Merge branch 'master' into refacrot-lazy-loading-part2

Author: dukhlov

bom/pom.xml

@@ -63,7 +63,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-framework-bom</artifactId>
-        <version>6.2.9</version>
+        <version>6.2.10</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>

core/pom.xml

@@ -117,11 +117,6 @@ THE SOFTWARE.
         </exclusion>
       </exclusions>
     </dependency>
-    <dependency>
-      <groupId>com.infradna.tool</groupId>
-      <artifactId>bridge-method-annotation</artifactId>
-      <version>${bridge-method-injector.version}</version>
-    </dependency>
     <dependency>
       <groupId>com.sun.xml.txw2</groupId>
       <artifactId>txw2</artifactId>
@@ -168,6 +163,11 @@ THE SOFTWARE.
       <groupId>commons-lang</groupId>
       <artifactId>commons-lang</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.jenkins.tools</groupId>
+      <artifactId>bridge-method-annotation</artifactId>
+      <version>${bridge-method-injector.version}</version>
+    </dependency>
     <dependency>
       <!-- needed by Jelly -->
       <groupId>jakarta.servlet.jsp.jstl</groupId>
@@ -568,7 +568,7 @@ THE SOFTWARE.
         </executions>
       </plugin>
       <plugin>
-        <groupId>com.infradna.tool</groupId>
+        <groupId>io.jenkins.tools</groupId>
         <artifactId>bridge-method-injector</artifactId>
         <executions>
           <execution>

core/src/main/java/hudson/ClassicPluginStrategy.java

@@ -33,6 +33,7 @@
 import hudson.model.Hudson;
 import hudson.util.CyclicGraphDetector;
 import hudson.util.CyclicGraphDetector.CycleDetectedException;
+import hudson.util.DelegatingClassLoader;
 import hudson.util.IOUtils;
 import hudson.util.MaskingClassLoader;
 import java.io.File;
@@ -559,7 +560,7 @@ private static void unzipExceptClasses(File archive, File destDir, Project prj)
     /**
      * Used to load classes from dependency plugins.
      */
-    static final class DependencyClassLoader extends ClassLoader {
+    static final class DependencyClassLoader extends DelegatingClassLoader {
         /**
          * This classloader is created for this plugin. Useful during debugging.
          */
@@ -574,10 +575,6 @@ static final class DependencyClassLoader extends ClassLoader {
          */
         private volatile List<PluginWrapper> transitiveDependencies;
 
-        static {
-            registerAsParallelCapable();
-        }
-
         DependencyClassLoader(ClassLoader parent, File archive, List<Dependency> dependencies, PluginManager pluginManager) {
             super("dependency ClassLoader for " + archive.getPath(), parent);
             this._for = archive;

core/src/main/java/hudson/PluginManager.java

@@ -60,6 +60,8 @@
 import hudson.security.PermissionScope;
 import hudson.util.CyclicGraphDetector;
 import hudson.util.CyclicGraphDetector.CycleDetectedException;
+import hudson.util.DelegatingClassLoader;
+import hudson.util.ExistenceCheckingClassLoader;
 import hudson.util.FormValidation;
 import hudson.util.PersistedList;
 import hudson.util.Retrier;
@@ -218,6 +220,14 @@ public abstract class PluginManager extends AbstractModelObject implements OnMas
      */
     /* private final */ static int CHECK_UPDATE_ATTEMPTS;
 
+    /**
+     * Class name prefixes to skip in the class loading
+     */
+    private static final String[] CLASS_PREFIXES_TO_SKIP = {
+            "SimpleTemplateScript",  // cf. groovy.text.SimpleTemplateEngine
+            "groovy.tmp.templates.GStringTemplateScript", // Leaks on classLoader in some cases, see JENKINS-75879
+    };
+
     static {
         try {
             // Secure initialization
@@ -2392,25 +2402,35 @@ public <T> T of(String key, Class<T> type, Supplier<T> func) {
     /**
      * {@link ClassLoader} that can see all plugins.
      */
-    public static final class UberClassLoader extends ClassLoader {
+    public static final class UberClassLoader extends DelegatingClassLoader {
         private final List<PluginWrapper> activePlugins;
 
         /** Cache of loaded, or known to be unloadable, classes. */
         private final ConcurrentMap<String, Optional<Class<?>>> loaded = new ConcurrentHashMap<>();
 
-        static {
-            registerAsParallelCapable();
-        }
-
+        /**
+         * The servlet container's {@link ClassLoader} (the parent of Jenkins core) is
+         * parallel-capable and maintains its own growing {@link Map} of {@link
+         * ClassLoader#getClassLoadingLock} objects per class name for every load attempt (including
+         * misses), and we cannot override this behavior. Wrap the servlet container {@link
+         * ClassLoader} in {@link ExistenceCheckingClassLoader} to avoid calling {@link
+         * ClassLoader#getParent}'s {@link ClassLoader#loadClass(String, boolean)} at all for misses
+         * by first checking if the resource exists. If the resource does not exist, we immediately
+         * throw {@link ClassNotFoundException}. As a result, the servlet container's {@link
+         * ClassLoader} is never asked to try and fail, and it never creates/retains lock objects
+         * for those misses.
+         */
         public UberClassLoader(List<PluginWrapper> activePlugins) {
-            super("UberClassLoader", PluginManager.class.getClassLoader());
+            super("UberClassLoader", new ExistenceCheckingClassLoader(PluginManager.class.getClassLoader()));
             this.activePlugins = activePlugins;
         }
 
         @Override
         protected Class<?> findClass(String name) throws ClassNotFoundException {
-            if (name.startsWith("SimpleTemplateScript")) { // cf. groovy.text.SimpleTemplateEngine
-                throw new ClassNotFoundException("ignoring " + name);
+            for (String namePrefixToSkip : CLASS_PREFIXES_TO_SKIP) {
+                if (name.startsWith(namePrefixToSkip)) {
+                    throw new ClassNotFoundException("ignoring " + name);
+                }
             }
             return loaded.computeIfAbsent(name, this::computeValue).orElseThrow(() -> new ClassNotFoundException(name));
         }

core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java

@@ -66,6 +66,11 @@ public boolean isActivated() {
         return true;
     }
 
+    @Override
+    public boolean isActivationFake() {
+        return true;
+    }
+
     @Restricted(DoNotUse.class) // WebOnly
     @RestrictedSince("2.235")
     public HttpResponse doTest(StaplerRequest2 request, @QueryParameter boolean testWithContext) {

core/src/main/java/hudson/model/AdministrativeMonitor.java

@@ -160,6 +160,11 @@ public boolean isEnabled() {
      */
     public abstract boolean isActivated();
 
+    @Restricted(NoExternalUse.class)
+    public boolean isActivationFake() {
+        return false;
+    }
+
     /**
      * Returns true if this monitor is security related.
      *
@@ -186,8 +191,7 @@ public void doDisable(StaplerRequest2 req, StaplerResponse2 rsp) throws IOExcept
      * By default {@link Jenkins#ADMINISTER}, but {@link Jenkins#SYSTEM_READ} or {@link Jenkins#MANAGE} are also supported.
      * <p>
      *     Changing this permission check to return {@link Jenkins#SYSTEM_READ} will make the active
-     *     administrative monitor appear on {@code manage.jelly} and on the globally visible
-     *     {@link jenkins.management.AdministrativeMonitorsDecorator} to users without Administer permission.
+     *     administrative monitor appear on {@link ManageJenkinsAction} to users without Administer permission.
      *     {@link #doDisable(StaplerRequest2, StaplerResponse2)} will still always require Administer permission.
      * </p>
      * <p>

core/src/main/java/hudson/model/Computer.java

@@ -625,6 +625,19 @@ public final boolean isOnline() {
         return !isOffline();
     }
 
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Uses {@link #getChannel()} to check the connection.
+     * A connected agent may still be offline for scheduling if marked temporarily offline.
+     * @return {@code true} if the agent is connected, {@code false} otherwise.
+     * @see #isOffline()
+     */
+    @Override
+    public boolean isConnected() {
+        return getChannel() != null;
+    }
+
     /**
      * This method is called to determine whether manual launching of the agent is allowed at this point in time.
      * @return {@code true} if manual launching of the agent is allowed at this point in time.

core/src/main/java/hudson/model/ManageJenkinsAction.java

@@ -26,11 +26,11 @@
 
 import hudson.Extension;
 import hudson.Util;
+import hudson.util.HudsonIsLoading;
+import hudson.util.HudsonIsRestarting;
 import java.io.IOException;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Optional;
-import jenkins.management.AdministrativeMonitorsDecorator;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 import jenkins.management.Badge;
 import jenkins.model.Jenkins;
 import jenkins.model.ModelObjectWithContextMenu;
@@ -50,6 +50,9 @@
  */
 @Extension(ordinal = 998) @Symbol("manageJenkins")
 public class ManageJenkinsAction implements RootAction, StaplerFallback, ModelObjectWithContextMenu {
+
+    private static final Logger LOGGER = Logger.getLogger(ManageJenkinsAction.class.getName());
+
     @Override
     public String getIconFileName() {
         if (Jenkins.get().hasAnyPermission(Jenkins.MANAGE, Jenkins.SYSTEM_READ))
@@ -98,28 +101,36 @@ public void addContextMenuItem(ContextMenu menu, String url, String icon, String
         menu.add("manage/" + url, icon, iconXml, text, post, requiresConfirmation, badge, message);
     }
 
+    /** Unlike {@link Jenkins#getActiveAdministrativeMonitors} this checks for activation lazily. */
     @Override
     public Badge getBadge() {
-        Jenkins jenkins = Jenkins.get();
-        AdministrativeMonitorsDecorator decorator = jenkins.getExtensionList(PageDecorator.class)
-                .get(AdministrativeMonitorsDecorator.class);
-
-        if (decorator == null) {
+        if (!(AdministrativeMonitor.hasPermissionToDisplay())) {
             return null;
         }
 
-        Collection<AdministrativeMonitor> activeAdministrativeMonitors = Optional.ofNullable(decorator.getMonitorsToDisplay()).orElse(Collections.emptyList());
-        boolean anySecurity = activeAdministrativeMonitors.stream().anyMatch(AdministrativeMonitor::isSecurity);
-
-        if (activeAdministrativeMonitors.isEmpty()) {
+        var app = Jenkins.get().getServletContext().getAttribute("app");
+        if (app instanceof HudsonIsLoading || app instanceof HudsonIsRestarting) {
             return null;
         }
 
-        int size = activeAdministrativeMonitors.size();
-        String tooltip = size > 1 ? Messages.ManageJenkinsAction_notifications(size) : Messages.ManageJenkinsAction_notification(size);
+        if (Jenkins.get().administrativeMonitors.stream().anyMatch(m -> m.isSecurity() && isActive(m))) {
+            return new Badge("1+", Messages.ManageJenkinsAction_notifications(),
+                    Badge.Severity.DANGER);
+        } else if (Jenkins.get().administrativeMonitors.stream().anyMatch(m -> !m.isSecurity() && isActive(m))) {
+            return new Badge("1+", Messages.ManageJenkinsAction_notifications(),
+                    Badge.Severity.WARNING);
+        } else {
+            return null;
+        }
+    }
 
-        return new Badge(String.valueOf(size),
-                tooltip,
-                anySecurity ? Badge.Severity.DANGER : Badge.Severity.WARNING);
+    private static boolean isActive(AdministrativeMonitor m) {
+        try {
+            return !m.isActivationFake() && m.hasRequiredPermission() && m.isEnabled() && m.isActivated();
+        } catch (Throwable x) {
+            LOGGER.log(Level.WARNING, null, x);
+            return false;
+        }
     }
+
 }

core/src/main/java/hudson/util/DelegatingClassLoader.java

@@ -0,0 +1,83 @@
+package hudson.util;
+
+import java.util.Objects;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+/**
+ * A {@link ClassLoader} that does not define any classes itself but delegates class loading to
+ * other class loaders to avoid the JDK's per-class-name locking and lock retention.
+ *
+ * <p>This class first attempts to load classes via its {@link ClassLoader#getParent} class loader,
+ * then falls back to {@link ClassLoader#findClass} to allow for custom delegation logic.
+ *
+ * <p>In a parallel-capable {@link ClassLoader}, the JDK maintains a per-name lock object
+ * indefinitely. In Jenkins, many class loading misses across many loaders can accumulate hundreds
+ * of thousands of such locks, retaining significant memory. This loader never defines classes and
+ * bypasses {@link ClassLoader}'s default {@code loadClass} locking; it delegates to the parent
+ * first and then to {@code findClass} for custom delegation.
+ *
+ * <p>The actual defining loader (parent or a delegate) still performs the necessary synchronization
+ * and class definition. A runtime guard ({@link #verify}) throws if this loader ever becomes the
+ * defining loader.
+ *
+ * <p>Subclasses must not call {@code defineClass}; implement delegation in {@code findClass} if
+ * needed and do not mark subclasses as parallel-capable.
+ *
+ * @author Dmytro Ukhlov
+ */
+@Restricted(NoExternalUse.class)
+public abstract class DelegatingClassLoader extends ClassLoader {
+    protected DelegatingClassLoader(String name, ClassLoader parent) {
+        super(name, Objects.requireNonNull(parent));
+    }
+
+    public DelegatingClassLoader(ClassLoader parent) {
+        super(Objects.requireNonNull(parent));
+    }
+
+    /**
+     * Parent-first delegation without synchronizing on {@link #getClassLoadingLock(String)}. This
+     * prevents creation/retention of per-name lock objects in a loader that does not define
+     * classes. The defining loader downstream still serializes class definition as required.
+     *
+     * @param name The binary name of the class
+     * @param resolve If {@code true} then resolve the class
+     * @return The resulting {@link Class} object
+     * @throws ClassNotFoundException If the class could not be found
+     */
+    @Override
+    protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
+        Class<?> c = null;
+        try {
+            c = getParent().loadClass(name);
+        } catch (ClassNotFoundException e) {
+            // ClassNotFoundException thrown if class not found
+            // from the non-null parent class loader
+        }
+
+        if (c == null) {
+            // If still not found, then invoke findClass in order
+            // to find the class.
+            c = findClass(name);
+        }
+
+        verify(c);
+        if (resolve) {
+            resolveClass(c);
+        }
+        return c;
+    }
+
+    /**
+     * Safety check to ensure this delegating loader never becomes the defining loader.
+     *
+     * <p>Fails fast if a subclass erroneously defines a class here, which would violate the
+     * delegation-only contract and could reintroduce locking/retention issues.
+     */
+    private void verify(Class<?> clazz) {
+        if (clazz.getClassLoader() == this) {
+            throw new IllegalStateException("DelegatingClassLoader must not be the defining loader: " + clazz.getName());
+        }
+    }
+}