You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by "Thomas de Grenier de Latour (JIRA)" <ji...@apache.org> on 2017/11/13 16:03:00 UTC

[jira] [Created] (JCLOUDS-1354) JCE related memory leak with BouncyCastleCrypto

Thomas de Grenier de Latour created JCLOUDS-1354:
----------------------------------------------------

             Summary: JCE related memory leak with BouncyCastleCrypto
                 Key: JCLOUDS-1354
                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1354
             Project: jclouds
          Issue Type: Bug
          Components: jclouds-drivers
    Affects Versions: 2.0.0
            Reporter: Thomas de Grenier de Latour


Each time a JCloud context involving {{BouncyCastleCrypto}} is created, a new instance of {{BouncyCastleProvider}} will be registered in JCE.  It happens that these JCE Providers will never be garbage-collected, because {{JceSecurity}} keeps them all referenced in an {{IdentityMap}}. See [JDK-8168469|https://bugs.openjdk.java.net/browse/JDK-8168469].

This memory leak can be completely insignificant in many applications where only very few JClouds contexts are ever created, but it can also become a real issue in applications which create many short-lived JClouds contexts (a single {{BouncyCastleProvider}} object retains ~700KB on the heap, so hundreds of them is hundreds of megabytes).

An example of such a problematic application is Jenkins, with its "jclouds-plugin".  See [JENKINS-47967|https://issues.jenkins-ci.org/browse/JENKINS-47967] for a detailed description of the issue in this context.  

As a workaround in this Jenkins plugin, I've proposed to stop relying on {{BouncyCastleCrypto}} (and thus on {{BouncyCastleCryptoModule}}), and to use instead an (otherwise similar) implementation of {{Crypto}} which always re-uses a single {{BouncyCastleProvider}} object. See [JenkinsBouncyCastleCrypto.java|https://github.com/jenkinsci/jclouds-plugin/blob/master/jclouds-plugin/src/main/java/jenkins/plugins/jclouds/modules/JenkinsBouncyCastleCrypto.java]

I think the same could be done directly in JClouds (by applying similar change in {{BouncyCastleCrypto.java}}). If you think it's the right approach, then I can submit a PR.

Note: bug detected in Jenkins with JClouds 2.0.0, which is not the latest release, but it looks like none of the JClouds code involved in this issue has been changed since then.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)