Remove some synchronization in Reference to avoid deadlock

[pshipton]

Issue #13823

[pshipton]

jenkins test sanity plinux jdk8

[pshipton]

The successful PR build https://openj9-jenkins.osuosl.org/job/PullRequest-OpenJ9/6578/

[babsingh]

The deadlock happens because the two locks are acquired in different order in the two code paths.

20:55:13  "Finalizer thread" Id=29 BLOCKED on java.lang.ref.ReferenceQueue@49d657dd owned by "Thread-11" Id=33
20:55:13  	at java.lang.ref.ReferenceQueue.enqueue(ReferenceQueue.java:179) // Acquire ReferenceQueue's monitor
20:55:13  	at java.lang.ref.Reference.enqueueImpl(Reference.java:147) // Acquire Reference's monitor
20:55:13  


20:55:13  "Thread-11" Id=33 BLOCKED on java.util.logging.LogManager$LoggerWeakRef@596d6465 owned by "Finalizer thread" Id=29
20:55:13  	at java.lang.ref.Reference.dequeue(Reference.java:195) // Acquire Reference's monitor
20:55:13  	at java.lang.ref.ReferenceQueue.poll(ReferenceQueue.java:85) // Acquire ReferenceQueue's monitor
20:55:13  	at java.util.logging.LogManager.drainLoggerRefQueueBounded(LogManager.java:1130)
20:55:13  	at java.util.logging.LogManager.addLogger(LogManager.java:1160)
20:55:13  	at java.util.logging.LogManager.demandLogger(LogManager.java:556)
20:55:13  	at java.util.logging.Logger.demandLogger(Logger.java:455)
20:55:13  	at java.util.logging.Logger.getLogger(Logger.java:502)
20:55:13  	at TestLogConfigurationDeadLock$AddLogger.run(TestLogConfigurationDeadLock.java:175)

Removing the synchronized block in dequeue might change Reference.state while enqueue is being executed. This can lead to incorrect behavior.

[babsingh]

The correct fix is to avoid the different order in which the two locks are acquired. Example: In ReferenceQueue, we can avoid invoking Reference.dequeue() from within the synchronized(this) block.

public Reference<? extends T> poll () {
        Reference ref;

        /* Optimization to return immediately and not synchronize if there is nothing in the queue */
        if(empty) {
                return null;
        }
        synchronized(this) {
                if(empty) {
                        return null;
                }
                ref = references[head];
                references[head++] = null;
                if(head == references.length) {
                        head = 0;
                }
                if(head == tail) {
                        empty = true;
                }
        }
        ref.dequeue(); // Moved outside the synchronized block
        return ref;
}

public Reference<? extends T> remove(long timeout) throws IllegalArgumentException, InterruptedException {
        if (timeout < 0) throw new IllegalArgumentException();

        Reference ref;
        synchronized(this) {
                if(empty) {
                        wait(timeout);
                        if(empty) return null;
                }
                ref = references[head];
                references[head++] = null;
                if(head == references.length) {
                        head = 0;
                }
        }
        ref.dequeue(); // Moved outside the synchronized block
        synchronized(this) { // Not sure if it matters to notifyAll() after invoking dequeue()
                if(head == tail) {
                        empty = true;
                } else {
                        notifyAll();
                }
        }
        return ref;
}

@dmitripivkine Does it matter if we move the dequeue operation at the end? Also, is there a requirement to notifyAll after dequeue or can we notifyAll first and then invoke dequeue?

[keithc-ca]

correct fix is to avoid the different order in which the two locks are acquired

Because this is a public class, we don't have complete control over the synchronization order.

Removing synchronization in isEnqueued() is safe because there are no values of state that might be observed that weren't possible before.

All of the uses of dequeue() are in ReferenceQueue - none of them require synchronization within dequeue().

[babsingh]

All of the uses of dequeue() are in ReferenceQueue - none of them require synchronization within dequeue().

Once the synchronized block in Reference.dequeue is removed, there will be data contention in updating Reference.state when ReferenceQueue.poll or ReferenceQueue.remove is invoked concurrently with Reference.enqueue.

[pshipton]

I don't think the change to remove() is correct in #20694 (comment)

I've pushed a new commit (I can squash before merge) to ensure lock ordering and consistency between enqueue and dequeue.

[babsingh]

I don't think the change to remove() is correct in #20694 (comment)

head and empty fields need to be updated in a single synchronized block. Spreading the operations across two synchronized blocks will lead to inconsistency in updating those fields. My initial proposal, before updating my previous comment, was the following:

public Reference<? extends T> remove(long timeout) throws IllegalArgumentException, InterruptedException {
        if (timeout < 0) throw new IllegalArgumentException();

        Reference ref;
        boolean notifyAll = true;
        synchronized(this) {
                if(empty) {
                        wait(timeout);
                        if(empty) return null;
                }
                ref = references[head];
                references[head++] = null;
                if(head == references.length) {
                        head = 0;
                }
                if(head == tail) {
                        empty = true;
                        notifyAll = false;
                }
        }
        ref.dequeue(); // Moved outside the synchronized block
        if (notifyAll) {
                synchronized(this) {
                        notifyAll();
                }
        }
        return ref;
}

[pshipton]

jenkins test sanity plinux jdk8

[pshipton]

I suspect this, and the other a few lines below, should be removed, but it's what was done previously.

[keithc-ca]

I don't think we want this call to setEnqueued(), nor the one on line 213.

[keithc-ca]

I don't think we want this call to setEnqueued(), nor the one on line 213.

[keithc-ca]

Please correct the spelling of "its".

[pshipton]

Previous PR build https://openj9-jenkins.osuosl.org/job/PullRequest-OpenJ9/6597/ passed.

[pshipton]

jenkins compile plinux jdk8

[pshipton]

jenkins compile plinux jdk11

[pshipton]

Testing
8: https://trssrtp1.fyre.ibm.com/resultSummary?parentId=674a31739ce27a3b442690e4
11: https://trssrtp1.fyre.ibm.com/resultSummary?parentId=674a4ab39ce27a3b442717cb

[pshipton]

Just some known problems in the test results, the non-network failures passed in reruns.

[pshipton]

jenkins compile plinux jdk8,jdk21

[pshipton]

Updated.

[pshipton]

jenkins compile amac jdk21

[pshipton]

Created ibmruntimes/openj9-openjdk-jdk#900 and a backport for jdk23. I accidentally pushed the same change to jdk21. We shouldn't remove the constructor until z/OS and valhalla are also updated.

[keithc-ca]

Perhaps this test could be reordered to (sometimes) avoid a volatile read of state?

			if ((null == tempQueue) || (STATE_ENQUEUED == state)) {

[pshipton]

Updated.

[pshipton]

and again

[keithc-ca]

Lines 200 and 204 should be consistent: the null (or the constant) go on the left or the right, but not a mix of both, please.

[pshipton]

Updated.

[keithc-ca]

STATE_ENQUEUED is also a constant: it should go on the left just like null.

[keithc-ca]

STATE_ENQUEUED is also a constant: it should go on the left just like null.

[keithc-ca]

This constructor can also be removed now that ibmruntimes/openj9-openjdk-jdk#899 and back-ports have been merged.

[pshipton]

Not yet, see #20694 (comment)

[keithc-ca]

Right, I didn't consider z/OS or Valhalla.