vs GRACEFUL): > > > https://javadoc.io/static/org.apache.httpcomponents.core5/httpcore5/5.0.1/org/apache/hc/core5/io/CloseMode.html > > Exactly. I think the abandoned-destroy is legitimately different from > the other destroy use cases and I could see other kinds of pools > (sockets, jms, etc) benefiting from having the ability to handle destroy > differently for abandoned (or other) cases. > > > > > > >> What I propose is that we make these change to pool: > >> > >> 1. Add a new method to PooledObjectFactory called "abandonObject" with > >> default implementation delegating to destroyObject. > >> > > That or overload destroyObject with a destroyObject(CloseMode) would be > > easier to find. > > Yes, I think that would be better. That raises the interesting question > of what are the CloseModes. All we need for this issue is normal vs > abandoned, but I can see value in providing fuller context to > factories. So if we are doing it, why not something like: > > invalidated > abandoned > evicted > excess idle > failed validation > failed activation > failed passivation > clearing pool > I think a YAGNI-style approach would work well here by starting with 2 modes: one to support the current behavior (default) and another to support the new behavior backed by Connection#abort() in DBCP. A third "escape hatch" mode could see passing in a lamba I suppose. I really think we should start by just focusing on the one issue at hand before we enlarge the solution. 2c, Gary > Phil > > > > > > > Gary > > > > > >> 2. Change the logic in removeAbandoned to call the new factory method > >> instead of destroyObject > >> > >> And then in dbcp: > >> > >> * Add implementation of abandonObject in PoolableConnectionFactory to > >> call abort. > >> > >> wdyt? > >> > >> Phil > >> > >> [1] > >> > >> > https://lists.apache.org/thread.html/r7095d641bbc8db0a526d2d9a18684202347a747cf0e315a4a50d2001%40%3Cusers.tomcat.apache.org%3E > >> > >> [2] https://bugs.mysql.com/bug.php?id=64954 > >> > >> > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
