8380391: Update java.smartcardio finalizer to use Cleaner

[bchristi-git]

This is a pull request to convert the finalizer in sun.security.smartcardio.CardImpl to use Cleaner instead. The relevant state is refactored into a Context object, in the standard fashion.

This change uses the recommended try/finally/reachabilityFence() technique to prevent races between the program thread and the Cleaner thread, per the Reference.reachabilityFence() API Note:

there is a race between the program thread running the method, and the cleanup thread running the Cleaner or finalizer. The cleanup thread could free a resource, followed by the program thread (still running the method) attempting to access the now-already-freed resource. Use of reachabilityFence can prevent this race by ensuring that the object remains strongly reachable.

See Reference.reachabilityFence() and java.lang.ref - Memory Visibility for details / background info.

The test creates a Card object, and allows it to be collected. This confirms that the new cleaning action does not hold onto the Owner ("this") object, per the Cleaner class API Note ("it is important that the object implementing the cleaning action does not hold references to the object").

I've tried to make the test similar to nearby JavaCard tests. I tried it on Windows using the latest JavaCard Simulator.

---

• I confirm that I make this contribution in accordance with the OpenJDK Interim AI Policy.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8380391: Update java.smartcardio finalizer to use Cleaner (Bug - P4)

Reviewers

• Mikhail Yankelevich (@myankelev - Committer) 🔄 Re-review required (review applies to 1009913b)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/30683/head:pull/30683
$ git checkout pull/30683

Update a local copy of the PR:
$ git checkout pull/30683
$ git pull https://git.openjdk.org/jdk.git pull/30683/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 30683

View PR using the GUI difftool:
$ git pr show -t 30683

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/30683.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back bchristi! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@bchristi-git The following labels will be automatically applied to this pull request:

• core-libs
• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 08: Full - Incremental (cb73a2f2)
• 07: Full - Incremental (1009913b)
• 06: Full - Incremental (46a53d9b)
• 05: Full - Incremental (fce7e3f9)
• 04: Full - Incremental (95937ea6)
• 03: Full - Incremental (4788c321)
• 02: Full - Incremental (9e1c0669)
• 01: Full - Incremental (ceae9909)
• 00: Full (48ca793f)

[AlanBateman]

This is a pull request to convert the finalizer in sun.security.smartcardio.CardImpl to use Cleaner instead.

Has there been any static analysis done to get some sense as to how common it is to not disconnect a connection to a card or close a card channel? Asking because it would be nice if we could just remove the undocumented use of the finalizer. Related is that the example in the package example should be using try-finally to ensure that disconnect is called (I'm sure there has been discussed about having Card and CardChannel implement AutoClosable but the smartcard API is a bit awkward in that's a standalone technology, not part of Java SE but happens to be bundled with the JDK).

[bchristi-git]

Has there been any static analysis done to get some sense as to how common it is to not disconnect a connection to a card or close a card channel?

I'll look into it, Alan. Thanks.

[bchristi-git]

Has there been any static analysis done to get some sense as to how common it is to not disconnect a connection to a card or close a card channel? Asking because it would be nice if we could just remove the undocumented use of the finalizer.

Static analysis turned up several artifacts/libraries where a Card object returned by CardTerminal.connect() is not disconnect()ed. 😕

Related is that the example in the package example should be using try-finally to ensure that disconnect is called

I updated the example to use try-finally.

[viktorklang-ora]

What's the reason that these checks are done within the try-finally whereas the openLogicalChannel()-checks are done outside of the try-finally?

[bchristi-git]

I think maybe github is rendering diffs in a confusing way?
In all cases, I add a new, outer try/finally block (for the reachabilityFence()) around the existing code.
openLogicalChannel() has the checks within this new try/finally block, as do the other methods.
Try enabling "Hide whitespace" (in the "gear" menu) and hopefully that will look better.

[viktorklang-ora]

Same comment as https://github.com/openjdk/jdk/pull/30683/changes#r3280643716

[viktorklang-ora]

Same comment as https://github.com/openjdk/jdk/pull/30683/changes#r3280643716

[viktorklang-ora]

Same comment as https://github.com/openjdk/jdk/pull/30683/changes#r3280643716

[viktorklang-ora]

Did another review pass over this PR, after comments are answered/possibly addressed, this looks good to go from me