Maven combined detector experiment #1628
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| namespace Microsoft.ComponentDetection.Detectors.Maven; | ||
|
|
||
| /// <summary> | ||
| /// Represents the result of executing a Maven CLI command. | ||
| /// </summary> | ||
| /// <param name="Success">Whether the command completed successfully.</param> | ||
| /// <param name="ErrorOutput">The error output from the command, if any.</param> | ||
| public record MavenCliResult(bool Success, string? ErrorOutput); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,6 +2,7 @@ | |
| namespace Microsoft.ComponentDetection.Detectors.Maven; | ||
|
|
||
| using System; | ||
| using System.Collections.Concurrent; | ||
| using System.IO; | ||
| using System.Threading; | ||
| using System.Threading.Tasks; | ||
|
|
@@ -19,6 +20,19 @@ public class MavenCommandService : IMavenCommandService | |
|
|
||
| internal static readonly string[] AdditionalValidCommands = ["mvn.cmd"]; | ||
|
|
||
| /// <summary> | ||
| /// Per-location semaphores to prevent concurrent Maven CLI executions for the same pom.xml. | ||
| /// This allows multiple detectors (e.g., MvnCliComponentDetector and MavenWithFallbackDetector) | ||
| /// to safely share the same output file without race conditions. | ||
| /// </summary> | ||
| private readonly ConcurrentDictionary<string, SemaphoreSlim> locationLocks = new(); | ||
|
|
||
| /// <summary> | ||
| /// Tracks locations where dependency generation has completed successfully. | ||
| /// Used to skip duplicate executions when multiple detectors process the same pom.xml. | ||
| /// </summary> | ||
| private readonly ConcurrentDictionary<string, MavenCliResult> completedLocations = new(); | ||
|
|
||
zhenghao104 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| private readonly ICommandLineInvocationService commandLineInvocationService; | ||
| private readonly IMavenStyleDependencyGraphParserService parserService; | ||
| private readonly IEnvironmentVariableService envVarService; | ||
|
|
@@ -43,7 +57,57 @@ public async Task<bool> MavenCLIExistsAsync() | |
| return await this.commandLineInvocationService.CanCommandBeLocatedAsync(PrimaryCommand, AdditionalValidCommands, MvnVersionArgument); | ||
| } | ||
|
|
||
| public async Task<MavenCliResult> GenerateDependenciesFileAsync(ProcessRequest processRequest, CancellationToken cancellationToken = default) | ||
| { | ||
| var pomFile = processRequest.ComponentStream; | ||
| var pomDir = Path.GetDirectoryName(pomFile.Location); | ||
| var depsFilePath = Path.Combine(pomDir, this.BcdeMvnDependencyFileName); | ||
|
|
||
| // Check the cache before acquiring the semaphore to allow fast-path returns | ||
| // even when cancellation has been requested. | ||
| if (this.completedLocations.TryGetValue(pomFile.Location, out var cachedResult) | ||
| && cachedResult.Success | ||
| && File.Exists(depsFilePath)) | ||
| { | ||
| this.logger.LogDebug("{DetectorPrefix}: Skipping duplicate \"dependency:tree\" for {PomFileLocation}, already generated", DetectorLogPrefix, pomFile.Location); | ||
| return cachedResult; | ||
| } | ||
|
|
||
| // Use semaphore to prevent concurrent Maven CLI executions for the same pom.xml. | ||
| // This allows MvnCliComponentDetector and MavenWithFallbackDetector to safely share the output file. | ||
| var semaphore = this.locationLocks.GetOrAdd(pomFile.Location, _ => new SemaphoreSlim(1, 1)); | ||
|
|
||
| await semaphore.WaitAsync(cancellationToken); | ||
| try | ||
zhenghao104 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| { | ||
| // Re-check the cache after acquiring the semaphore in case another caller | ||
| // completed while we were waiting. | ||
| if (this.completedLocations.TryGetValue(pomFile.Location, out cachedResult) | ||
| && cachedResult.Success | ||
| && File.Exists(depsFilePath)) | ||
| { | ||
|
Comment on lines
23
to
88
There was a problem hiding this comment. The |
||
| this.logger.LogDebug("{DetectorPrefix}: Skipping duplicate \"dependency:tree\" for {PomFileLocation}, already generated", DetectorLogPrefix, pomFile.Location); | ||
| return cachedResult; | ||
| } | ||
|
|
||
| var result = await this.GenerateDependenciesFileCoreAsync(processRequest, cancellationToken); | ||
|
|
||
| // Only cache successful results. Failed results should allow retries for transient failures, | ||
| // and caching them would waste memory since the cache check requires Success == true anyway. | ||
| if (result.Success) | ||
| { | ||
| this.completedLocations[pomFile.Location] = result; | ||
| } | ||
|
|
||
| return result; | ||
|
Comment on lines
92
to
102
There was a problem hiding this comment.
Only cache successful results and/or add an eviction/clear strategy scoped to a scan run.
Contributor
Author
There was a problem hiding this comment. Updated to only cache successful result |
||
| } | ||
| finally | ||
| { | ||
| semaphore.Release(); | ||
| } | ||
| } | ||
|
|
||
| private async Task<MavenCliResult> GenerateDependenciesFileCoreAsync(ProcessRequest processRequest, CancellationToken cancellationToken) | ||
| { | ||
| var cliFileTimeout = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken); | ||
| var timeoutSeconds = -1; | ||
|
|
@@ -58,7 +122,7 @@ public async Task GenerateDependenciesFileAsync(ProcessRequest processRequest, C | |
| var pomFile = processRequest.ComponentStream; | ||
| this.logger.LogDebug("{DetectorPrefix}: Running \"dependency:tree\" on {PomFileLocation}", DetectorLogPrefix, pomFile.Location); | ||
|
|
||
| string[] cliParameters = ["dependency:tree", "-B", $"-DoutputFile={this.BcdeMvnDependencyFileName}", "-DoutputType=text", $"-f{pomFile.Location}"]; | ||
|
|
||
| var result = await this.commandLineInvocationService.ExecuteCommandAsync(PrimaryCommand, AdditionalValidCommands, cancellationToken: cliFileTimeout.Token, cliParameters); | ||
|
|
||
|
|
@@ -78,10 +142,13 @@ public async Task GenerateDependenciesFileAsync(ProcessRequest processRequest, C | |
| { | ||
| this.logger.LogWarning("{DetectorPrefix}: There was a timeout in {PomFileLocation} file. Increase it using {TimeoutVar} environment variable.", DetectorLogPrefix, pomFile.Location, MvnCLIFileLevelTimeoutSecondsEnvVar); | ||
| } | ||
|
|
||
| return new MavenCliResult(false, errorMessage); | ||
| } | ||
| else | ||
| { | ||
| this.logger.LogDebug("{DetectorPrefix}: Execution of \"dependency:tree\" on {PomFileLocation} completed successfully", DetectorLogPrefix, pomFile.Location); | ||
| return new MavenCliResult(true, null); | ||
| } | ||
| } | ||
|
|
||
|
|
||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The per-location
locationLocksandcompletedLocationsdictionaries grow monotonically and are never pruned, and theSemaphoreSliminstances are never disposed. SinceMavenCommandServiceis registered as a singleton, repeated scans (or very large repos) can cause unbounded memory growth.Consider using a bounded/expiring cache and removing/disposing per-location semaphores once generation is complete (or switching to a keyed lock implementation that doesn't retain entries indefinitely).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a clean up method in
OnDetectionFinishedAsyncto clear cache