Be the first to like this
OSGi Community Event 2014
OSGi technology has been chosen as the software execution environment for technical reasons on Enterprise servers and Smart Home gateways. However, one challenge needs to be tackled in the technology to build a robust framework: the well-known problem of stale references. This problem leads to memory leaks in some typical situations and is hard to detect, to track and to tackle by developers. The talk introduces the problem and describes Incinerator, a solution that we built and tested with open source Java virtual machine and OSGi framework.
Stale references are a common issue in platforms that support hot-swapping. Hot-swapping enables updating or uninstalling applications without restarting the platform. In normal situations, when an application is uninstalled, all other applications remove their references to it, in order to allow the platform to remove the uninstalled application from memory. However, if a buggy application keeps holding a reference to the uninstalled application, then that reference is called a stale reference. The stale reference forces the platform to keep the uninstalled application in memory, thus causing a significant memory leak. If the buggy application tries to use the uninstalled application via its stale reference, then the results are undefined, and the states of running applications can become inconsistent, because the uninstalled application does not expect to be invoked after it has executed its termination routines during its uninstallation event.
To solve this problem, we created Incinerator, a Java virtual machine extension that detects stale references and removes them. After hot-swapping an application, Incinerator investigates all references in the platform, looking for stale references. When a stale reference is found, Incinerator removes it, and disallows the buggy application from using that reference in the future, and allows cleanup to occur normally with minimal disruption. By finding stale references, Incinerator helps developers debug this problem which is hard to perceive. By removing stale references, Incinerator not only lowers the risk of state inconsistency, but also avoids the memory leak caused by stale references, thus allowing the platform to continue normal execution without running out of memory.
This work first targeted a business case within Orange: an OSGi platform shared by multiple untrusted applications on the home gateway. The Incinerator prototype was tested using Knopflerfish, one of the main open-source OSGi implementations for embedded home gateways. Thanks to Incinerator, we discovered and fixed a stale reference bug in open source bundles. Incinerator has a low overhead of at most 3.3% on average on the applications of the DaCapo benchmark suite. This shows that Incinerator is reasonable for use in production environments. The full experiment is described at http://hal.inria.fr/hal-00952327. An industrial perspective of this