So after HBASE-26773, we still have another problem that we can not use sun.nio.ch.DirectBuffer. The main usage is to get the address.
Let me provide a new util method in the hbase-unsafe module. Andrew Purtell <andrew.purt...@gmail.com> 于2022年2月26日周六 13:58写道: > That sounds good, looking forward to it. Please let me know if you want > help. > > > On Feb 25, 2022, at 9:56 PM, 张铎 <palomino...@gmail.com> wrote: > > > > Filed HBASE-26773 and tried, the result is not very good. Netty's > > PlatformDependent can not meet all the requirements. > > > > So now I prefer we have a new hbase-thirdparty-unsafe module to provide > the > > Unsafe ability without exposing sun.misc.Unsafe directly. > > > > Will give it a try. > > > > Thanks. > > > > Andrew Purtell <apurt...@apache.org> 于2022年2月24日周四 10:46写道: > > > >> Ok, a bridge in one place would minimize the risk. > >> > >>> On Wed, Feb 23, 2022 at 6:07 PM 张铎(Duo Zhang) <palomino...@gmail.com> > >>> wrote: > >>> > >>> I think this is a reasonable concern, we could do this on our own. > >>> > >>> But checking the commit history of PlatformDependent[1], the API is > >> pretty > >>> stable, so I think the risk of hitting a security issue but we can not > >>> upgrade due to API conflicts is very low. And if a security issue > >> requires > >>> big changes on PlatformDependent, then I assume we have to fix our own > >>> version as well... > >>> > >>> And we will not spread PlatformDependent references everywhere in our > >> code, > >>> we will still have a bridge, like the current UnsafeAccess. So if later > >> we > >>> decide to implement our own version, it will not introduce a big impact > >> to > >>> our code base. > >>> > >>> Thanks. > >>> > >>> > >>> [1] > >>> > >>> > >> > https://github.com/netty/netty/commits/4.1/common/src/main/java/io/netty/util/internal/PlatformDependent.java > >>> > >>> Andrew Purtell <apurt...@apache.org> 于2022年2月24日周四 01:12写道: > >>> > >>>> We often upgrade netty after there is a CVE announcement. This > >> produces a > >>>> pressure to upgrade in production. Use of an internal API is not a > good > >>>> practice because it can cause friction because of breaking changes > when > >>>> there is a need to upgrade all of a sudden. This is painful and > >> hopefully > >>>> we can exclude it as a possibility now when coming up with the plan. > We > >>> can > >>>> do the same thing they do in our own hbase-thirdparty without taking > >> the > >>>> dependency and achieve the same goal, right? > >>>> > >>>> On Mon, Feb 21, 2022 at 7:35 PM 张铎(Duo Zhang) <palomino...@gmail.com> > >>>> wrote: > >>>> > >>>>> For me, since we shade netty, there will be no conflict with other > >>> netty > >>>>> dependencies, so we can make sure the netty version we used is > >> exactly > >>>> the > >>>>> one we shaded in hbase-thirdparty. > >>>>> > >>>>> If later we want to upgrade netty version in hbase-thirdparty, and it > >>>>> breaks the api, then we can release a new hbase-thirdparty, and > >> upgrade > >>>> the > >>>>> main hbase repo to depend on the new hbase-thirdparty version, and > >> also > >>>>> modify the code in hbase accordingly. There will be no user visible > >>>>> affects. > >>>>> > >>>>> Anyway, let me have a try first. Even with netty's PaltformDependent > >>>> class, > >>>>> since it still references sun.misc.Unsafe, maybe we will still get an > >>>>> compile error... > >>>>> > >>>>> Thanks. > >>>>> > >>>>> Andrew Purtell <apurt...@apache.org> 于2022年2月22日周二 08:08写道: > >>>>> > >>>>>> Thanks for that. I understand better what you are proposing now. It > >>> is > >>>>>> clear that you have thought it through. > >>>>>> > >>>>>> So then the only question I have is this: Do you think it is a > >>> concern > >>>>> that > >>>>>> Netty's PlatformDependent class is in their > >> "io.netty.util.internal" > >>>>>> package? The 'internal' designation suggests to me they won't apply > >>> the > >>>>>> same care to not breaking users of it as they would for their > >> public > >>>>>> (non-"internal") API. I noticed this earlier but had other > >> questions > >>> at > >>>>>> that time. > >>>>>> > >>>>>> If it is a concern, we have the option of doing the same thing that > >>>> Netty > >>>>>> has done with their PlatformDependent class as a new utility class > >> of > >>>> our > >>>>>> own in hbase-thirdparty. This may impose special requirements on > >>>> building > >>>>>> hbase-thirdparty, or, at least, the module containing this wrapper, > >>> but > >>>>> it > >>>>>> is an option that would help us avoid external breaking changes. > >> For > >>>> your > >>>>>> consideration. > >>>>>> > >>>>>> On Mon, Feb 21, 2022 at 3:48 PM 张铎(Duo Zhang) < > >> palomino...@gmail.com > >>>> > >>>>>> wrote: > >>>>>> > >>>>>>> What I proposed here is for solving the problem… > >>>>>>> > >>>>>>> The problem is that when using —release 8, javac will not export > >>> the > >>>>>>> jdk.unsupported symbols, so using sun.misc.Unsafe will trigger a > >>>>> compile > >>>>>>> error. But at runtime if you export jdk.unsupported you can still > >>> use > >>>>>>> sun.misc.Unsafe. The related jdk issue said —release is only for > >>>> public > >>>>>> API > >>>>>>> so not exporting jdk.unsupported is the expected behavior. > >>>>>>> > >>>>>>> So what I proposed here is to remove direct dependency on > >>>>> sun.misc.Unsafe > >>>>>>> in HBase code, so at compile time there will be no problem. Betty > >>>> has a > >>>>>>> wrapper of Unsafe so I think we could have a try. At runtime if > >> we > >>>> have > >>>>>>> jdk.unsupported exported we could still actually make use of > >>>>>>> sun.misc.Unsafe. > >>>>>>> > >>>>>>> Feel free to correct me if I missed something or there are still > >>>>>> uncleared > >>>>>>> things. > >>>>>>> > >>>>>>> Thanks. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> Andrew Purtell <andrew.purt...@gmail.com>于2022年2月22日 周二00:56写道: > >>>>>>> > >>>>>>>> As Nick discovered ‘—release’ doesn’t work for version 8 > >> anyway. > >>>>>>>> > >>>>>>>> > >>>>>>>>> On Feb 20, 2022, at 3:47 PM, 张铎 <palomino...@gmail.com> > >> wrote: > >>>>>>>>> > >>>>>>>>> I know, with —release 8 ByteBuffer will not be an problem > >> but > >>>> then > >>>>>>>>> sun.misc.Unsafe can not be used any more right? So the > >> problem > >>>> here > >>>>>> is > >>>>>>>> how > >>>>>>>>> to make use of Unsafe with —release 8. What I proposed here > >> is > >>>> that > >>>>>> we > >>>>>>>> just > >>>>>>>>> do not use it, then we can make use of —release 8 to address > >>> the > >>>>>>>> ByteBuffer > >>>>>>>>> problem. > >>>>>>>>> > >>>>>>>>> Thanks. > >>>>>>>>> > >>>>>>>>> Andrew Purtell <apurt...@apache.org>于2022年2月21日 周一03:32写道: > >>>>>>>>> > >>>>>>>>>> The problem that leads us to consider '--release 8', or what > >>> it > >>>>>> would > >>>>>>>>>> promise if it worked, isn't Unsafe, it is ByteBuffer. > >>>>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>> > >>>>> > >>>> > >>> > >> > https://www.morling.dev/blog/bytebuffer-and-the-dreaded-nosuchmethoderror/ > >>>>>>>>>> . Although to your point Netty has ByteBuf... > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>> On Sun, Feb 20, 2022 at 5:23 AM 张铎(Duo Zhang) < > >>>>>> palomino...@gmail.com > >>>>>>>> > >>>>>>>>>>> wrote: > >>>>>>>>>>> > >>>>>>>>>>> Since we have shaded netty, I think we could make use of > >>>>>>>>>>> netty's PlatformDependent[1] class to avoid referencing > >>> Unsafe > >>>>>>>> directly, > >>>>>>>>>>> then there will be no problem for us to use the '--release > >> 8' > >>>>>> option. > >>>>>>>>>>> > >>>>>>>>>>> If no big concerns, I will file an issue to remove all the > >>>>>>>>>> sun.misc.Unsafe > >>>>>>>>>>> references in our code base and make use of > >> PlatformDependent > >>>>> from > >>>>>>> the > >>>>>>>>>>> shaded netty. > >>>>>>>>>>> > >>>>>>>>>>> Thanks. > >>>>>>>>>>> > >>>>>>>>>>> 1. > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>> > >>>>> > >>>> > >>> > >> > https://github.com/netty/netty/blob/4.1/common/src/main/java/io/netty/util/internal/PlatformDependent.java > >>>>>>>>>>> > >>>>>>>>>>> 张铎(Duo Zhang) <palomino...@gmail.com> 于2022年2月16日周三 > >> 14:12写道: > >>>>>>>>>>> > >>>>>>>>>>>> I think this could be done by some module tricks, where we > >>>>> build a > >>>>>>>>>>> special > >>>>>>>>>>>> module with -source 8 and -target 8.We have done similar > >>>> things > >>>>> in > >>>>>>> the > >>>>>>>>>>> past > >>>>>>>>>>>> to have hadoop1-compat and hadoop2-compact. > >>>>>>>>>>>> > >>>>>>>>>>>> Let me have a try. > >>>>>>>>>>>> > >>>>>>>>>>>> Sean Busbey <bus...@apache.org> 于2022年2月16日周三 13:31写道: > >>>>>>>>>>>> > >>>>>>>>>>>>> Unfortunately if we want to keep jdk8 working we can't > >> rely > >>>> on > >>>>>>>>>> building > >>>>>>>>>>>>> with the jdk release target option on newer jdks. > >>>>>>>>>>>>> > >>>>>>>>>>>>> We ran into this recently in HBASE-25465 where a JDK bug > >>> came > >>>>> up. > >>>>>>>>>>>>> > >>>>>>>>>>>>> On Tue, Feb 15, 2022 at 8:12 PM 张铎(Duo Zhang) < > >>>>>>> palomino...@gmail.com > >>>>>>>>> > >>>>>>>>>>>>> wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>>> +1 on moving the minimum required java version for > >>> compiling > >>>>>> HBase > >>>>>>>>>> to > >>>>>>>>>>>>> Java > >>>>>>>>>>>>>> 11. But we could still use --release=8 to still support > >>> jdk8 > >>>>> at > >>>>>>>>>>> runtime. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Java 8 is still widely used, and I believe this will > >> last > >>>> for > >>>>>> even > >>>>>>>>>>> more > >>>>>>>>>>>>>> years, as lots of big companies such as RedHat, > >> Microsoft > >>>> and > >>>>>>> Amazon > >>>>>>>>>>> are > >>>>>>>>>>>>>> still shipping new jdk8 releases, I do not think it is > >>> time > >>>> to > >>>>>>> fully > >>>>>>>>>>>>> drop > >>>>>>>>>>>>>> the support of jdk8. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Thanks. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Sean Busbey <bus...@apache.org> 于2022年2月16日周三 09:57写道: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> If we set the minJDK to 11 I believe that will > >>> effectively > >>>>>> remove > >>>>>>>>>>> jdk8 > >>>>>>>>>>>>>>> support, rather than "just" deprecate it. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> As we build out more robust testing I would be in favor > >>> of > >>>>>>> running > >>>>>>>>>>>>> less > >>>>>>>>>>>>>> of > >>>>>>>>>>>>>>> it on deprecated JDKs. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On Tue, Feb 15, 2022, 16:10 Josh Elser < > >>> els...@apache.org> > >>>>>>> wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Deprecating jdk8 for HBase 3 and requiring minJdk=11 > >>> seems > >>>>>>>>>>>>> reasonable > >>>>>>>>>>>>>> to > >>>>>>>>>>>>>>>> me. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Gotta start pushing the issue somehow. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> On 2/15/22 1:47 PM, Sean Busbey wrote: > >>>>>>>>>>>>>>>>> Hi folks! > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> It's been some time since we decided to stick to LTS > >>> JDK > >>>>>>>>>>> releases > >>>>>>>>>>>>> as > >>>>>>>>>>>>>> a > >>>>>>>>>>>>>>>> way > >>>>>>>>>>>>>>>>> of getting a handle on the JDK treadmill. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> What do folks think about deprecating JDK8? The > >>> openjdk8u > >>>>>>>>>>> project > >>>>>>>>>>>>> is > >>>>>>>>>>>>>>>> still > >>>>>>>>>>>>>>>>> going and there are commercial support options at > >> least > >>>>>>>>>> through > >>>>>>>>>>>>> 2030. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Deprecating it in HBase 3 would mean we could remove > >> it > >>>> in > >>>>>>>>>> HBase > >>>>>>>>>>>>> 4, > >>>>>>>>>>>>>> not > >>>>>>>>>>>>>>>>> that we would _have_ to remove it. The way I think > >>> about > >>>>>>>>>> likely > >>>>>>>>>>>>>> timing > >>>>>>>>>>>>>>> of > >>>>>>>>>>>>>>>>> these events goes like this: > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> * HBase 2 started alphas in June 2017, betas in > >> January > >>>>> 2018, > >>>>>>>>>>> and > >>>>>>>>>>>>>> came > >>>>>>>>>>>>>>>> out > >>>>>>>>>>>>>>>>> in April 2018 > >>>>>>>>>>>>>>>>> * HBase 3 started alphas in July 2021, and as of Feb > >>> 2022 > >>>>> we > >>>>>>>>>>>>> haven't > >>>>>>>>>>>>>>>>> discussed how close we are to our stated beta goals > >>>>> (upgrades > >>>>>>>>>>> from > >>>>>>>>>>>>>>> active > >>>>>>>>>>>>>>>>> 2.x releases and removal of not-ready features). > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Given the above, in the absence of us specifically > >>>> pushing > >>>>> to > >>>>>>>>>>> roll > >>>>>>>>>>>>>>>> through > >>>>>>>>>>>>>>>>> major version numbers for some reason, I think a > >>>> reasonably > >>>>>>>>>>>>>>> conservative > >>>>>>>>>>>>>>>>> estimate is for HBase 3 to arrive in late 2022 or > >> early > >>>>> 2023 > >>>>>>>>>> and > >>>>>>>>>>>>> then > >>>>>>>>>>>>>>>> HBase > >>>>>>>>>>>>>>>>> 4 to start alphas in ~2025. An HBase 5 prior to 2030 > >>>> seems > >>>>>>>>>>>>> unlikely. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> That all said, our current reference guide section on > >>>> java > >>>>>>>>>>>>> versions > >>>>>>>>>>>>>>> does > >>>>>>>>>>>>>>>>> not sound very confident about JDK11 support. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> A Note on JDK11 * > >>>>>>>>>>>>>>>>>> Preliminary support for JDK11 is introduced with > >> HBase > >>>>>> 2.3.0. > >>>>>>>>>>>>> This > >>>>>>>>>>>>>>>>> support is limited to > >>>>>>>>>>>>>>>>>> compilation and running the full test suite. There > >> are > >>>>> open > >>>>>>>>>>>>>> questions > >>>>>>>>>>>>>>>>> regarding the runtime > >>>>>>>>>>>>>>>>>> compatibility of JDK11 with Apache ZooKeeper and > >>> Apache > >>>>>>>>>> Hadoop > >>>>>>>>>>>>>>>>> (HADOOP-15338). > >>>>>>>>>>>>>>>>>> Significantly, neither project has yet released a > >>>> version > >>>>>>>>>> with > >>>>>>>>>>>>>>> explicit > >>>>>>>>>>>>>>>>> runtime support for > >>>>>>>>>>>>>>>>>> JDK11. The remaining known issues in HBase are > >>>> catalogued > >>>>> in > >>>>>>>>>>>>>>>> HBASE-22972. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Since that blurb was written, Hadoop has added JDK11 > >>>>> support > >>>>>>>>>> [1] > >>>>>>>>>>>>> as > >>>>>>>>>>>>>> has > >>>>>>>>>>>>>>>>> ZooKeeper[2]. As a part of buttoning up our JDK11 > >>> support > >>>>> we > >>>>>>>>>>> could > >>>>>>>>>>>>>>> update > >>>>>>>>>>>>>>>>> our minimum supported versions of these projects to > >>> match > >>>>>> that > >>>>>>>>>>>>>> support. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> What do folks think? > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> [1]: > >> https://hadoop.apache.org/docs/r3.3.0/index.html > >>>>>>>>>>>>>>>>> [2]: > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>> > >>>>>> > >>>> > >> > https://zookeeper.apache.org/doc/r3.6.0/zookeeperAdmin.html#sc_systemReq > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> -- > >>>>>>>>>> Best regards, > >>>>>>>>>> Andrew > >>>>>>>>>> > >>>>>>>>>> Unrest, ignorance distilled, nihilistic imbeciles - > >>>>>>>>>> It's what we’ve earned > >>>>>>>>>> Welcome, apocalypse, what’s taken you so long? > >>>>>>>>>> Bring us the fitting end that we’ve been counting on > >>>>>>>>>> - A23, Welcome, Apocalypse > >>>>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> Best regards, > >>>>>> Andrew > >>>>>> > >>>>>> Unrest, ignorance distilled, nihilistic imbeciles - > >>>>>> It's what we’ve earned > >>>>>> Welcome, apocalypse, what’s taken you so long? > >>>>>> Bring us the fitting end that we’ve been counting on > >>>>>> - A23, Welcome, Apocalypse > >>>>>> > >>>>> > >>>> > >>>> > >>>> -- > >>>> Best regards, > >>>> Andrew > >>>> > >>>> Unrest, ignorance distilled, nihilistic imbeciles - > >>>> It's what we’ve earned > >>>> Welcome, apocalypse, what’s taken you so long? > >>>> Bring us the fitting end that we’ve been counting on > >>>> - A23, Welcome, Apocalypse > >>>> > >>> > >> > >> > >> -- > >> Best regards, > >> Andrew > >> > >> Unrest, ignorance distilled, nihilistic imbeciles - > >> It's what we’ve earned > >> Welcome, apocalypse, what’s taken you so long? > >> Bring us the fitting end that we’ve been counting on > >> - A23, Welcome, Apocalypse > >> >