Fixes MRESOLVER-7, third try #30
Conversation
Dependencies are now processed asynchronously by an Executor Cherry-pick commit from PR#2 Nov 1, 2016
This restores legacy behaviour, but means that dependency management is broken, as noted in MRESOLVER-9.
hwellmann
force-pushed
the
MRESOLVER-7v3
branch
from
3a537f9
to
884928f
Compare
Indicates the number of threads used for parallel resolution of artifact descriptors. Default is 5. Set to 1 to revert to serial resolution. maven.artifact.descriptor.threads can be used as alias.
|
During verification, I found that one change is being rolled out - a245b56 I do not think it was intentional. |
...which got lost in rebasing this branch
|
I've reintroduced the change made in a245b56 that got lost during rebase - thanks for spotting this! What exactly did you mean regarding the "commit with WorkerThreadFactory"? |
| @@ -666,46 +679,4 @@ private static boolean isLackingDescriptor( Artifact artifact ) | |||
| } | |||
| return repositories; | |||
| } | |||
|
|
|||
| private static List<? extends Version> filterVersions( Dependency dependency, VersionRangeResult rangeResult, | |||
There was a problem hiding this comment.
Why has this method been removed in this commit?
There was a problem hiding this comment.
It has been moved to DependencyCollectionUtils.
| @@ -89,6 +90,10 @@ | |||
|
|
|||
| static final String CONFIG_PROP_MAX_CYCLES = "aether.dependencyCollector.maxCycles"; | |||
|
|
|||
| private static final String CONFIG_PROP_NUM_ARTIFACT_DESCRIPTOR_THREADS = "aether.artifact.descriptor.threads"; | |||
| private static final String CONFIG_PROP_NUM_ARTIFACT_DESCRIPTOR_THREADS_ALT = "maven.artifact.descriptor.threads"; | |||
There was a problem hiding this comment.
I don't see a need for an alternative. As soon as the package names will change we will likely rename properties too.
| @@ -35,18 +42,39 @@ | |||
|
|
|||
| final Boolean premanagedOptional; | |||
|
|
|||
| /** | |||
| * @since 1.1.0 | |||
| final Collection<Exclusion> premanagedExclusions; | ||
|
|
||
| /** | ||
| * @since 1.1.0 |
|
All ITs pass for me. As soon as the requested changes are performed I will merge into master. |
|
I have now pushed a branch with minimal changes. Everyone's invited to have look. If I hear no objections, I'll merge in a couple of days. |
|
@michael-o this is not going to be merged? |
|
??? This has been merged two months ago. |
|
Sorry then, saw it as closed instead of merged then i asked. Thanks for the reply. |
The parallel download of POMs [1] introduced in version 1.4.0 seems to
cause probelms with our "jgnash-core dependencies are detected correctly"
test in "MavenTest". To reproduce, do
$ rm -fr ~/.m2/repository/org/apache/poi/poi-ooxml-schemas/3.14/
$ ./gradlew :analyzer:funTest --tests com.here.ort.analyzer.managers.MavenTest
[1] apache/maven-resolver#30
Signed-off-by: Sebastian Schuberth <sebastian.schuberth@bosch.io>
The parallel download of POMs [1] introduced in version 1.4.0 seems to
cause probelms with our "jgnash-core dependencies are detected correctly"
test in "MavenTest". To reproduce, do
$ rm -fr ~/.m2/repository/org/apache/poi/poi-ooxml-schemas/3.14/
$ ./gradlew :analyzer:funTest --tests com.here.ort.analyzer.managers.MavenTest
which makes the test fail as none of the dependencies of "poi-ooxml-schemas"
are found. Interestingly, at the time ORT creates the dependency nodes,
the POM for "poi-ooxml-schemas" is not downloaded yet, but it *does* get
downloaded afterwards.
As a quick solution to the problem, simply revert to the most recent
version of maven-resolver that does not include the parallel download of
POMs. Later, we should probably inspect whether this is a user error on
our side, or a bug in maven-resolver.
[1] apache/maven-resolver#30
Signed-off-by: Sebastian Schuberth <sebastian.schuberth@bosch.io>
The parallel download of POMs [1] introduced in version 1.4.0 seems to
cause problems with our "jgnash-core dependencies are detected correctly"
test in "MavenTest". To reproduce, do
$ rm -fr ~/.m2/repository/org/apache/poi/poi-ooxml-schemas/3.14/
$ ./gradlew :analyzer:funTest --tests com.here.ort.analyzer.managers.MavenTest
which makes the test fail as none of the dependencies of "poi-ooxml-schemas"
are found. Interestingly, at the time ORT creates the dependency nodes,
the POM for "poi-ooxml-schemas" is not downloaded yet, but it *does* get
downloaded afterwards.
As a quick solution to the problem, simply revert to the most recent
version of maven-resolver that does not include the parallel download of
POMs. Later, we should probably inspect whether this is a user error on
our side, or a bug in maven-resolver.
[1] apache/maven-resolver#30
Signed-off-by: Sebastian Schuberth <sebastian.schuberth@bosch.io>
|
Does this new feature imply some API usage changes? Because in our OSS Review Toolkit (which analyzes project dependencies) we actually see some POMs only being downloaded after we expect them to be present. Downgrading to version 1.3.3 resolves the issue. For details please see oss-review-toolkit/ort#2113. |
|
@sschuberth This has been reverted because it suffered from race conditions. |
|
Thanks @michael-o, I was just reading about that in MRESOLVER-92 which is mentioned in the 1.4.1 release announcement. However, interestingly the issue we're seeing occurs with both versions 1.4.0 and 1.4.1. So maybe it's something that's not caused by the parallel download of POMs after all. |
|
@sschuberth If you see some other error, please report. |
|
@michael-o, in our case, the root cause turned out to be a side effect of https://www.alphabot.com/security/blog/2020/java/Your-Java-builds-might-break-starting-January-13th.html. |
|
Any update? Will you guys re-enable this improvement to download pom files in parallel? |
No, unless someone is willing to work on the race conditions. |
|
All I can find about the race conditions is @Tibor17 's comments in MRESOLVER-7 . And it seems that details were discussed in the ASF slack but it is internal. So it might be hard for someone to work on it without knowing the details. @hwellmann @slachiewicz May I ask that, are you still working on the fix, or some other ASF guys will take it over? |
|
@Eskibear, no, no one is working on it. We prefer stability over performance. |
|
@michael-o thanks for the information. BTW, could you share some details (or point out the link) about the failed cases, race conditions mentioned above. My point is, if someone from community is willing to fix that, your previous discussion would help a lot. |
|
Basically, we have frequent race conditions in the Maven ITs. @Tibor17 Do you remember the discussion the mailing list? I guess it was on Slack only :-( @Eskibear. I think you can reproduce it yourself. Fetch the first broken Resolver release and run Maven ITs multiple times. I think you should see failures not related to Maven itself. |
|
@michael-o |
|
Any news or follow-ups? |
|
@Eskibear, since we have other serious issues with concurency this isn't happening soon. |
|
@michael-o @Eskibear |
|
@michael-o No, I won't. Looking at https://issues.apache.org/jira/browse/MRESOLVER-114 will make things worse because we do not have decent concurrency support. Even if we solve this one, the synchronization will trick us anyway. |
|
@michael-o I just glanced at MRESOLVER-114, and I don't think it's related with MRESOLVER-7.
@Tibor17 Agree with you that we should do some first analysis. Below is what I find in master branch, where downloading dependencies is mono-threaded. As far as I learn, basic idea of this PR was to make below logic parallel. |
|
Please move discussion to the ticket because this PR has been closed. |
|
@Eskibear |
|
Maven does not use the HTTP Transporter. We use Resolver via Wagon only. |
Rebased PR #10 on master and added a small change which reverts dependency management to its former somewhat broken state, see MRESOLVER-9.
This fixes failing tests in the
mavenandmaven-integration-testingprojects.