First drafts of this document ak19, 30 May 2017 ========================================= SAFEPROCESS.JAVA README ========================================= GS Java developers should use SafeProcess.java in place of directly using Java's Process class, unless any issues are discovered with SafeProcess.java hereafter. A tailored version of SafeProcess is found both in GLI and GS3's Java src code: - gli/src/org/greenstone/gatherer/util/SafeProcess.java - greenstone3/src/java/org/greenstone/util/SafeProcess.java This document contains the following sections A. WHY WE SHOULD GO THROUGH SAFEPROCESS INSTEAD OF USING JAVA'S PROCESS DIRECTLY B. MODEL OF SAFEPROCESS THREADS AND INTERRUPT BEHAVIOUR C. USAGE: DEBUGGING D. USAGE: INSTANTIATION & DEFAULT RUNPROCESS VARIANTS E. INTERNAL IMPLEMENTATION DETAILS - USEFUL IF CUSTOMISING SAFEPROCESS' BEHAVIOUR OR CALLING CANCEL ON SAFEPROCESS F. USAGE: CUSTOMISING G. USAGE: CANCELLING H. USAGE: IMPLEMENTING HOOKS AROUND CANCELLING OR PROCESS' END I. USEFUL STATIC METHODS AND STATIC INNER CLASSES J. OTHER USEFUL INSTANCE METHODS K. LINKS AND NOTES ON PROCESSES, PROCESS STREAMS, INTERRUPTING AND DESTROYING PROCESSES L. USEFUL SYNCHRONISATION NOTES AND SUGGESTED READING ON THREADS AND THREAD SAFETY M. TICKETS, COMMITS, TAGS N. GLI vs GS3 CODE's SAFEPROCESS.JAVA - THE DIFFERENCES O. FUTURE WORK, IMPROVEMENTS P. ALTERNATIVE FUTURE WORK: A case for rewriting SafeProcess to use IO::Select (Selector in Java) instead of multi-threading Q. PUBLIC API OF SAFEPROCESS, ITS SUB CLASSES AND INTERFACES _______________________________________________________________________________ A. WHY WE SHOULD GO THROUGH SAFEPROCESS INSTEAD OF USING JAVA'S PROCESS DIRECTLY _______________________________________________________________________________ It's easy to misuse Java's Process class, and this can result in unexpected behaviour and random errors that are hard to track down. Further, the older GLI and GS3 Java src code used to use Java's Process class in different and inconsistent ways, some worse than others. Going through one class, SafeProcess, provides consistency. So if it's buggy, you can fix it in one place. SafeProcess handles the internal Process' iostreams (input, output and error) properly using separate worker Threads, following http://www.javaworld.com/article/2071275/core-java/when-runtime-exec---won-t.html?page=2. SafeProcess handles this itself so that the code that uses SafeProcess doesn't need to deal with it, unless customising the processing of the Process' iostreams. _________________________________________________________ B. MODEL OF SAFEPROCESS THREADS AND INTERRUPT BEHAVIOUR _________________________________________________________ This section is especially IMPORTANT TO READ IF you're thinking of customising SafeProcess' handling of the internal Process' iostreams, since each of them are always handled in their own distinct worker threads, and you need to remember to deal with ThreadSafety issues. The primary process Thread: The main process internal to a SafeProcess instance is run in whatever thread the SafeProcess instance's runProcess() (or runBasicProcess()) methods are called. The SafeProcess instance internally keeps track of this thread, so that any cancel operation can send the InterruptedException to this primary thread. SafeProcess does NOT inherit from Thread, it is therefore not a Thread. It just runs its internal process in whatever Thread called SafeProcess's runProcess/runBasicProcess methods. A SafeProcess thread may further launch 0 or 3 additional worker threads, depending on whether runBasicProcess() or a runProcess() variant was called. In total, using SafeProcess involves - 1 thread (the primary thread) when runBasicProcess() is called - or 4 threads (the primary thread + 3 worker threads) when any variant of runBasicProcess() is called. If a variant of runProcess() was called, then 3 additional worker threads are spawned by SafeProcess. One for each iostream of the Process: inputstream, outputstream and errorstream. Note that the SafeProcess class will read from the internal Process' outputStream and ErrorStream, and can send/write a string to the Process' inputstream. SafeProcess thread | | ________________|_______________________________ | | | | | | | | | | | | Worker Thread SafeProcess Worker Thread Worker Thread for Process' Thread for Process' for Process' InputStream (primary) OutputStream ErrorStream __________________________________________________ C. USAGE: DEBUGGING __________________________________________________ There's a lot of info that a SafeProcess instance will log during its execution and termination phases, including Exceptions but also very basic things, such as the command that the SafeProcess instance is running and other messages. Exceptions are always logged, but debugging related messages can be turned off or on. By default, it's turned off. You can turn it on by adjusting the static SafeProcess.DEBUG = 1 and recompiling. For GS3, the log output uses log4j. For GLI, it goes to System.err at present. But if you want it to go to GLI's DebugStream, uncomment the relevant lines in the 3 variants of the static log() functions in SafeProcess.java. Then recompile. If you're using SafeProcess yourself and wish to log debug statements that are related to how well you're using SafeProcess, you can call one of the static SafeProcess.log() functions yourself. Remember to set the static SafeProcess.DEBUG = 1. There are 4 variants of the log() function: - public static void log(String msg) logs the message if debugging is on, DEBUG = 1 - public static void log(Exception e) logs the stacktrace for the exception, regardless of if debugging is on - public static void log(String msg, Exception e) logs the message and logs the stacktrace for the exception, regardless of if debugging is on - public static void log(String msg, Exception e, boolean printStackTrace) if debugging is on or if the printStackTrace parameter is true, both the message and the stacktrace for the exception are logged. if debugging is off and the printStackTrace parameter is false, nothing is logged. Call this variant if an exception is expected and you only want to log it in debugging mode. An example of an expected exception are some InterruptedExceptions that may occur over the course of SafeProcess _______________________________________________________ D. USAGE: INSTANTIATION & DEFAULT RUNPROCESS VARIANTS _______________________________________________________ Usage of the SafeProcess class generally follows the following sequence: 1. instantiate a SafeProcess object using one of the constructors - public SafeProcess(String[] cmd_args) - public SafeProcess(String cmdStr) - public SafeProcess(String[] cmd_args, String[] envparams, File launchDir) Either or both of envparams and launchdir can be null. 2. optionally configure your SafeProcess instance. Use an appropriate setter method to set some additional fields: - public void setInputString(String sendStr) Call this if you wish to write any string to the process' inputstream - public void setSplitStdOutputNewLines(boolean split) - public void setSplitStdErrorNewLines(boolean split) Pass in true to either of the above methods if you want to preserve individual lines in the content retrieved from the internal Process' stderr and stdoutput. By default, lines are not split, so you get a String of one single line for the entire output from the Process' stdoutput, and a String of one single line from the Process' stderr output. - public void setExceptionHandler(SafeProcess.ExceptionHandler exception_handler) Use this to register a SafeProcess ExceptionHandler whose gotException() method will get called for each exception encountered during the *primary* thread's execution: the thread that runs the Process. If you wish to handle exceptions that could happen when reading from the Process' outputStream/errorStream, you will need to do that separately. See the section CUSTOMISING. By default, exceptions when reading from Process' output and errorStreams are logged. - public void setMainHandler(SafeProcess.MainProcessHandler handler) To set a handler that will handle the primary (SafeProcess) thread, your handler will need to implement the hooks that will get called during the internal Process' life cycle, such as before and after process.destroy() is called upon a cancel operation. 3. call one of the following runProcess() variants on your SafeProcess instance: a. public int runBasicProcess() This variant will not handle the Process' iostreams at all, so it won't launch any worker threads. It merely runs the internal process in the thread from which it is called (the primary thread) and waits until it's done. Use this variant if you know that the external process you wish SafeProcess to run will NOT be expecting any input nor be producing any output (in stdout or stderror). NOTE: Do not call runBasicProcess() if you merely wish to ignore the process' iostreams. Because, in Java 6 and earlier, this can block indefinitely if any of the Process' iostreams contain anything or expect anything. If you wish to ignore a process' iostreams, or if you're not sure if they may need handling, call the zero-argument runProcess() variant described below. b. public int runProcess() This zero argument variant will handle all the Process' iostreams in the DEFAULT manner. - If you wanted to send something to the Process' inputstream, you ought to have configured this by calling setInputString(sendStr) before calling runProcess(). The DEFAULT behaviour is for sendStr to be written to the internal Process' inputstream as soon as the process runs (happens in its own thread). - once runProcess() finishes, you can inspect what had come out of the Process' output and error streams by calling, see point 4 below. The DEFAULT behaviour of SafeProcess' processing of the stdout and stderr streams is for both streams to be read one line at a time until they have nothing left. Note that both streams are always dealt with in their separate worker threads. Resources are safely allocated at the end of the worker threads dealing with each of the internal Process' iostream, regardless of whether the Process is allowed to terminate naturally or whether SafeProcess is instructed to prematurely terminate it. c. public int runProcess(SafeProcess.LineByLineHandler outLineByLineHandler, SafeProcess.LineByLineHandler errLineByLineHandler) Use this variant if you want to do anything specific when each line comes in from the internal Process' stderr and stdout streams. Passing in null for either parameter will return to the default behaviour for that stream. You'll want to read further details in the section on CUSTOMISING. d. public int runProcess(CustomProcessHandler procInHandler, CustomProcessHandler procOutHandler, CustomProcessHandler procErrHandler) Use this variant if you want to completely override the way the internal Process' iostreams are handled. Passing in null for any of the parameters will return to the default behaviour for that stream. You'll want to read further details in the section on CUSTOMISING. All the runProcess() variants do a Process.waitFor(). This means all runProcess() variants block the primary thread, which is the thread in which they're executing, until the internal Process has completed. If you want to completely override the default behaviour of any of SafeProcess' iostream related worker threads (such as if you want to read a char at a time from the stderr stream and do something, instead of the default behaviour of reading a line at a time from it), then call this method. You need to pass in an *instance* of SafeProcess.CustomProcessHandler for *each* of the 3 iostreams, since they're running in separate threads and so can't share the same instance. You can pass in null for any of these, if you want the default SafeProcess handling to apply for that stream's worker thread. For any iostream's default handling that you want to override, however, you'd extend SafeProcess.CustomProcessHandler. You would need to take care of ThreadSafety yourself if you're extending a SafeProcess.CustomProcessHandler. You can maintain concurrency by using synchronization, for instance. See the section USEFUL SYNCHRONISATION NOTES. For EXAMPLES OF USE, see GS3's GS2PerlConstructor.java and GLI's DownloadJob.java. Further NOTES: All of the variants of the runProcess methods return the internal Process' exit value *after* the internal Process has completed. The exit value will be -1 if the process was prematurely terminated such as by a cancel operation, which would have interrupted the primary and subsidiary threads. Running a process blocks the primary thread until complete. So all the runProcess variants above *block*. (Unless and until an external thread calls the cancelRunningProcess() method on a reference to the SafeProcess instance, discussed in the section on CANCELLING). 4. if necessary, once the process has *terminated*, - you can read whatever came out from the Process' stderr or stdout by calling whichever is required of: public String getStdOutput() public String getStdError() If you want to do anything special when handling any of the Process' iostreams, see the CUSTOMISING section. - You can also inspect the exit value of running the process by calling public int getExitValue() The exit value will be -1 if the process was prematurely terminated such as by a cancel operation, which would have interrupted the primary and subsidiary threads. The exit value will also be -1 if you call getExitValue() before setting off the SafeProcess via any of the runProcess() variants. _____________________________________________________________________________________________________________________ E. INTERNAL IMPLEMENTATION DETAILS - USEFUL IF CUSTOMISING SAFEPROCESS' BEHAVIOUR OR CALLING CANCEL ON SAFEPROCESS _____________________________________________________________________________________________________________________ This section is for understanding how SafeProcess runs a Java Process internally. These methods are not public and their details are hidden away in the code. Calling any of the runProcess() variants does the following internally: 1. calls method doRuntimeExec() based on how you configured your SafeProcess instance, this method instantiates and returns a Process object by calling Runtime.exec(). A possible improvement may be to consider using the ProcessBuilder class for creating a Process object. 2. calls method waitForStreams() Called by all but the runBasicProcess() variant, since the runBasicProcess() variant does not do anything with the Process' iostreams and therefore doesn't use worker threads . This method first starts off all the worker threads, to handle each input or output stream of the Process. Then, it calls waitFor() on the Process object. This is the first of 2 calls that block the primary thread (the Thread the Safeprocess runs its Process object in) until finished. One of two things happen, - either the internal Process is allowed to terminate naturally, reaching the end. - Or the Process is interrupted by a cancel action, which will result in an InterruptedException. When an InterruptedException is caught, each of the worker threads is interrupted. The worker threads check for the interrupt flag during any loop, so that they may exit their loop early. If an InterruptException happened, the exitValue after the Process' waitFor() call remains at -1 and the SafeProcess instance sets its boolean forciblyTerminateProcess flag to true, to indicate that it may have to call Process.destroy() and ensure any subprocesses are terminated. Regardless of whether the Process naturally terminates or is prematurely terminated by an InterruptedException upn a cancel, - all the resources such as streams are closed. - the join() method is called on all worker threads. As per the Java API, callin join() on a Thread "Waits for this thread to die." This means the primary thread now waits for the worker threads to all come to a halt. So the section where join() is called on each worker thread also blocks the primary thread until the joins are complete. Since both the Process.waitFor() phase and the join() phase block the primary thread until finished, an InterruptedException could theoretically have occurred during either phase. However, we don't want an InterruptedException occurring during the join() phase, as an interrupt at this point will break us out of the join (going into an exception handler for the Interruption, prematurely ending the join()) and thus the worker threads would have been prevented from neatly cleaning up after themselves. To prevent InterruptedExceptions from occurring during any of the join() calls on the worker threads, the join() calls are embedded in a section that is marked as not interruptible. Once the join calls are finished, the code in the waitForStreans() method becomes interruptible again and a notify() is sent to anyone that was waiting for the thread to become interruptible. (Technically, the remainder of the code, the rest of the primary thread, does not respond to InterruptedExceptions hereafter, as there are no more waiting/blocking calls after the join()s are over.) Marking the join() phase as an uninterruptible section of code helps when the cancelRunProcess() is called on the SafeProcess instance by a separate thread, such as a GUI thread with a cancel button that triggered the call to cancelRunProcess(). The cancelRunProcess() method only interrupts the primary SafeProcess thread if it is in an interruptible section of code. If the primary thread is uninterruptible when cancelRunProcess() was called, then the method either - returns immediately if called by a GUI thread (EventDispatchThread), - or if cancelRunProcess(boolean forceWaitUntilInterruptible) is called with forceWaitUntilInterruptible, even if the caller is the EventDispatchThread, it will wait until the primary thread is interruptible before it returns from the cancelRunProcess() method. The wait() call blocks until notify()ed that the primary thread has become interruptible again. The cancelRunningProcess() method, which is called by a Thread external to the primary SafeProcess thread, therefore only causes an InterruptedException on the primary SafeProcess thread. It never sends an interruption during or after the primary thread is in an uninterruptible section, since only the waitFor() phase is ever to be interrupted, as waitFor() is the only phase when the external process is actually running, while the subsequent phases are already in closing down naturally and only need to do cleanup thereafter. If cancelRunningProcess() is called when the primary thread is in the uninterruptible phase after waitFor(), the cancelRunningProcess() method returns straight away or can be told to wait until the uninterupptible phase is done. Either way, it won't cause an interrupt any more, as the process is already naturally closing down. 3. If and only if SafeProcess was cancelled, so that its Process is to be prematurely terminated, does SafeProcess call destroyProcess(). (It is not called on natural termination.) destroyProcess() ensures both the external process that is run, denoted by the Process object, and also any subprocesses that are launched by the external process are all terminated. - On Linux (only tested on Ubuntu), it was found that the simple sequence of events from interrupting the worker threads to the join()s called on them (which closed off al resources used by the worker threads) was sufficient to cleanly end the Process and any subprocesses. - On Windows, it needs to call Process.destroy() to terminate the Process and further needs to obtain the childids of any subprocesses this launched and terminate them recursively in a Windows-specific manner by calling the Windows specific kill command on each process id. The method "public static long getProcessID(Process p)" uses the newly included Java Native Access library to obtain the processID of any Process. Then the childpids of any process denoted by pid are obtained with the command: "wmic process where (parentprocessid=) get processid" Having the pids of all processes to be terminated, one of "wmic process delete", "taskkill /f /t /PID " or "tskill pid" commands is invoked, whichever is available, to recursively and forcibly terminate any process and its subprocesses, by their pid. The taskkill command works like kill -9 (kill -KILL) rather than like kill -TERM. The wmic prompt-like tool, which has been present since Windows XP, not only recongises the command to delete a process by pid, but it also has commands to get the childids of a process denoted by pid, and vice-versa (to find the parent pid if you know a childpid). Much more is possible with wmic. The tskill command has also been available for a long time, taskkill is newer and may have appeared with Windows Vista or later. - On Mac, pressing cancel when building a collection in GLI launches the perl processes full-import.pl followed by full-buildcol.pl. The buildcol phase terminates even without a process.destroy() being necessary, which is as on Linux. However, for full-import.pl, process.destroy() firstly is necessary: as always, process.destroy() is able to destroy the Process that was launched (full-import.pl), but not any subprocesses that this launched in turn (such as import.pl). So on Mac, during destroyProcess(), an operating system command is issued to terminate the process and its subprocesses. See the NOTE at the end of the section. On Linux, SafeProcess() does not issue operating system commands to terminate the internal Process upon cancel, since on Linux both a process and its subprocesses seem to come to an end on their own in such a case. Nevertheless, SafeProcess now also includes code to send an OS level command to terminate a process with its subprocesses on Linux too. The way SafeProcess works on premature termination, with interrupts and closing of resources, doesn't yet require an OS level command. However, there's now a variant of destroyProcess() which takes a boolean parameter which, if false, will force an OS level command to be issued on Linux too if an entire process group (process and subprocesses) is to be destroyed. On Mac, the command is "pkill -TERM -P ". This is to kill a process and subprocesses. It was tested successfully on Mac Snow Leopard. However, on Linux, this command only terminates the top level process, while any subprocesses are left running. On Linux, the OS level command to terminate the entire process group is "kill -TERM -", which has been tested successfully on Ubuntu. Note the hyphen in front of the , which treats the pid as a process group id, and terminates the entire process tree. (In contrast, the more common "kill -TERM " only terminates the top level process on Mac and Linux, leaving subprocesses running). For more information, see https://stackoverflow.com/questions/8533377/why-child-process-still-alive-after-parent-process-was-killed-in-linux NOTE: This note documents weird behaviour on Mac, which has not been explained yet, but which the above operating system commands to terminate the process group successfully taken care of anyway. When running the full-import.pl and full-buildcol.pl in sequence from the command line on a Mac, the regular "kill -TERM signal" only terminates the top level process and not subprocesses. To kill the entire process group, the OS specific command for killing a process (mentioned above) must be issued instead. When full-import.pl is run from GLI, both process.destroy() and the regular "kill -TERM signal" are able to successfully terminate the top level process, but not subprocesses. In this, sending the TERM signal results in behaviour similar to the situation with running full-import.pl from the command line. However, when full-buildcol.pl is run from GLI on a Mac the behaviour is inconsistent with the command line and with running full-import.pl from GLI. When full-buildcol.pl is run from GLI, the Process and subprocesses all terminate tidily on their own when cancel is pressed, not requiring either process.destroy() or the OS command to terminate even the top level process ID, nor requiring the command to terminate the process group either. This behaviour is similar to how both full-import.pl and full-buildcol.pl scripts come to a clean close upon cancel on Linux. In such cases, sending a TERM signal to the process (group) id returns an exitvalue of 1. This exitvalue can mean that the kill signal didn't work, but in these cases, it specifically indicates that the process was already terminated before the TERM signal was even sent to kill the process. A specific detail of the process of killing a process group on Linux and Mac is that a TERM signal is sent first. If the return value was 0, a signal was successfully sent. If it is 1 it failed in some way, including the possibility that process was already terminated. If neither of these, then it's assumed the return value indicates the termination signal was unsuccessful, and a KILL signal is sent next. Preliminary investigation of the weird behaviour on Mac has revealed the following: a. Sending a Ctrl-C is different in two ways from sending a kill -TERM signal. - Ctrl-C is "kill -2" or "kill -INT", whereas "kill -TERM" is the same as "kill -15" (and "kill -KILL" is "kill -9", which doesn't allow the killed process to do cleanup first). - Ctrl-C kills the foreground process of the progress group targeted by the Ctrl-C (or the process group indicated by pid). In contrast, kill -TERM or kill -KILL terminate the process with the given pid, which is likely to be a background process if any subprocesses were launched by it. b. Pressing Ctrl-C when full-import.pl is running may give the impression of having terminated the entire process group if you happen to issue the Ctrl-C at a point when full-import.pl hasn't launched any subprocesses. The parent process is killed, and therefore can't launch further subprocesses, so it looks like hte entire process tree was successfully terminated. However, if you issue Ctrl-C when a subprocess is running, that subprocess (the foreground process) is all that's terminated, while background processes are still running and can continue to launch subprocesses. Sending a regular kill -TERM or kill -KILL signal to the parent process of a process group will kill the parent process (but not the process group, unless you explicitly issued the command to terminate an entire process group). Killing the parent process will prevent future subprocesses from being launched by the parent process, but child processes remain runnning. The Java method Process.destroy(), used by GLI until the recent modifications to ensure the entire process group is terminated, behaves more like kill -TERM/kill -KILL than Ctrl-C: the actuall parent Process launched with Runtime.exec() is killed, but not subprocesses. This means that Ctrl-C is not a proper test of GLI's behaviour. Future investigation into the weird behaviour, if this ever needs to be explained, can proceed from the above. At present. issuing operating system commands to kill an entire process tree seem to work sufficiently in all cases tested, despite the weird distinctive behaviour of full-buildcol.pl on a Mac when run from GLI. __________________________________________________ F. USAGE: CUSTOMISING __________________________________________________ This section deals with if you want to provide customise behaviour for any of the worker threads that deal with the internal Process object's iostreams, or if you want to do some extra work at any major milestone in the outer SafeProcess instance's life cycle. CUSTOMISING THE BEHAVIOUR OF THE WORKER THREADS THAT HANDLE THE INTERNAL PROCESS' IOSTREAMS: Always bear in mind that each of the streams is handled in its own separate worker thread! So you'll need to take care of ThreadSafety yourself, if you're implementing a SafeProcess.LineByLineHandler or SafeProcess.CustomProcessHandler. You can maintain concurrency by using synchronization, for instance. See the section USEFUL SYNCHRONISATION NOTES. Customising the worker threads can be done in one of two ways: - you extend SafeProcess.LineByLineHandler (for the Process' stderr/stdout streams you're interested in) and then call the matching runProcess() method - if you want to do something drastically different, you extend SafeProcess.CustomProcessHandler (for any of the internal Process' iostreams you're interested in) and then call the matching runProcess() method a. public int runProcess(SafeProcess.LineByLineHandler outLineByLineHandler, SafeProcess.LineByLineHandler errLineByLineHandler) If you want to deal with EACH LINE coming out of the internal Process' stdout and/or stderr streams yourself, implement SafeProcess.LineByLineHandler. You may want a different implementation if you want to deal with the Process' stdout and stderr streams differently, or the same implementation if you want to deal with them identically. Either way, you need a *separate* SafeProcess.LineByLineHandler instance for each of these two streams, since they're running in separate threads. Pass the distinct instances in to the runProcess method as parameters. You can pass null for either parameter, in which case the default behaviour for that iostream takes place, as described for the zero-argument runProcess() variant. Writing your own SafeProcess.LineByLineHandler: - extend SafeProcess.LineByLineHandler. You can make it a static inner class where you need it. - make the constructor call the super constructor, passing in one of SafeProcess.STDERR|STDOUT|STDIN, to indicate the specific iostream for any instantiated instance. - For debugging, in order to identify what stream (stderr or stdout) you're working with, you can print the thread's name by calling the CustomProcessHandler's method public String getThreadNamePrefix() - Provide an implementation for the LineByLineHandler methods public void gotLine(String line) public void gotException(Exception e); Whenever the worker thread gets a line from that outputstream (stderr or stdout) of the internal process, it will call that stream's associated gotLine(line) implemention. Whenever the worker thread encounters an exception during the processing of that outputstream (stderr or stdout), it will call that stream's associated gotException(exception) implemention. Remember, you can use the same implementation (LineByLineHandler subclass) for both stderr and stdout outputstreams, but you must use different *instances* of the class for each stream! For EXAMPLES OF USE, see GLI's GShell.java. b. public int runProcess(CustomProcessHandler procInHandler, CustomProcessHandler procOutHandler, CustomProcessHandler procErrHandler) If you want to completely override the default behaviour of any of SafeProcess' iostream related worker threads (such as if you want to read a char at a time from the stderr stream and do something, instead of the default behaviour of reading a line at a time from it), then call this method. You need to pass in an *instance* of SafeProcess.CustomProcessHandler for *each* of the 3 iostreams, since they're running in separate threads and so can't share the same instance. You can pass in null for any of these, if you want the default SafeProcess handling to apply for that stream's worker thread. For any iostream's default handling that you want to override, however, you'd implement SafeProcess.CustomProcessHandler. Writing your own SafeProcess.CustomProcessHandler: - extend SafeProcess.CustomProcessHandler. You can make it a static inner class where you need it. - make the constructor call the super constructor, passing in one of SafeProcess.STDERR|STDOUT|STDIN, to indicate the specific iostream for any instantiated instance. - implement the following method of CustomProcessHandler public abstract void run(Closeable stream); Start by first casting the stream to InputStream, if the CustomProcessHandler is to read from the internal Process' stderr or stdout streams, else cast to Outputstream if CustomProcessHandler is to write to the internal Process' stdin stream. - Since you're implementing the "run()" method of the worker Thread for that iostream, you will write the code to handle any exceptions yourself - For debugging, in order to identify what stream you're working with, you can print the thread's name by calling the CustomProcessHandler's method public String getThreadNamePrefix() Remember, you can use the same implementation (CustomProcessHandler subclass) for each of the internal process' iostreams, but you must use different *instances* of the class for each stream! For EXAMPLES OF USE, see GS3's GS2PerlConstructor.java and GLI's DownloadJob.java. ADDING CUSTOM HANDLERS TO HOOK INTO KEY MOMENTS OF THE EXECUTION OF THE PRIMARY THREAD: Remember that the primary thread is the thread in which the internal Process is executed in, which is whatever Thread the runProcess() method is called on your SafeProcess instance. If you just want to handle exceptions that may occur at any stage during the execution of the primary thread - provide an implementation of SafeProcess.ExceptionHandler: public static interface ExceptionHandler { public void gotException(Exception e); } - configure your SafeProcess instance by calling setExceptionHandler(SafeProcess.ExceptionHandler eh) on it *before* calling a runProcess() method on that instance. - For EXAMPLES OF USE, see GLI's GShell.java. If, during the execution of the primary thread, you want to do some complex things during a cancel operation, such as or before and after a process is destroyed, then - implement SafeProcess.MainProcessHandler. See the Interface definition below. For further details, refer to the sections "CANCELLING" and "IMPLEMENTING HOOKS AROUND CANCELLING OR PROCESS' END". - configure your SafeProcess instance by calling setMainHandler(MainProcessHandler mph) on it *before* calling a runProcess() method on that instance. - For EXAMPLES OF USE, see GLI's DownloadJob.java. public static interface MainProcessHandler { /** * Called before the streamgobbler join()s. * If not overriding, the default implementation should be: * public boolean beforeWaitingForStreamsToEnd(boolean forciblyTerminating) { return forciblyTerminating; } * When overriding: * @param forciblyTerminating is true if currently it's been decided that the process needs to be * forcibly terminated. Return false if you don't want it to be. For a basic implementation, * return the parameter. * @return true if the process is still running and therefore still needs to be destroyed, or if * you can't determine whether it's still running or not. Process.destroy() will then be called. * @return false if the process has already naturally terminated by this stage. Process.destroy() * won't be called, and neither will the before- and after- processDestroy methods of this class. */ public boolean beforeWaitingForStreamsToEnd(boolean forciblyTerminating); /** * Called after the streamgobbler join()s have finished. * If not overriding, the default implementation should be: * public boolean afterStreamsEnded(boolean forciblyTerminating) { return forciblyTerminating; } * When overriding: * @param forciblyTerminating is true if currently it's been decided that the process needs to be * forcibly terminated. Return false if you don't want it to be. For a basic implementation, * return the parameter (usual case). * @return true if the process is still running and therefore still needs to be destroyed, or if * can't determine whether it's still running or not. Process.destroy() will then be called. * @return false if the process has already naturally terminated by this stage. Process.destroy() * won't be called, and neither will the before- and after- processDestroy methods of this class. */ public boolean afterStreamsEnded(boolean forciblyTerminating); /** * called after join()s and before process.destroy()/destroyProcess(Process), iff forciblyTerminating */ public void beforeProcessDestroy(); /** * Called after process.destroy()/destroyProcess(Process), iff forciblyTerminating */ public void afterProcessDestroy(); /** * Always called after process ended: whether it got destroyed or not */ public void doneCleanup(boolean wasForciblyTerminated); } __________________________________________________ G. USAGE: CANCELLING __________________________________________________ SafeProcess provides a way to cancel an internal Process that is run by SafeProcess, and which will ensure that the internal process and worker threads all safely terminate and tidily clean up after themselves. As explained, SafeProcess internally accomplishes this by sending an InterruptedException on the primary thread that's running the internal Process. An InterruptedException is sent only when SafeProcess is in an "interruptible" phase, as no interruption is necessary at any other time such as cleanup. Only a thread *external* to the SafeProcess' primary thread, such as a GUI thread, can call cancelRunningProcess() on a reference to the SafeProcess instance. Two variants are available: - boolean cancelRunningProcess() - boolean cancelRunningProcess(boolean forceWaitUntilInterruptible) The boolean value returned is true if an interrupt had to be sent, or false if one didn't need to be sent. An interrupt does not need to be sent if - the process was never yet run by the time cancel was called or - the internal Process has already naturally terminated and the SafeProcess has moved on to some stage of the cleanup phase by the time cancel was called. If you want to inspect the return value, a good variable name is sentInterrupt. For example, boolean sentInterrupt = mySafeProc.cancelRunningProcess(); Programming pattern: A graphical interface may have a Cancel button associated with an actionPerformed() method, which will be run from a GUI/EventDispatchThread when the user presses cancel. Either directly or indirectly, actionPerfomed() during a cancel action needs to lead to one of the cancelRunningProcess() method variants being called on the SafeProcess instance. The variant you choose depends on whether the thread that invokes cancel on the SafeProcess is an EventDispatchThread (a GUI thread), or else, whether you are willing to wait until SafeProcess is interruptible. If you're calling the cancel method from a GUI thread or otherwise don't care to wait, call the zero-argument variant. Otherwise, you can call the single argument version and pass in true for forceWaitUntilInterruptible. Usage: - Usually, there is no need to bother waiting for the uninterruptible phase to finish, so you can call the zero-argument version of cancelRunningProcess(), and continue as before. - If you're calling from a GUI thread and want to disable your cancel button during the uninterruptible phase, however short this may be, in order to give proper feedback to the user, then you can implement the hooks of the SafeProcess.MainHandler interface as explained in the next section. - Call the cancelRunningProcess(forceWaitUntilInterruptible=true) variant if you're not calling from a GUI thread and you want to wait until SafeProcess becomes interruptible again (if you happened to have invoked the cancel method during an uninterruptible phase). Further details: Calling cancelRunningProcess(forceWaitUntilInterruptible=true) forces the method to only return when the SafeProcess has internally become "interruptible". There is a very brief phase at the start of a SafeProcess' cleanup period that blocks until the worker threads have cleanly terminated. This phase should not be interrupted (as would have happened upon an InterruptedException being sent just then), as the uninterruptible phase happens after the internal process has finished and the process is properly terminating. If the cancel method happened to be called during this "blocking" phase and if this phase were to theoretically take long and if cancelRunningProcess() were not to return immediately if the calling thread is a GUI thread, then your graphical interface, or at least the cancel button, would have been unresponsive until the cancelRunningProcess() method finally returned. But this uninterruptible phase is short, and it always terminates, so calling cancelRunningProcess() is sufficient. And it always returns immediately if the caller is a GUI thread. The zero-argument variant of cancelRunningProecss() internally calls cancelRunningProcess(forceWaitUntilInterruptible=false) and causes the method to return immediately: either cancelRunningProcess was called when SafeProcess was interruptible and it sends an InterruptedException to the primary thread and returns, or cancelRunningProcess got called when SafeProcess was in an uninterruptible phase. And if the caller was a GUI thread (or if forceWaitUntilInterruptible was set to false), the cancelRunningProcess() method would also return immediately. For EXAMPLES OF USE, see GLI's GShell.java and DownloadJob.java. _________________________________________________________________ H. USAGE: IMPLEMENTING HOOKS AROUND CANCELLING OR PROCESS' END _________________________________________________________________ - Implement the SafeProcess.MainProcessHandler Interface, see the decription below and the section CUSTOMISING. - Write the hooks you want. - If you don't really intend to override beforeWaitingForStreamsToEnd(boolean forciblyTerminating) or afterStreamsEnded(boolean forciblyTerminating), then return the boolean parameter forciblyTerminating. - For EXAMPLES OF USE, see GLI's DownloadJob.java. The SafeProcess.MainProcessHandler provides hooks into various key stages of the SafeProcess instance's life cycle. Specifically, the clean up and termination stages of its life cycle. Currently, all stages that you can write hooks for come after the internal process has come to an end either naturally or prematurely. If your code needs to do some special processes during any of these stages, override them. The stages are: 1. boolean beforeWaitingForStreamsToEnd(boolean forciblyTerminating) Called after Process.waitFor() (when the internal Process has naturally or prematurely ended) and before the worker threads are join()ed (when the cleanup phase has begun, which always occurs, regardless of whether the Process had ended naturally or was cancelled). The parameter forciblyTerminating is true if the Process had been cancelled during an interruptible phase, or if an unexpected exception had occurred. In both cases, the internal Process object may need to be destroy()ed. But if the Process had only been cancelled during an uninterruptible phase, it means it had already naturally terminated and has started cleaning up. In such cases, the internal Process object does not need to be destroy()ed and forciblyTerminating will be false. If not overriding, return the parameter. If overriding, even if the parameter is true, you may determine the process has come to a natural end after all. In that case, the process need not be destroyed, so you'd return false. For an example, see GLI's DownloadJob.java. If you want to disable your cancel button temporarily while the join() is taking place, this is the method to do it. 2. boolean afterStreamsEnded(boolean forciblyTerminating) Called after the worker threads are join()ed, which is the start of the clean up phase. This method is also always called and the parameter indicates whether it's so far been determined that the process needs to be destroyed or not. If not overriding, return the parameter. If you want to re-enable your cancel button since the join() have by now taken place, this is the method to do so. 3. void beforeProcessDestroy() 4. void afterProcessDestroy() These two methods are only called if destroy() needed to be called on the internal Process object (if the Process did not come to a natural end for any reason, including being cancelled during an interruptible phase or if an unexpected exception occurred). 5. void doneCleanup(boolean wasForciblyTerminated) This method is always called at the very end of the SafeProcess' lifecycle, regardless of whether the internal Process naturally terminated or needed to be destroyed as happens upon premature termination. If the process needed to be destroyed, then the parameter wasForciblyTerminated would be true. ___________________________________________________ I. USEFUL STATIC METHODS AND STATIC INNER CLASSES ___________________________________________________ public static boolean isAvailable(String programName) - Runs the `which` cmd over the program and returns true or false - `which` is included in winbin for Windows, and is part of unix systems static public boolean processRunning(Process process) - returns true if the internal Process is currently running and hasn't come to an end. That is, this method returns true if Process.waitFor() is still blocking - If the SafeProcess is in its cleanup/termination phase, then this method will return false, even though SafeProcess is still doing stuff. - If you want to know when SafeProcess has finished in its entirety, call the instance method processRunning() on the SafeProcess object. public static long getProcessID(Process p) - uses java native access (JNA, version 4.1.0 from 2013). The JNA jar files have been included into gli's lib and GS3's lib. - For more details, see gli/lib/README.txt, section "B. THE jna.jar and jna-platform.jar FILES" public static void destroyProcess(Process p) - will terminate any subprocesses launched by the Process p - uses java native access to get processid - uses OS system calls to terminate the Process and any subprocesses public static boolean closeProcess(Process prcs) - will attempt to close your Process iostreams and destroy() the Process object at the end. public static boolean closeResource(Closeable resourceHandle) - will attempt to cleanly close your resource (file/stream handle), logging on Exception public static boolean closeSocket(Socket resourceHandle) - will attempt to cleanly close your Socket, logging on Exception. - From Java 7 onwards, calling closeResource() would suffice on Sockets too. But in Java 6, Sockets didn't yet implement Closeable, so this method is to ensure backwards compatibility. public static class OutputStreamGobbler extends Thread - A class that can write to a Process' inputstream from its own Thread. public static class InputStreamGobbler extends Thread - Class that can read from a Process' output or error stream in its own Thread. - A separate instance should be created for each stream, so that each stream has its own Thread. Package access: static methods to prematurely terminate any process denoted by processID and any subprocesses it may have launched static void killWinProcessWithID(long processID) static boolean killUnixProcessWithID(long processID) - for Mac/Linux __________________________________________________ J. OTHER USEFUL INSTANCE METHODS __________________________________________________ public synchronized boolean processRunning() - returns true if the SafeProcess instance has started its internal Process or is still cleaning up on its termination public boolean cancelRunningProcess() public boolean cancelRunningProcess(boolean forceWaitUntilInterruptible) - cancel the SafeProcess instance - untimately synchronized, so threadsafe - returns true if the process were still running so that an interrupt needed to be sent to terminate it, returns false if sending an interrupt was unnecessary because the process had already entered the start of its termination phase when cancel was called. Will also return false if the process was never run by the time cancel was called. - usually you want to call the zero-argument version - See the section CANCELLING for further details _________________________________________________________________________________________________ K. LINKS AND NOTES ON PROCESSES, PROCESS STREAMS, INTERRUPTING AND DESTROYING PROCESSES _________________________________________________________________________________________________ Processes and streams - http://www.javaworld.com/article/2071275/core-java/when-runtime-exec---won-t.html?page=2 explains why SafeProcess.java is implemented with worker threads to handle a Process' iostreams. - http://steveliles.github.io/invoking_processes_from_java.html - http://mark.koli.ch/leaky-pipes-remember-to-close-your-streams-when-using-javas-runtimegetruntimeexec Interrupting a Process: - http://stackoverflow.com/questions/2126997/who-is-calling-the-java-thread-interrupt-method-if-im-not - http://stackoverflow.com/questions/13623445/future-cancel-method-is-not-working?noredirect=1&lq=1 - http://stackoverflow.com/questions/3976344/handling-interruptedexception-in-java - http://stackoverflow.com/questions/4906799/why-invoke-thread-currentthread-interrupt-when-catch-any-interruptexception - http://stackoverflow.com/questions/4906799/why-invoke-thread-currentthread-interrupt-when-catch-any-interruptexception - https://praveer09.github.io/technology/2015/12/06/understanding-thread-interruption-in-java/ - http://michaelscharf.blogspot.co.nz/2006/09/dont-swallow-interruptedexception-call.html Destroying a process and subprocesses on various OS: - Need process id, pid, for which Java Native Access libraries (jar files) are required. http://stackoverflow.com/questions/4750470/how-to-get-pid-of-process-ive-just-started-within-java-program - To find the processID of the process launched by SafeProcess, need to use Java Native Access (JNA) jars, available jna.jar and jna-platform.jar. http://stackoverflow.com/questions/4750470/how-to-get-pid-of-process-ive-just-started-within-java-program http://stackoverflow.com/questions/35842/how-can-a-java-program-get-its-own-process-id http://www.golesny.de/p/code/javagetpid https://github.com/java-native-access/jna/blob/master/www/GettingStarted.md We're using JNA v 4.1.0, downloaded from https://mvnrepository.com/artifact/net.java.dev.jna/jna WINDOWS NOTES: - Can't artificially send Ctrl-C: stackoverflow.com/questions/1835885/send-ctrl-c-to-process-open-by-java On Windows, p.destroy() terminates process p that Java launched, but does not terminate any processes that p may have launched. Presumably since they didn't form a proper process tree. https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/e3cb7532-87f6-4ae3-9d80-a3afc8b9d437/how-to-kill-a-process-tree-in-cc-on-windows-platform?forum=vclanguage https://msdn.microsoft.com/en-us/library/windows/desktop/ms684161(v=vs.85).aspx Searching for: "forcibly terminate external process launched by Java on Windows" Not possible: stackoverflow.com/questions/1835885/send-ctrl-c-to-process-open-by-java But can use taskkill or tskill or wmic commands to terminate a process by processID stackoverflow.com/questions/912889/how-to-send-interrupt-key-sequence-to-a-java-process Taskkill command can kill by Image Name, such as all running perl, e.g. taskkill /f /im perl.exe But what if we kill perl instances not launched by GS? /f Specifies to forcefully terminate the process(es). We need this flag switched on to kill childprocesses. /t Terminates the specified process and any child processes which were started by it. /t didn't work to terminate subprocesses. Maybe since the process wasn't launched as a properly constructed processtree. /im is the image name (the name of the program), see Image Name column in Win Task Manager. We don't want to kill all perl running processes. Another option is to use wmic, available since Windows XP, to kill a process based on its command which we sort of know (SafeProcess.command) and which can be seen in TaskManager under the "Command Line" column of the Processes tab. https://superuser.com/questions/52159/kill-a-process-with-a-specific-command-line-from-command-line The following works kill any Command Line that matches -site localsite lucene-jdbm-demo C:>wmic PATH win32_process Where "CommandLine like '%-site%localsite%%lucene-jdbm-demo%'" Call Terminate "WMIC Wildcard Search using 'like' and %" https://codeslammer.wordpress.com/2009/02/21/wmic-wildcard-search-using-like-and/ However, we're not even guaranteed that every perl command GS launches will contain the collection name Nor do we want to kill all perl processes that GS launches with bin\windows\perl\bin\perl, though this works: wmic PATH win32_process Where "CommandLine like '%bin%windows%perl%bin%perl%'" Call Terminate The above could kill GS perl processes we don't intend to terminate, as they're not spawned by the particular Process we're trying to terminate from the root down. Solution: We can use taskkill or the longstanding tskill or wmic to kill a process by ID. Since we can kill an external process that SafeProcess launched OK, and only have trouble killing any child processes it launched, we need to know the pids of the child processes. We can use Windows' wmic to discover the childpids of a process whose id we know. And we can use JNA to get the process ID of the external process that SafeProcess launched. See links further above on how to find the processID of the process launched by SafeProcess on various OS, and where to find the JNA jars needed for this. WMIC can show us a list of parent process id and process id of running processes, and then we can kill those child processes with a specific process id. https://superuser.com/questions/851692/track-which-program-launches-a-certain-process http://stackoverflow.com/questions/7486717/finding-parent-process-id-on-windows WMIC can get us the pids of all childprocesses launched by parent process denoted by parent pid. And vice versa: if you know the parent pid and want to know all the pids of the child processes spawned: wmic process where (parentprocessid=596) get processid if you know a child process id and want to know the parent's id: wmic process where (processid=180) get parentprocessid The above is the current solution. Linux ps equivalent on Windows is "tasklist", see http://stackoverflow.com/questions/4750470/how-to-get-pid-of-process-ive-just-started-within-java-program MAC/UNIX NOTES: - Kill signals, their names and numerical equivalents: http://www.faqs.org/qa/qa-831.html - Killing a processtree (a process group) on Unix: https://stackoverflow.com/questions/8533377/why-child-process-still-alive-after-parent-process-was-killed-in-linux Works on Linux but not Mac: kill -TERM -pid Works on Mac but not Linux: pkill -TERM -P pid did work - https://stackoverflow.com/questions/28332888/return-value-of-kill "kill returns an exit code of 0 (true) if the process still existed it and was killed. kill returns an exit code of 1 (false) if the kill failed, probably because the process was no longer running." - https://superuser.com/questions/343031/sigterm-with-a-keyboard-shortcut Ctrl-C sends a SIGNINT, not SIGTERM or SIGKILL. And on Ctrl-C, "the signal is sent to the foreground *process group*." - https://linux.die.net/man/1/kill (manual) - https://unix.stackexchange.com/questions/117227/why-pidof-and-pgrep-are-behaving-differently - https://unix.stackexchange.com/questions/67635/elegantly-get-list-of-children-processes - https://stackoverflow.com/questions/994033/mac-os-x-quickest-way-to-kill-quit-an-entire-process-tree-from-within-a-cocoa-a - https://unix.stackexchange.com/questions/132224/is-it-possible-to-get-process-group-id-from-proc - https://unix.stackexchange.com/questions/99112/default-exit-code-when-process-is-terminated _______________________________________________________________________________________ L. USEFUL SYNCHRONISATION NOTES AND SUGGESTED READING ON THREADS AND THREAD SAFETY _______________________________________________________________________________________ Things worth reading on Concurrency and Thread safety: - Deitel and Deitel's newer editions of their Java books have updated their chapter on Concurrency. - http://docs.oracle.com/javase/tutorial/uiswing/concurrency/ series of Java articles on concurrency again. - https://docs.oracle.com/javase/tutorial/essential/concurrency/atomicvars.html On "primitive" like variables that provide instrinsic locks. Notes on synchronization: - You can declare methods are synchronized. For example, public synchronized void doStuff() This implicitly synchronizes on the *instance* of the class on which this method is called. - Within any methods, you can synchronize on specific objects to just lock on them. You have a synchronized code block within which you can manipulate the object. Keep synchronized blocks and methods as short as you can. There are some subtle issues related to using synchronized methods, as explained below, that can result in deadlocks. More reading: - http://stackoverflow.com/questions/574240/is-there-an-advantage-to-use-a-synchronized-method-instead-of-a-synchronized-blo "Not only do synchronized methods not lock the whole class, but they don't lock the whole instance either. Unsynchronized methods in the class may still proceed on the instance." "Only the syncronized methods are locked. If there are fields you use within synced methods that are accessed by unsynced methods, you can run into race conditions." "synchronizing on "this" is considered in some circles to be an anti-pattern. The unintended consequence is that outside of the class someone can lock on an object reference that is equal to "this" and prevent other threads from passing the barriers within the class potentially creating a deadlock situation. Creating a "private final Object = new Object();" variable purely for locking purposes is the often used solution. Here's another question relating directly to this issue. - http://stackoverflow.com/questions/442564/avoid-synchronizedthis-in-java?lq=1" "A private lock is a defensive mechanism, which is never a bad idea. Also, as you alluded to, private locks can control granularity. One set of operations on an object might be totally unrelated to another but synchronized(this) will mutually exclude access to all of them." - http://stackoverflow.com/questions/8393883/is-synchronized-keyword-exception-safe "In any scoped thread-safe block, the moment you get out of it, the thread-safety is gone." "In case of an exception the lock will be released." - http://stackoverflow.com/questions/8259479/should-i-synchronize-listener-notifications-or-not "Use a CopyOnWriteArrayList for your listener arrays." "If you use the CopyOnWriteArrayList, then you don't have to synchronize when iterating." "CopyOnWriteArrayList is thread-safe, so there is no need to synchronize." "Use a ConcurrentLinkedQueue ... for this kind of problems: adding, removing and iterating simultaneously on a collection. A precision : this solution prevents a listener from being called from the very moment it is deregistered." "It means that you start iterating, an element is added, it will be called, another is removed, it won't, all this in the same iteration cycle. It's the best of both world: ensuring synchronization, while being fine grained on who gets called and who's not." Examples of using CopyOnWriteArrayList: in GLI's shell/GShell.java and GS3's gsdl3/build/CollectionConstructor.java - http://stackoverflow.com/questions/8260205/when-a-listener-is-removed-is-it-okay-that-the-event-be-called-on-that-listener - http://stackoverflow.com/questions/2282166/java-synchronizing-on-primitives 1. You can't lock on a primitive and 2. Don't lock on a Long unless you're careful how you construct them. Long values created by autoboxing or Long.valueOf() in a certain range are guaranteed to be the same across the JVM which means other threads could be locking on the same exact Long object and giving you cross-talk. This can be a subtle concurrency bug (similar to locking on intern'ed strings). Cross-talk: "In electronics, crosstalk is any phenomenon by which a signal transmitted on one circuit or channel of a transmission system creates an undesired effect in another circuit or channel. Crosstalk is usually caused by undesired capacitive, inductive, or conductive coupling from one circuit, part of a circuit, or channel, to another." __________________________________________________ M. TICKETS, COMMITS, TAGS __________________________________________________ The following was already documented in ticket http://trac.greenstone.org/ticket/895 Other Java classes of GLI and GS3 src code were shifted from using Java's Process class directly to using our new SafeProcess class. GLI src code classes that were changed: /Scratch/ak19/gs3-svn-15Nov2016/gli>fgrep -rl "Process" src + src/org/greenstone/gatherer/util/SafeProcess.java + src/org/greenstone/gatherer/gui/FormatConversionDialog.java + src/org/greenstone/gatherer/gui/DownloadPane.java + src/org/greenstone/gatherer/util/GS3ServerThread.java + 4 src/org/greenstone/gatherer/Gatherer.java [All 4 instances that used Process now go through SafeProcess instead] + 1 src/org/greenstone/gatherer/download/ServerInfoDialog.java + 2 src/org/greenstone/gatherer/greenstone/Classifiers.java + 2 src/org/greenstone/gatherer/greenstone/Plugins.java + 1 src/org/greenstone/gatherer/collection/ScriptOptions.java + !! src/org/greenstone/gatherer/util/ExternalProgram.java && file/FileAssociationManager.java After updating GS3 src code to using SafeProcess, returned to GLI: - VERY HARD: + 1 src/org/greenstone/gatherer/shell/GShell.java - VERY, VERY HARD: + 2 src/org/greenstone/gatherer/download/DownloadJob.java GS3 src code classes that were changed: > fgrep -r "Process" . | grep -v ".svn" | grep -v "~" | less + 2 ./java/org/greenstone/admin/guiext/Command.java X ./java/org/greenstone/gsdl3/util/Processing.java + MANY OCCURRENCES ./java/org/greenstone/gsdl3/service/MapRetrieve.java + Uses Processing 2 times: ./java/org/greenstone/gsdl3/util/GDBMWrapper.java + ./java/org/greenstone/util/BrowserLauncher.java + ./java/org/greenstone/util/RunTarget.java In the GLI and GS3 src files modified to use SafeProcess above, only the modifications to GS3's Command.java, MapRetrieve.java and GDMBWrapper.java are untested. All others have been tested, at least on Linux. Many have also been tested on Windows. Tested GLI's collection building (uses GShell.java's modifications) and DownloadJob.java on all 3 OS. Both have a Cancel button that should cancel any processes and subprocesses launched. Before the modifications, subprocesses would still be running on Windows and during (full-)import on the Mac when cancel was pressed. But now have added code to SafeProcess to issue OS specific system calls to terminate the process and its subprocesses successfully on Windows and Mac too. Also tested GS3 user comments and the online GS3's doc editor's meta editing followed by rebuilding. All worked successfully on Linux, Windows and Mac with the modifications to use SafeProcess. The modifications to GLI started with GS3ServerThread.java and other *easily* changed classes in - http://trac.greenstone.org/changeset/31582 (beginning of GLI modification) - until http://trac.greenstone.org/changeset/31665 (GS3 src code modification). The version of GS3 and GLI Java code before the GS3 src was modified is at - http://trac.greenstone.org/browser/main/tags/GS3-src-SafeProcess Next, GLI's GShell.java and any associated files were modified along with SafeProcess, to support cancelling. Then, around 22 May, GLI's DownloadJob.java and any associated class files were modified along with SafeProcess to ensure subprocesses were safely terminated on Windows when the download action was cancelled OR when building (GShell.java) was cancelled. The Mac modifications to SafeProcess to ensure subprocesses were terminated was finished on 26 May 2017. The tagged version of the GS3 and GLI Java code for when all the changes related to using SafeProcess were made to GS3 and GLI code is at - http://trac.greenstone.org/browser/main/tags/UsingSafeProcess More changesets: http://trac.greenstone.org/changeset/31711 to http://trac.greenstone.org/changeset/31718 These changesets involved: - a README on SafeProcess? - the remaining 2 instances of using Runtime.exec/Java Process in Gatherer have been ported to using SafeProcess?. These instances were of the inner classes Gatherer.ExternalApplication? and Gatherer.BrowserApplication?, both of which needed SafeProcess? to have the cancel functionality before they could be ported to use SafeProcess?. Tested the modified inner classes on Linux. When tested on Mac, I found that with or without these new changes, GLI does not wait to exit if external applications are still running. On Linux (and the way GLI is coded), GLI's GUI may disappear, but the overall GLI process still waits for external processes launched via GLI to have exited before GLI exits. This doesn't happen on Mac with either the original or the modified code. Worth investigating. But at least the modified code has not broken something that used to work. _________________________________________________________ N. GLI vs GS3 CODE's SAFEPROCESS.JAVA - THE DIFFERENCES _________________________________________________________ - package name GLI: package org.greenstone.gatherer.util; GS3: package org.greenstone.util; - imports: GLI: import org.greenstone.gatherer.DebugStream; - GS3 uses Misc.java and GLI uses Utility.java for determining the OS and the appropriate newline character representation for the OS. - GS3 uses its Logger object for logging messages, GLI uses System.err (Debugstream code is presently commented out). $ diff gli/src/org/greenstone/gatherer/util/SafeProcess.java src/java/org/greenstone/util/SafeProcess.java ----------------------------------------------------------------------------------------------------------- 1c1 < package org.greenstone.gatherer.util; --- > package org.greenstone.util; 27c27 < import org.greenstone.gatherer.DebugStream; --- > //import org.greenstone.gatherer.DebugStream; 56c56 < ///static Logger logger = Logger.getLogger(org.greenstone.util.SafeProcess.class.getName()); --- > static Logger logger = Logger.getLogger(org.greenstone.util.SafeProcess.class.getName()); 153a154 > 816c817 < if(Utility.isMac()) { --- > if(Misc.isMac()) { 880c881 < if(Utility.isWindows()) { --- > if(Misc.isWindows()) { 909c910 < if(!Utility.isMac() && canSkipExtraWorkIfLinux) { --- > if(!Misc.isMac() && canSkipExtraWorkIfLinux) { 1284c1285 < outputstr.append(Utility.NEWLINE); // "\n" is system dependent (Win must be "\r\n") --- > outputstr.append(Misc.NEWLINE); // "\n" is system dependent (Win must be "\r\n") 1381c1382 < /*if(Utility.isWindows()) { --- > /*if(Misc.isWindows()) { 1416c1417 < //logger.info(msg); --- > logger.info(msg); 1418c1419 < System.err.println(msg); --- > //System.err.println(msg); 1424c1425 < //logger.error(msg, e); --- > logger.error(msg, e); 1426,1427c1427,1428 < System.err.println(msg); < e.printStackTrace(); --- > //System.err.println(msg); > //e.printStackTrace(); 1434c1435 < //logger.error(e); --- > logger.error(e); 1436c1437 < e.printStackTrace(); --- > //e.printStackTrace(); ----------------------------------------------------------------------------------------------------------- __________________________________________________ O. FUTURE WORK, IMPROVEMENTS __________________________________________________ - On Windows, Perl could launch processes as proper ProcessTrees: http://search.cpan.org/~gsar/libwin32-0.191/ Then killing the root process will kill child processes naturally, and we won't need to call OS commands to terminate a process. - Need to find a Mac (or Unix) equivalent way creating Process Tree in Perl too. Eventually, instead of running a windows/mac or even linux command to kill the process ourselves, investigate if it is useful to change over to use https://github.com/flapdoodle-oss/de.flapdoodle.embed.process/blob/master/src/main/java/de/flapdoodle/embed/process/runtime/Processes.java - mentioned by http://stackoverflow.com/questions/4750470/how-to-get-pid-of-process-ive-just-started-within-java-program - works with Apache license, http://www.apache.org/licenses/LICENSE-2.0 - This is a Java class that uses JNA to terminate processes. It also has the getProcessID() method. - However, does it kill subprocesses? (The OS specific commands presently issued in SafeProcess.destroyProcess() ensure subprocesses are killed.) Currently, SafeProcess does Java things the way that older Java versions recognise and accept, not only for backwards compatibility with earlier versions of Java, but in order to minimise the number of drastic changes from porting the existing Greenstone GLI and GS3 code to using SafeProcess. - In future, think of changing the method doRuntimeExec() over to using ProcessBuilder, instead of Runtime.exec(). ProcessBuilder seems to have been introduced from Java 5. https://docs.oracle.com/javase/7/docs/api/java/lang/ProcessBuilder.html See also https://zeroturnaround.com/rebellabs/how-to-deal-with-subprocesses-in-java/ which suggests using Apache Common Exec to launch processes and says what will be forthcoming in Java 9 - Instead of creating and running Threads the usual way, should we use features of newer Java versions like the Concurrency API and Executor which uses Threadpools, and let Executor handle these details? Improvements would be with multicore systems https://stackoverflow.com/questions/3330430/does-java-have-support-for-multicore-processors-parallel-processing _____________________________________________________________________________________________________________________ P. ALTERNATIVE FUTURE WORK: A case for rewriting SafeProcess to use IO::Select (Selector in Java) instead of multi-threading _____________________________________________________________________________________________________________________ (a) STREAM GOBBLER **THREADS** ARE ALLOWED TO BLOCK (JVM WILL TIMESLICE). CAUSE INTERRUPTEDEXCEPTIONS TO END BLOCKS In the InputStreamGobbler Thread classes for handling the proc.errstream and proc.outstream, the run() methods have a loop on readLine(): while (!this.interrupted() && (line = br.readLine()) != null) { ... } This so far worked beautifully, since if a process was cancelled, SafeProcess would call gobbler.interrupt() and the above loop would terminate. If a process had ended and the process err and output streams therefore run out, line == null and the loop would terminate. In both cases, we're out of the while loop and the process' stream would have been proeprly handed and the clean up would have taken place. However, BufferedReader.read() and consequently its readLine() are actually blocking calls. This was discovered when the OpenOfficeExtension was included in a GS installation and didn't work properly: if it fails to launch soffice --headless to accept on some port, then soffice is not running headless in the background. At this point, the stderr stream of the perl process that launched the OpenOfficePlugin (and OpenOfficeConverter) worked fine and output the pluginfo for the plugin and finished, terminating the while loop for the err stream gobbler. However, the process' output stream gobbler never got any data, including eof(). No cancel button was pressed, so this.interrupted() wasn't true. And br.readLine() wouldn't return but blocked: it waited for data that never came. This blocked SafeProcess' call to join() on that gobbler thread, as its run() method never terminated. The first solution is checking bufferedReader.ready() BEFORE attempting to any read() operation on the BufferedReader: // readLine() can block if nothing is forthcoming, including eof marker. // So must check BufferedReader.ready() before attempting readLine() on it // See https://stackoverflow.com/questions/15521352/bufferedreader-readline-blocks // (also http://www.java-gaming.org/index.php?topic=37191.0) while ( !this.isInterrupted() && br.ready() && (line = br.readLine()) != null ) { ... HOWEVER, there are 2 problems with this: 1. As per the API, ready() returns "True if the next read() is guaranteed not to block for input, false otherwise. Note that returning false does not guarantee that the next read will block." NOTE: As per Andrew Mackintosh the above does not mean what I understood it to mean. I thought it means that if a read() blocks at this moment and therefore ready() returns false now, it need not meant it will block 5 mins from now if there was finally data sent to the process' stdout 5 mins from now. Andrew says that what the above means is that if ready() returns false a read() operation may OR may not block at present, whereas if ready() returns true, doing read() is guaranteed to NOT block. 2. In the example of the OpenOfficeExtension, what happened is that the process' exit value was always 141, non-zero hence not a success. 141 signifies a SIGPIPE error: // NOTE: exitValue can be 141 when we got nothing not even eof from any of the process' // output streams. According to http://tldp.org/LDP/abs/html/exitcodes.html // an exit value of 128+n means Fatal error signal "n". 128 + 13 = 141, so n = 13. // And "Signal 13 is SIGPIPE" see https://github.com/Tunnelblick/Tunnelblick/issues/272 // 'SIGPIPE is the "broken pipe" signal, which is sent to a process when it attempts // to write to a pipe whose read end has closed (or when it attempts to write to a // socket that is no longer open for reading), but not vice versa. The default action // is to terminate the process.' as per https://www.quora.com/What-are-SIGPIPEs Having realised that br.read() itself can block and how to get such blocking gobbler threads to terminate, I discussed the problem with Andrew. He explained the solution: - blocking IO calls in loops is FINE as long as they are in a separate thread and not the main thread: the OS, or the JVM in this case rather, will know to use timeslicing and set the processor on other tasks until blocking IO calls are ready again. - to "wake" up blocking calls on process termination, the "Scheduler" parent class that launched the child process and the StreamGobbler Threads should cause InterruptedExceptions on its StreamGobbler threads once the child process has exited. The Scheduler should internally induce InterruptedExceptions on the StreamGobblers regardless of whether the process terminated naturally or was cancelled by the user. The Exception would then end the blocking br.readLine(). In my case, the Scheduler is SafeProcess.java and is the interrupting Thread that is to send interrupted exceptions. So after doing exitVal = proc.waitFor() the scheduler class SafeProcess should somehow cause InterruptedExceptions on its gobbler threads. I found these pages, which seem to imply indicate that the interrupting thread (SafeProcess in my case) should close the streams of the child process and that this will generate the necessary InterruptedExceptions stopping the read()/readLine() operations: - https://stackoverflow.com/questions/3595926/how-to-interrupt-bufferedreaders-readline (example speaks of bufferedreaders reading from sockets rather than from a process' IO streams) - https://arstechnica.com/civis/viewtopic.php?t=259678 I can't get it to work yet though, as at 1 and 2 Aug 2018. (b) ANOTHER IMPORTANT LESSON FROM ANDREW: Andrew Mackintosh further said that the read() block calls in worker Threads are far better in terms of not wasting processor power than a constantly active while loop in the worker Thread. 1. So doing something like this: while(!thisthread.isInterrupted() && br.read() ) // br.read() possibly blocks is good since if the read() the blocks, the OS or JVM knows to reuse the processor for other tasks. (I think of it as the OS/JVM considers blocking calls as being idle processes and therefore puts other tasks onto processor in the meantime.) Whereas: while(!thisthread.isInterrupted()) { if(!br.ready) continue; // will keep testing interrupted and ready() and so keeps using the processor. else br.read(); } will keep the processor/core wastefully occupied even though there may be long stretches when there's no data to read. UNFORTUNATELY, https://stackoverflow.com/questions/3595926/how-to-interrupt-bufferedreaders-readline says that BufferedReader.readLine() can't even be interrupted. And their solution doesn't work either. Other links: - EOF/EOS (End of Stream) is indicated by a return value of -1 for read and null for readLine(). - https://stackoverflow.com/questions/36569875/how-does-bufferedreader-readline-handle-eof-or-slow-input - https://stackoverflow.com/questions/3714090/how-to-see-if-a-reader-is-at-eof - https://arstechnica.com/civis/viewtopic.php?t=259678 (c) I next tried reading a char at a time by calling BufferedReader.read(), but it blocked forever. With further testing, I confirmed that for the indefinitely blocking process stream (stdout in the use case where things went wrong), the bufferedreader and underlying stream is never ready(). Andrew then pointed me to the API for the BufferedReader.read(cbuf) variant at https://docs.oracle.com/javase/7/docs/api/java/io/BufferedReader.html#read(char[],%20int,%20int), which like the read() variant would return -1 on eof/eos. The API for read(cbuf) claimed that it would return the number of bytes read, -1 if eof/eos or return when ready() returns false. The latter was not true, and this overloaded method behaved the same as the read() variant that reads one char at a time: the buffer and underlying stream were never ready() and hence all variants of BufferedReader's reading methods always blocked. Following advice at https://www.experts-exchange.com/questions/20083639/BufferedReader-not-ready.html and elsewhere, I tried reading directly from InputStream a.o.t. going through BufferedReader, and tested the InputStream.available() (equivalent of ready()) before attempting to read() from the stream, - https://docs.oracle.com/javase/7/docs/api/java/io/InputStream.html#available() - https://stackoverflow.com/questions/3695372/what-does-inputstream-available-do-in-java (Further, the example of InterruptibleReadline at https://stackoverflow.com/questions/3595926/how-to-interrupt-bufferedreaders-readline is buggy and doesn't work when corrected: it's the same problem.) I finally came to the realisation our threaded SafeProcess would never work, and the references on the web to using java.nio when you want to do non-blocking IO started to make sense. I had considered and attempted setting a timeout to help detect when a stream might block forever, versus when a stream would eventually get data. The classes of java.nio were again recommended when you want to work with timeouts during IO operations. (d) java.nio - stands for New IO Thinking it stood for non-blocking IO, I googled for: java nio non blocking io to confirm whether this was so, and not that nio stood for "native IO". The first search result was: "Blocking vs. Non-blocking IO. Java IO's various streams are blocking. That means, that when a thread invokes a read() or write() , that thread is blocked until there is some data to read, or the data is fully written. The thread can do nothing else in the meantime. Jun 23, 2014" Java NIO vs. IO - Jenkov Tutorials tutorials.jenkov.com/java-nio/nio-vs-io.html" If only I had found information like this earlier. However, I may not have understood it or its significance at the time (before working on NetStinky). - https://www.experts-exchange.com/questions/20083639/BufferedReader-not-ready.html - https://www.quora.com/How-can-I-get-BufferedReader-to-only-wait-for-an-input-from-System-in-for-a-given-number-of-milliseconds which states "The read() method blocks if there is no data so the only thing you can do is poll the readers ready() method to ensure there is data before you do a read." There is a Selector class in Java.nio which works like perl and C++ IO::Select(). Tutorials and further pages to read: - http://tutorials.jenkov.com/java-nio/nio-vs-io.html (general comparison and when to use java.io vs java.nio) - http://www.baeldung.com/java-nio-selector (the most useful for us) Bookmarked: - https://stackoverflow.com/questions/6619516/using-filechannel-to-write-any-inputstream says that to get a channel for an inputstream, you do: Channels.newChannel(InputStream in) http://docs.oracle.com/javase/7/docs/api/java/nio/channels/Channels.html - More information on channels: http://www.java2s.com/Tutorials/Java/Java_io/0930__Java_nio_Channels.htm - Different kind of buffers: http://www.ntu.edu.sg/home/ehchua/programming/java/J5b_IO_advanced.html - https://docs.oracle.com/javase/7/docs/api/java/nio/channels/InterruptibleChannel.html (we want to use interruptible channels, so our channel must implement this) - https://docs.oracle.com/javase/7/docs/api/java/nio/channels/spi/AbstractSelectableChannel.html (we want to add our channel to a select, so our channel must implement this) - https://docs.oracle.com/javase/7/docs/api/java/nio/channels/Channels.html (factory for obtaining a channel) - https://docs.oracle.com/javase/7/docs/api/java/nio/channels/ReadableByteChannel.html (object returned by doing Channels.newChannel(InputStream in) is of type ReadableByteChannel) I think Selector is the way to go to reimplement SafeProcess using Select to do non-blocking IO (with built in timeouts) in place of multi-threading. Therefore read through http://www.baeldung.com/java-nio-selector to refresh memory on behaviour of IO::select() in general and learn about how to do it in Java in particular. The idea is to move the multi-threaded SafeProcess to SafeProcess2.java and re-write SafeProces.java to use Java's IO::Select() (Selector). Then the classes that use SafeProcess would make the same calls as before. If we ever do go this route, see Section Q below for the public API of SafeProcess that needs to be reimplemented with java.nio/Selector. General information: https://stackoverflow.com/questions/355089/difference-between-stringbuilder-and-stringbuffer (e) Dr Bainbridge fixed the problem at the source: in the OpenOfficeConverter.pm which was launching soffice in headless mode with the wrong command: when 2>&1 is further redirected to a file (or somewhere else like /dev/null), need to do the file redirect first and then 2>&1. So, "cmd >file 2>&1" is the right way, whereas "cmd 2>&1 >file" is the wrong way around. OpenOfficeConverter.pm was launching soffice the wrong way around and Dr Bainbridge fixed it. He says we don't need to pursue rewriting SafeProcess to use Selector, as the issue in GLI was ultimately due to an error in the command that was launched in perl. However, Dr Bainbridge said it was OK to commit the links I've found on using Selector and a description of the issue that led to considering Selector. _____________________________________________________________ Q. PUBLIC API OF SAFEPROCESS, ITS SUB CLASSES AND INTERFACES _____________________________________________________________ WE ONLY CARE ABOUT NON-GOBBLER CLASSES (SINCE STREAMGOBBLERS ARE THREAD SPECIFIC) public class SafeProcess public static int DEBUG = 1; public static final int STDERR = 0; public static final int STDOUT = 1; public static final int STDIN = 2; public static String WIN_KILL_CMD; public Boolean interruptible = Boolean.TRUE; public SafeProcess(String[] cmd_args) public SafeProcess(String cmdStr) public SafeProcess(String[] cmd_args, String[] envparams, File launchDir) public String getStdOutput() { return outputStr; } public String getStdError() { return errorStr; } public int getExitValue() { return exitValue; } public void setInputString(String sendStr) public void setExceptionHandler(ExceptionHandler exception_handler) public void setMainHandler(MainProcessHandler handler) public void setSplitStdOutputNewLines(boolean split) public void setSplitStdErrorNewLines(boolean split) public boolean cancelRunningProcess() // calls cancelRunningProcess(!forceWaitUntilInterruptible); public synchronized boolean cancelRunningProcess(boolean forceWaitUntilInterruptible) public synchronized boolean processRunning() public int runBasicProcess() public int runProcess() public int runProcess(CustomProcessHandler procInHandler, CustomProcessHandler procOutHandler, CustomProcessHandler procErrHandler) public int runProcess(LineByLineHandler outLineByLineHandler, LineByLineHandler errLineByLineHandler) // KEEP AS IS: public static long getProcessID(Process p) static void killWinProcessWithID(long processID) static boolean killUnixProcessWithID(long processID, boolean force, boolean killEntireTree) public static void destroyProcess(Process p) // LOGGING - KEEP public static void log(String msg) public static void log(String msg, Exception e) public static void log(Exception e) public static void log(String msg, Exception e, boolean printStackTrace) public static String streamToString(int src) // UTILITY FUNCTIONS - MOVE OUT OF CLASS INTO PACKAGE WHEN WE HAVE SAFEPROCESS AND SAFEPROCESS2 public static boolean closeResource(Closeable resourceHandle) public static boolean closeSocket(Socket resourceHandle) public static boolean closeProcess(Process prcs) static public boolean processRunning(Process process) // Uses SafeProcess, but once that is working the new way can KEEP AS IS: public static boolean isAvailable(String program) INTERNAL INTERFACES AND ABSTRACT CLASSES: public static interface ExceptionHandler public void gotException(Exception e) public static interface MainProcessHandler public boolean beforeWaitingForStreamsToEnd(boolean forciblyTerminating); public boolean afterStreamsEnded(boolean forciblyTerminating); public void beforeProcessDestroy(); public void afterProcessDestroy(); public void doneCleanup(boolean wasForciblyTerminated); public static abstract class CustomProcessHandler public String getThreadNamePrefix() public abstract void run(Closeable stream); //InputStream or OutputStream public static abstract class LineByLineHandler public String getThreadNamePrefix() public abstract void gotLine(String line); // first non-null line public abstract void gotException(Exception e); // for when an exception occurs instead of getting a line