Concerns and issues relating to all versions of WebSphere Application Server
Solving Application ClassLoader Leaks
Applications tend to want to:
- Start new threads using Runnable implementations from the application class loader. Even though the JEE programming model does not support this, customers frequently either directly create new threads or indirectly create them by using Timers. Customers must ensure that these threads are stopped when the corresponding application (or WAR module) is stopped:
- javax.servlet.ServletContextListener.contextDestroyed can be used to be notified when a WAR is being stopped in order to clean up. Note that WARs can be stopped independently from an application when class reloading is enabled.
- javax.ejb.Singleton, javax.ejb.Startup, and javax.annotation.PreDestroy annotations can be used to be notified when an EJB module is being stopped in order to clean it up. Note, singleton EJBs are only available in EJB 3.1 (WAS v8).
- Startup beans can be used to be notified when an EJB module is being stopped in order to clean up. All EJB modules are stopped when an entire application is being stopped.
- Use ThreadLocal (storing a ThreadLocal in a static). ThreadLocal values are effectively stored as WeakHashMap in each Thread. Since the values typically include application objects, the application object references its Class, which references its ClassLoader, which references the Class contain the ThreadLocal, the weak reference is never broken, and a leak occurs.
Customers are encouraged either to avoid the use of ThreadLocal, to clear references to the ThreadLocal when the module is stopped (see above), or to ensure that remove() is called after every request.
- Register JMX MBeans or NotificationListener with the JMX server. Customers must ensure that these are unregistered when the corresponding application (or WAR module) is stopped.
Arbitrary components
This includes JDBC providers, third-party software, and applications themselvestend to want to:
- Start new threads, including the "timer threads" created by the java.util.Timer constructor. When a Thread is created, two pieces of information are copied from the primordial thread:
- The context class loader (getContextClassLoader()). When an application is executing, the containers set the context class loader to the module class loader, so the newly created thread will keep the context class loader alive for the duration of its existence. This can be avoided by calling setContextClassLoader to a non-application class loader prior to starting the timer and then resetting it afterwards.
- The AccessControlContext of the calling thread (as documented by AccessController). If the thread is being started due to an API call from an application, then the application's ProtectionDomain will be in theAccessControlContext, and the ProtectionDomain of an application class will include a reference to its ClassLoader. This can be avoided by creating the thread using doPrivileged. Note that care must be taken to ensure that the use of doPrivileged does not allow unprivileged applications to create threads.
For example:
// doPrivileged fixes the AccessControlContext leak, and it is also required
// for calls to Thread.get/setContextClassLoader.
Timer timer = AccessController.doPrivileged(new PrivilegedAction() {
public void run() {
Thread thread = Thread.currentThread();
ClassLoader savedCL = thread.getContextClassLoader();
thread.setContextClassLoader(null);
try {
// The Timer constructor will create a Thread, which will copy the
// context class loader from the current thread, which is now null.
return new Timer(true);
} finally {
thread.setContextClassLoader(savedCL);
}
}
});
- Associate data with the current context class loader. This is typically done via a MapValue>. This Map must either:
- Have explicit lifecycle APIs. In this case, the lifecycle API must be called. If the code was introduced by a customer, then the customer is responsible for adding a JMX listener. If the code was introduced by a WAS prereq, then the owner must use a WAS application listener API. If the code belongs to the JDK, then the runtime team will accept responsibility for calling it (e.g., ResourceBundle.clearCache andIntrospector.flushCaches).
- Be a WeakHashMap to allow the ClassLoader key to be garbage collected. Note that the value must not hold a non-weak reference to classes or objects created from that ClassLoader, or the entry will never be removed. Either WeakHashMap<ClassLoader, WeakReference<Class>> or WeakHashMap<ClassLoader, Tuple>, where Tuple contains WeakReference<Class> and WeakReference<Object> to an object instantiated from the class. In both cases, the Class is held weakly, which will still allow the ClassLoader to be collected. In the latter case, the reference to the instantiated object will be cleared if a GC occurs, but the assumption is made that it can be cheaply reinstantiated.
These tips are courtesy of WAS guru Brett Kail
Labels: classloader
Post a Comment
Note: Only a member of this blog may post a comment.