Fix an intermittent deadlock when DocService is loaded for a Thrift service

[jrhee17]

Motivation:

We use thrift/grpc internal APIs when constructing DocService.
Following #4491, these internal APIs are called concurrently with service logic.
Due to a thrift bug, a deadlock can occur when FieldMetaData.getStructMetaDataMap is called for a thrift class while the class is initialized.
https://issues.apache.org/jira/browse/THRIFT-5430
This PR attempts to circumvent this issue by pre-loading the class for affected versions (<= armeria-thrift 0.14)

I've also double checked that other *MetaData implementations don't have a similar implementation.

Modifications:

• Add a ThriftMetadataAccess utility class
• When ThriftMetadataAccess is instantiated, check if (<= armeria-thrift 0.14) is in the classpath
• If the vulnerable artifact is loaded, then pre-instantiate thrift classes before FieldMetaData.getStructMetaDataMap is called from DocService

Result:

• A deadlock is no longer observed when loading DocService for thrift services where <= armeria-thrift 0.14

[ikhoon]

Looks good. Left only minor nits.

[ikhoon]

com.linecorp.armeria.versions.properties can be removed while creating a uber jar or shading. A debug level may be useful for that users.

Suggested change

	logger.trace("Unexpected exception while determining the 'armeria-thrift' version: ", e);
	logger.debug("Unexpected exception while determining the 'armeria-thrift' version: ", e);

Should we also leave a debug message if versionPropertiesUrls is empty?

[ikhoon]

Thrid-person verb is commonly used for boolean methods.
https://softwareengineering.stackexchange.com/questions/404650/what-form-of-verb-to-use-imperative-verb-or-third-person-verb-in-programming

Suggested change

	static boolean needPreInitialize(Properties props) {
	static boolean needsPreInitialization(Properties props) {

[ikhoon]

It would be better to keep a non-public scope if possible. How about moving ThriftMetadataAccess to com.linecorp.armeria.internal.server.thrift and making it package-private? We may move ThriftMetadataAccess to the internal package when clients need to use it.

Suggested change

	public final class ThriftMetadataAccess {
	final class ThriftMetadataAccess {

[ikhoon]

e1 and e2 may access this method simultaneously.

Suggested change

	public Class<?> loadClass(String name) throws ClassNotFoundException {
	public synchronized Class<?> loadClass(String name) throws ClassNotFoundException {

[trustin]

• Can't we just do Version.getAll(...).keySet() to get the list of the artifact IDs?
• Can't we just always pre-initialize the classes?
• What do you think about adding an empty resource file like src/main/resources/com/linecorp/armeria/internal/common/thrift/requires_struct_preinit to all thrift modules older than 0.15? We could enable the workaround only if that resource file exists.

[trustin]

Given the cost of failure to look for a resource file might be a little bit higher, we could always add a properties file:

If pre-init is required:

structPreinitRequired=true

If pre-init is not required:

<empty file>

[jrhee17]

Can't we just do Version.getAll(...).keySet() to get the list of the artifact IDs?

Didn't know this class existed 😅 It's probably better to use this.

Can't we just always pre-initialize the classes?

I think I prefer making an explicit branch statement for these type of changes:

1. If we decide to deprecate thrift <= 0.14 modules, we can remove the related logic safely
2. The reason for pre-initialization is embedded in the code

I do agree that the logic doesn't really affect performance and am open to just preinitializing always if others feel this is simpler.

What do you think about adding an empty resource file
we could always add a properties file

I don't even think this has to be a resource, but it can also be a class file that has a different static value for each thrift module. <- On second thought, this doesn't work if multiple armeria-thrift artifacts are added.
I didn't want to further complicate the thrift file copying logic, but I think this is also an option.

I think I prefer just using Versions.all() like you mentioned, but let me know if you feel differently.

[trustin]

this doesn't work if multiple armeria-thrift artifacts are added.

Doesn't a user have a bigger problem if their classpath has multiple armeria-thrift artifacts? We could leave a warning and fall back to safe mode (always preinit)?

[jrhee17]

I don't even think this has to be a resource, but it can also be a class file that has a different static value for each thrift module. <- On second thought, this doesn't work if multiple armeria-thrift artifacts are added.

We could leave a warning and fall back to safe mode (always preinit)?

I understood what you meant to be leave a warning if multiple classes exist, am I understanding correctly?
I didn't think it was possible to detect if there are multiple classes with the same package/name/module.

This won't be a problem if we define a separate resource instead of class, but I don't see much benefit in using a dedicated resource over just Versions.all().

(always preinit)?

or did you mean to just always preinit? 😅

[trustin]

I didn't think it was possible to detect if there are multiple classes with the same package/name/module.

You can actually:

Enumeration<URL> urls = getClass().getClassLoader().getResources("com/foo/bar.txt"); // or .class
while (urls.hasMoreElements()) {
    URL url = urls.nextElement();
    InputStream inputStream = url.openStream();
    // do something with the input stream
}

Otherwise, how could Versions.all() fetch the com.linecorp.armeria.versions.properties files from all artifacts?

[trustin]

By the way, I meant putting some .properties file rather than looking for .class files. I think having a separate resource is still better than extracting version number from artifact ID because it doesn't require any string matching, which could be broken at some point.

[jrhee17]

I think having a separate resource is still better than extracting version number from artifact ID because it doesn't require any string matching, which could be broken at some point.

I see 😄 Understood.

[ikhoon]

• Use an absolute path from the root resources?
• Give a more meaningful name?

Suggested change

	private static final String filename = "../../common/thrift/thrift-options.properties";
	private static final String THRIFT_OPTION_FILE = "../../common/thrift/thrift-options.properties";

[jrhee17]

Use an absolute path from the root resources?

The path was changed to a relative path from this comment. #4688 (comment)

I think it makes sense that if anyone chooses to shade armeria, the option will still work as long as the directory structure doesn't change.

Give a more meaningful name?

Done 👍

[ikhoon]

Thanks! 💯 👍 @jrhee17

[ikhoon]

The CI builds failed.

[minwoox]

Looks good, thanks a lot!
I also learned a lot from the discussion.

[trustin]

Thanks for your patience, @jrhee17! 🙇