Commit c27bf26
authored
fix: stop FDv2DataSource.Conditions from leaking on healthy primary (#163)
## Summary
`FDv2DataSource.Conditions.getFuture()` returned the same shared
`CompletableFuture<Object>` instance to every caller. The run loop does
`CompletableFuture.anyOf(getFuture(), synchronizer.next()).get()` on
every iteration, which attaches a new `OrRelay` `Completion` to the
shared future's `stack` each time. `CompletableFuture` has no deregister
path for the loser of an `anyOf` race, so those `Completion` nodes stay
on the stack until the shared future itself completes.
On a healthy primary streaming ChangeSets without ever firing
fallback/recovery, the shared future never completes — the `stack` grows
monotonically for the synchronizer's entire tenure (effectively the
SDK's uptime on a stable server).
**Per-iteration cost: ~200 B** (OrRelay + anyOf result CF + chain
references).
**At 10 ChangeSets/sec sustained: ~150 MB/day per active synchronizer.**
## The fix
A single permanent `whenComplete` listener on the underlying aggregate
fans out completion to every fresh future handed out by `getFuture()`.
Pending fresh futures are tracked via `WeakReference`, so a fresh future
whose only strong references were the caller's local variables (typical
lifetime: one loop iteration) becomes garbage-collectable once that
iteration ends. Pending entries whose referent has been collected are
pruned opportunistically on each `getFuture()` call and on `close()`.
`Conditions` is now package-private (was `private`) so direct unit tests
can reach it. A test-only `pendingSize()` helper is added.
## Test plan
Adds `FDv2DataSourceConditionsAggregateTest` with five tests:
- **`getFutureReturnsDistinctInstancesPerCall`** — bug-prover. Fails on
the pre-fix shared-instance behavior, passes after the fix.
- **`getFutureReturnsDistinctInstancesEvenWithNoConditions`** —
bug-prover. Covers the empty-conditions case (single-synchronizer
configuration), which is exactly where per-iteration accumulation would
be most damaging.
- **`allFreshFuturesCompleteWhenAggregateFires`** — verifies fan-out via
the single permanent listener actually delivers to multiple fresh
futures handed out before the aggregate fires.
- **`getFutureAfterAggregateFiresReturnsCompletedFuture`** — verifies
the fast path: callers arriving after completion get an
already-completed future synchronously.
- **`pendingListDoesNotGrowUnboundedlyWhenFreshFuturesAreDropped`** —
10k-iteration soak test that simulates the run-loop pattern (race a
fresh future against a fast-resolving sibling, drop the result) and
asserts the pending list stays bounded via GC + opportunistic pruning.
Caveat in the test docstring about `System.gc()` not being guaranteed —
if it ever flakes on CI we can migrate to `-XX:+UseSerialGC` or relax
the ceiling.
Verified bug-proving discipline: the two distinctness tests fail on the
pre-fix shared-instance behavior and pass after the fix. The full
server-sdk test suite (1857 tests across 109 classes) is clean.
## Context
This was identified during a multi-agent review of the analogous
cpp-sdks PR (launchdarkly/cpp-sdks#531), which mirrors this Java
implementation's `Conditions` design. The cpp version has the same
structural leak; this Java fix shape is what was prototyped there.
Filing here first since the runtime impact on a long-running JVM-based
server SDK is more pronounced.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Touches the FDv2 synchronizer condition-aggregation logic used in the
main run loop; mistakes could cause missed fallback/recovery signals or
incorrect exceptional completion behavior, though changes are localized
and covered by new unit tests.
>
> **Overview**
> Prevents a long-lived memory leak in `FDv2DataSource.Conditions` by
changing `getFuture()` to return a *fresh* `CompletableFuture` per call
until the underlying condition aggregate completes, rather than
returning the same shared pending future each iteration.
>
> Adds a single `whenComplete` fan-out from the aggregate to complete
all outstanding per-call futures (and to propagate exceptional
completion), tracks pending futures in a `WeakHashMap`-backed set for GC
cleanup, and makes `Conditions` package-private to allow direct testing.
>
> Introduces `FDv2DataSourceConditionsAggregateTest` to assert per-call
distinctness, correct completion fan-out, and correct behavior on
exceptional and post-completion paths.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
a6c7c36. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->1 parent cac1568 commit c27bf26
2 files changed
Lines changed: 331 additions & 5 deletions
File tree
- lib/sdk/server/src
- main/java/com/launchdarkly/sdk/server
- test/java/com/launchdarkly/sdk/server
Lines changed: 93 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
15 | 15 | | |
16 | 16 | | |
17 | 17 | | |
| 18 | + | |
| 19 | + | |
18 | 20 | | |
19 | 21 | | |
20 | 22 | | |
| |||
591 | 593 | | |
592 | 594 | | |
593 | 595 | | |
| 596 | + | |
| 597 | + | |
| 598 | + | |
| 599 | + | |
| 600 | + | |
| 601 | + | |
| 602 | + | |
| 603 | + | |
| 604 | + | |
| 605 | + | |
| 606 | + | |
| 607 | + | |
| 608 | + | |
| 609 | + | |
| 610 | + | |
| 611 | + | |
| 612 | + | |
| 613 | + | |
| 614 | + | |
| 615 | + | |
| 616 | + | |
| 617 | + | |
| 618 | + | |
| 619 | + | |
| 620 | + | |
| 621 | + | |
594 | 622 | | |
595 | | - | |
| 623 | + | |
596 | 624 | | |
597 | | - | |
| 625 | + | |
| 626 | + | |
| 627 | + | |
| 628 | + | |
| 629 | + | |
| 630 | + | |
| 631 | + | |
| 632 | + | |
| 633 | + | |
| 634 | + | |
| 635 | + | |
| 636 | + | |
| 637 | + | |
598 | 638 | | |
599 | 639 | | |
600 | 640 | | |
601 | | - | |
| 641 | + | |
602 | 642 | | |
603 | 643 | | |
604 | | - | |
| 644 | + | |
| 645 | + | |
| 646 | + | |
| 647 | + | |
| 648 | + | |
| 649 | + | |
| 650 | + | |
| 651 | + | |
| 652 | + | |
| 653 | + | |
| 654 | + | |
| 655 | + | |
| 656 | + | |
| 657 | + | |
| 658 | + | |
| 659 | + | |
| 660 | + | |
| 661 | + | |
| 662 | + | |
| 663 | + | |
| 664 | + | |
| 665 | + | |
| 666 | + | |
| 667 | + | |
| 668 | + | |
| 669 | + | |
605 | 670 | | |
606 | 671 | | |
| 672 | + | |
| 673 | + | |
| 674 | + | |
| 675 | + | |
| 676 | + | |
607 | 677 | | |
608 | | - | |
| 678 | + | |
| 679 | + | |
| 680 | + | |
| 681 | + | |
| 682 | + | |
| 683 | + | |
| 684 | + | |
| 685 | + | |
| 686 | + | |
| 687 | + | |
| 688 | + | |
| 689 | + | |
| 690 | + | |
| 691 | + | |
609 | 692 | | |
610 | 693 | | |
611 | 694 | | |
| |||
615 | 698 | | |
616 | 699 | | |
617 | 700 | | |
| 701 | + | |
| 702 | + | |
| 703 | + | |
| 704 | + | |
| 705 | + | |
618 | 706 | | |
619 | 707 | | |
620 | 708 | | |
Lines changed: 238 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | |
| 155 | + | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
| 161 | + | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
| 174 | + | |
| 175 | + | |
| 176 | + | |
| 177 | + | |
| 178 | + | |
| 179 | + | |
| 180 | + | |
| 181 | + | |
| 182 | + | |
| 183 | + | |
| 184 | + | |
| 185 | + | |
| 186 | + | |
| 187 | + | |
| 188 | + | |
| 189 | + | |
| 190 | + | |
| 191 | + | |
| 192 | + | |
| 193 | + | |
| 194 | + | |
| 195 | + | |
| 196 | + | |
| 197 | + | |
| 198 | + | |
| 199 | + | |
| 200 | + | |
| 201 | + | |
| 202 | + | |
| 203 | + | |
| 204 | + | |
| 205 | + | |
| 206 | + | |
| 207 | + | |
| 208 | + | |
| 209 | + | |
| 210 | + | |
| 211 | + | |
| 212 | + | |
| 213 | + | |
| 214 | + | |
| 215 | + | |
| 216 | + | |
| 217 | + | |
| 218 | + | |
| 219 | + | |
| 220 | + | |
| 221 | + | |
| 222 | + | |
| 223 | + | |
| 224 | + | |
| 225 | + | |
| 226 | + | |
| 227 | + | |
| 228 | + | |
| 229 | + | |
| 230 | + | |
| 231 | + | |
| 232 | + | |
| 233 | + | |
| 234 | + | |
| 235 | + | |
| 236 | + | |
| 237 | + | |
| 238 | + | |
0 commit comments