/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2015 ForgeRock AS.
*/
/**
* A lock manager coordinates directory update operations so that the DIT structure remains in a
* consistent state, as well as providing repeatable read isolation. When accessing entries
* components need to ensure that they have the appropriate lock:
* <ul>
* <li>repeatable reads: repeatable read isolation is rarely needed in practice, since all backend
* reads are guaranteed to be performed with read-committed isolation, which is normally sufficient.
* Specifically, read-only operations such as compare and search do not require any additional
* locking. If repeatable read isolation is required then lock the entry using
* {@link #tryReadLockEntry(DN)}
* <li>modifying an entry: acquire an entry write-lock for the target entry using
* {@link #tryWriteLockEntry(DN)}. Updates are typically performed using a read-modify-write cycle,
* so the write lock should be acquired before performing the initial read in order to ensure
* consistency
* <li>adding an entry: client code must acquire an entry write-lock for the target entry using
* {@link #tryWriteLockEntry(DN)}. The parent entry will automatically be protected from deletion by
* an implicit subtree read lock on the parent
* <li>deleting an entry: client code must acquire a subtree write lock for the target entry using
* {@link #tryWriteLockSubtree(DN)}
* <li>renaming an entry: client code must acquire a subtree write lock for the old entry, and a
* subtree write lock for the new entry using {@link #tryWriteLockSubtree(DN)}. Care should be taken
* to avoid deadlocks, e.g. by locking the DN which sorts first.
* </ul>
* In addition, backend implementations may choose to use their own lock manager for enforcing
* atomicity and isolation. This is typically the case for backends which cannot take advantage of
* atomicity guarantees provided by an underlying DB (the task backend is one such example).
* <p>
* <b>Implementation Notes</b>
* <p>
* The lock table is conceptually a cache of locks keyed on DN, i.e. a {@code Map<DN, DNLock>}.
* Locks must be kept in the cache while they are locked, but may be removed once they are no longer
* locked by any threads. Locks are represented using a pair of read-write locks: the first lock is
* the "subtree" lock and the second is the "entry" lock.
* <p>
* In order to lock an entry for read or write a <b>subtree</b> read lock is first acquired on each
* of the parent entries from the root DN down to the immediate parent of the entry to be locked.
* Then the appropriate read or write <b>entry</b> lock is acquired for the target entry. Subtree
* write locking is performed by acquiring a <b>subtree</b> read lock on each of the parent entries
* from the root DN down to the immediate parent of the subtree to be locked. Then a <b>subtree</b>
* write lock is acquired for the target subtree.
* <p>
* The lock table itself is not represented using a {@code ConcurrentHashMap} because the JDK6/7
* APIs do not provide the ability to atomically add-and-lock or unlock-and-remove locks (this
* capability is provided in JDK8). Instead, we provide our own implementation comprising of a fixed
* number of buckets, a bucket being a {@code LinkedList} of {@code DNLock}s. In addition, it is
* important to be able to efficiently iterate up and down a chain of hierarchically related locks,
* so each lock maintains a reference to its parent lock. Modern directories tend to have a flat
* structure so it is also important to avoid contention on "hot" parent DNs. Typically, a lock
* attempt against a DN will involve a cache miss for the target DN and a cache hit for the parent,
* but the parent will be the same parent for all lock requests, resulting in a lot of contention on
* the same lock bucket. To avoid this the lock manager maintains a small-thread local cache of
* locks, so that parent locks can be acquired using a lock-free algorithm.
* <p>
* Since the thread local cache may reference locks which are not actively locked by anyone, a
* reference counting mechanism is used in order to prevent cached locks from being removed from the
* underlying lock table. The reference counting mechanism is also used for references between a
* lock and its parent lock. To summarize, locking a DN involves the following steps:
* <ul>
* <li>get the lock from the thread local cache. If the lock was not in the thread local cache then
* try fetching it from the lock table:
* <ul>
* <li><i>found</i> - store it in the thread local cache and bump the reference count
* <li><i>not found</i> - create a new lock. First fetch the parent lock using the same process,
* i.e. looking in the thread local cache, etc. Then create a new lock referencing the parent lock
* (bumps the reference count for the parent lock), and store it in the lock table and the thread
* local cache with a reference count of 1.
* </ul>
* <li>return the lock to the application and increment its reference count since the application
* now also has a reference to the lock.
* </ul>
* Locks are dereferenced when they are unlocked, when they are evicted from a thread local cache,
* and when a child lock's reference count reaches zero. A lock is completely removed from the lock
* table once its reference count reaches zero.
*/
public final class LockManager
{
/**
* A lock on an entry or subtree. A lock can only be unlocked once.
*/
public final class DNLock
{
private boolean isLocked = true;
{
this.subtreeLock = subtreeLock;
}
{
}
/**
* Unlocks this lock and releases any blocked threads.
*
* @throws IllegalStateException
* If this lock has already been unlocked.
*/
public void unlock()
{
if (!isLocked)
{
throw new IllegalStateException("Already unlocked");
}
isLocked = false;
}
// For unit testing.
int refCount()
{
}
}
/**
* Lock implementation
*/
private final class DNLockHolder
{
private final int dnHashCode;
{
this.dnHashCode = dnHashCode;
}
{
}
/**
* Unlocks the subtree read lock from the parent of this lock up to the root.
*/
void releaseParentSubtreeReadLock()
{
{
}
}
{
}
{
}
{
}
/**
* Locks the subtree read lock from the root down to the parent of this lock.
*/
private boolean tryAcquireParentSubtreeReadLock()
{
// First lock the parents of the parent.
{
return true;
}
{
return false;
}
// Then lock the parent of this lock
{
return true;
}
// Failed to grab the parent lock within the timeout, so roll-back the other locks.
return false;
}
{
{
{
if (tryLockWithTimeout(entryLock))
{
}
}
}
// Failed to acquire all the necessary locks within the time out.
dereference(this);
return null;
}
{
try
{
}
catch (final InterruptedException e)
{
// Unable to handle interrupts here.
return false;
}
}
}
private final int numberOfBuckets;
private final long lockTimeout;
// Avoid sub-classing in order to workaround class leaks in app servers.
/**
* Creates a new lock manager with a lock timeout of 9 seconds and an automatically chosen number
* of lock table buckets based on the number of processors.
*/
public LockManager()
{
}
/**
* Creates a new lock manager with the specified lock timeout and an automatically chosen number
* of lock table buckets based on the number of processors.
*
* @param lockTimeout
* The lock timeout.
* @param lockTimeoutUnit
* The lock timeout units.
*/
{
}
/**
* Creates a new lock manager with the provided configuration.
*
* @param lockTimeout
* The lock timeout.
* @param lockTimeoutUnit
* The lock timeout units.
* @param numberOfBuckets
* The number of buckets to use in the lock table. The minimum number of buckets is 64.
*/
@SuppressWarnings("unchecked")
public LockManager(final long lockTimeout, final TimeUnit lockTimeoutUnit, final int numberOfBuckets)
{
this.lockTimeout = lockTimeout;
this.lockTimeoutUnits = lockTimeoutUnit;
for (int i = 0; i < this.numberOfBuckets; i++)
{
this.lockTable[i] = new LinkedList<>();
}
}
{
for (int i = 0; i < numberOfBuckets; i++)
{
synchronized (bucket)
{
{
}
}
}
}
/**
* Acquires the read lock for the specified entry. This method will block if the entry is already
* write locked or if the entry, or any of its parents, have the subtree write lock taken.
*
* @param entry
* The entry whose read lock is required.
* @return The lock, or {@code null} if the lock attempt timed out.
*/
{
}
/**
* Acquires the write lock for the specified entry. This method will block if the entry is already
* read or write locked or if the entry, or any of its parents, have the subtree write lock taken.
*
* @param entry
* The entry whose write lock is required.
* @return The lock, or {@code null} if the lock attempt timed out.
*/
{
}
/**
* Acquires the write lock for the specified subtree. This method will block if any entry or
* subtree within the subtree is already read or write locked or if any of the parent entries of
* the subtree have the subtree write lock taken.
*
* @param subtree
* The subtree whose write lock is required.
* @return The lock, or {@code null} if the lock attempt timed out.
*/
{
}
// For unit testing.
{
synchronized (bucket)
{
{
{
}
}
return -1;
}
}
//For unit testing.
{
{
return -1;
}
{
{
}
}
return -1;
}
{
{
cache = new LinkedList<>();
}
}
{
{
{
// Cache too big: evict oldest entry.
}
}
return lock;
}
private DNLockHolder acquireLockFromLockTable(final DN dn, final int dnHashCode, final LinkedList<DNLockHolder> cache)
{
/*
* The lock doesn't exist yet so we'll have to create a new one referencing its parent lock. The
* parent lock may not yet exist in the lock table either so acquire it before locking the
* bucket in order to avoid deadlocks resulting from reentrant bucket locks. Note that we
* pre-emptively fetch the parent lock because experiments show that the requested child lock is
* almost never in the lock-table. Specifically, this method is only called if we are already on
* the slow path due to a cache miss in the thread-local cache.
*/
boolean parentLockWasUsed = false;
try
{
synchronized (bucket)
{
{
parentLockWasUsed = true;
}
return lock;
}
}
finally
{
{
}
}
}
{
{
boolean lockWasRemoved = false;
synchronized (bucket)
{
// Double check: another thread could have acquired the lock since we decremented it to zero.
{
lockWasRemoved = true;
}
}
/*
* Dereference the parent outside of the bucket lock to avoid potential deadlocks due to
* reentrant bucket locks.
*/
{
}
}
}
{
}
/*
* Ensure that the number of buckets is a power of 2 in order to make it easier to map hash codes
* to bucket indexes.
*/
{
int powerOf2 = 1;
while (powerOf2 < roundedNumberOfBuckets)
{
powerOf2 <<= 1;
}
return powerOf2;
}
private DNLockHolder removeLock(final LinkedList<DNLockHolder> lockList, final DN dn, final int dnHashCode)
{
{
{
// Found: remove the lock because it will be moved to the front of the list.
return lock;
}
}
return null;
}
}