Since ObjectInputStream is a big hotspot,  for testing purposes, I merged these 
changes into my local version of River,  my validating ObjectInputStream 
outperforms the standard java ois

Then TaskManager, used by the test became a problem, with tasks in contention 
up to 30% of the time.

Next I replaced TaskManager with an ExecutorService (River 3, only uses 
TaskManager in tests now, it's no longer used by release code), but there was 
still contention  although not quite as bad.

Then I notice that tasks in the test call Thread.yield(), which tends to 
thrash, so I replaced it with a short sleep of 100ms.

Now monitor state was a maximum of 5%, much better.

After these changes, the hotspot consuming 27% cpu was JERI's 
ConnectionManager.connect,  followed by Class.getDeclaredMethod at 15.5%, 
Socket.accept 14.4% and Class.newInstance at 10.8%.

My validating ois,  originating from apache harmony, was modified to use 
explicit constructors during deserialization.  This addressed finalizer 
attacks, final field immutability and input stream validation and the ois 
itself places a limit on downloaded bytes by controlling array creation and 
expecting a stream reset every so often, if it doesn't receive one, it throws 
an exception  The reset ensures the receiver will regain control of the stream 
before any DOS can occur, even for long running connections that transfer a lot 
of data.  There is no support for circular links in object graphs at this stage.

The deserialization constructor accepts a parameter that's caller sensitive, so 
each class in an object's inheritance hierarchy has it's own get field 
namespace. 

A child class can validate it's parent class invariants by creating a 
superclass only instance, calling its constructor and passing the caller 
sensitive parameter (it cannot create this itself, it's created by the ois), 
once the class has validated all invariants including the superclasses , the 
client class knows it's safe to proceed with construction, otherwise it throws 
an exception, an instance has not been created and deserialization is 
terminated there.

Validation is performed inside static methods, prior to an object instance 
being created.

The openjdk team have adopted static method validation, but not the 
constructor.  Unfortunately, that alone, wouldn't provide the level of security 
required for an internet visible service or registrar.

The constructor and validation are very simple  to implement.

This would allow an internet based registrar to safely download only the 
bootstrap proxy to clients, so the client can authenticate it, before 
downloading Entry's for local filtering or ServiceUI, followed by the smart 
proxy.  This would be performed by proxy preparation.  So clients using SDM 
wouldn't require modification, with changes being backward compatible.

This would provide both security and delayed unmarshalling along with a 
significant increase in performance, as clients only ever download what they 
need and permit.

The validating ois was designed for bootstrap proxy's, the lookup service and 
unicast discovery,  but can be also implemented by services as well, as I have 
done.  A new constraint determines whether validating, or standard 
serialization is used.

Since we can now take advantage of interface default methods, we have an 
opportunity to alter the lookup service interface, should we wish to leave 
existing methods as they are and implement delayed unmarshalling and 
authenticate prior to unmarshalling smart proxy's.

Regards,

Peter.

Sent from my Samsung device.
  Include original message
---- Original message ----
From: Bryan Thompson <br...@systap.com>
Sent: 03/12/2015 11:48:12 am
To: <dev@river.apache.org> <dev@river.apache.org>
Subject: Re: Trunk merge and thread pools

Great! 

---- 
Bryan Thompson 
Chief Scientist & Founder 
SYSTAP, LLC 
4501 Tower Road 
Greensboro, NC 27410 
br...@systap.com 
http://blazegraph.com 
http://blog.blazegraph.com 

Blazegraph™ <http://www.blazegraph.com/> is our ultra high-performance 
graph database that supports both RDF/SPARQL and Tinkerpop/Blueprints 
APIs.  Blazegraph is now available with GPU acceleration using our disruptive 
technology to accelerate data-parallel graph analytics and graph query. 

CONFIDENTIALITY NOTICE:  This email and its contents and attachments are 
for the sole use of the intended recipient(s) and are confidential or 
proprietary to SYSTAP. Any unauthorized review, use, disclosure, 
dissemination or copying of this email or its contents or attachments is 
prohibited. If you have received this communication in error, please notify 
the sender by reply email and permanently delete all copies of the email 
and its contents and attachments. 

On Wed, Dec 2, 2015 at 7:26 PM, Peter <j...@zeus.net.au> wrote: 

> Just tried wrapping an Executors.newCachedThreadPool with a thread factory 
> that creates threads as per the original 
> org.apache.river.thread.NewThreadAction. 
> 
> Performance is much improved, the hotspot is gone. 
> 
> There are regression tests with sun bug Id's, which cause oome.  I thought 
> this might 
> prevent the executor from running,  but to my surprise both tests pass. 
> These tests failed when I didn't pool threads and just let them be gc'd. 
> These tests created over 11000 threads with waiting tasks.  In practise I 
> wouldn't expect that to happen as an IOException should be thrown.  However 
> there are sun bug id's 6313626 and 6304782 for these regression tests, if 
> anyone has a record of these bugs or any information they can share, it 
> would be much appreciated. 
> 
> It's worth noting that the jvm memory options should be tuned properly to 
> avoid oome in any case. 
> 
> Lesson here is, creating threads and gc'ing them is much faster than 
> thread pooling if your thread pool is not well optimised.. 
> 
> It's worth noting that ObjectInputStream is now the hotspot for the test, 
> the tested code's hotspots are DatagramSocket and SocketInputStream. 
> 
> ClassLoading is thread confined, there's a lot of class loading going on, 
> but because it is uncontended, it only consumes 0.2% cpu, about the same as 
> our security architecture overhead (non encrypted). 
> 
> Regards, 
> 
> Peter. 
> 
> Sent from my Samsung device. 
>   Include original message 
> ---- Original message ---- 
> From: Bryan Thompson <br...@systap.com> 
> Sent: 02/12/2015 11:25:03 pm 
> To: <dev@river.apache.org> <dev@river.apacheorg> 
> Subject: Re: Trunk merge and thread pools 
> 
> Ah. I did not realize that we were discussing a river specific ThreadPool 
> vs a Java Concurrency classes ThreadPoolExecutor.  I assume that it would 
> be difficult to just substitute in one of the standard executors? 
> 
> Bryan 
> 
> On Wed, Dec 2, 2015 at 8:18 AM, Peter <j...@zeus.net.au> wrote: 
> 
> > First it's worth considering we have a very suboptimal threadpool.  There 
> > are qa and jtreg tests that limit our ability to do much with ThreadPool. 
> > 
> > There are only two instances of ThreadPool, shared by various jeri 
> > endpoint implementations, and other components. 
> > 
> > The implementation is allowed to create numerous threads, only limited by 
> > available memory and oome.  At least two tests cause it to create over 
> > 11000 threads. 
> > 
> > Also, it previously used a LinkedList queue,  but now uses a 
> > BlockingQueue,  however the queue still uses poll, not take. 
> > 
> > The limitation seems to be the concern by the original developers that 
> > there may be interdependencies between tasks.  Most tasks are method 
> > invocations from incoming and outgoing remote calls. 
> > 
> > It probably warrants further investigation to see if there's a suitable 
> > replacement. 
> > 
> > Regards, 
> > 
> > Peter. 
> > 
> > Sent from my Samsung device. 
> >   Include original message 
> > ---- Original message ---- 
> > From: Bryan Thompson <br...@systap.com> 
> > Sent: 02/12/2015 09:46:13 am 
> > To: <dev@river.apache.org> <dev@river.apache.org> 
> > Subject: Re: Trunk merge and thread pools 
> > 
> > Peter, 
> > 
> 
> > It might be worth taking this observation about the thread pool behavior to 
> > the java concurrency list.  See what feedback you get.  I would certainly 
> > be interested in what people there have to say about this. 
> > 
> > Bryan 
> > ​ 
> > 
> > 
> 
> 
> 





Reply via email to