feat: clean DNS cache via JNI (#51)

* feat: clean DNS cache via JNI

Author: maxday

.github/workflows/runtime-interface-client_pr.yml

@@ -26,6 +26,8 @@ jobs:
     - name: Runtime Interface Client smoke tests - Run 'pr' target
       working-directory: ./aws-lambda-java-runtime-interface-client
       run: make pr
+      env:
+        IS_JAVA_8: true
 
   build:
     runs-on: ubuntu-latest
@@ -52,6 +54,8 @@ jobs:
     - name: Test Runtime Interface Client xplatform build - Run 'build' target
       working-directory: ./aws-lambda-java-runtime-interface-client
       run: make build
+      env:
+        IS_JAVA_8: true
 
     - name: Save the built jar
       uses: actions/upload-artifact@v3

aws-lambda-java-runtime-interface-client/Makefile

@@ -4,6 +4,13 @@ ARCHITECTURE := $(shell arch)
 ARCHITECTURE_ALIAS := $($(shell echo "$(ARCHITECTURE)_ALIAS"))
 ARCHITECTURE_ALIAS := $(or $(ARCHITECTURE_ALIAS),amd64) # on any other archs defaulting to amd64
 
+# Java 8 does not support passing some args (such add --add-opens) so we need to clear them
+ifeq ($(IS_JAVA_8),true)
+	EXTRA_LOAD_ARG := -DargLineForReflectionTestOnly=""
+else
+	EXTRA_LOAD_ARG :=
+endif
+
 # This optional module exports MAVEN_REPO_URL, MAVEN_REPO_USERNAME and MAVEN_REPO_PASSWORD environment variables
 # making it possible to publish resulting artifacts to a codeartifact maven repository
 -include ric-dev-environment/codeartifact-repo.mk
@@ -15,7 +22,7 @@ target:
 
 .PHONY: test
 test:
-	mvn test
+	mvn test $(EXTRA_LOAD_ARG)
 
 .PHONY: setup-codebuild-agent
 setup-codebuild-agent:
@@ -44,11 +51,11 @@ pr: test test-smoke
 
 .PHONY: build
 build: 
-	mvn clean install
-	mvn install -P linux-x86_64
-	mvn install -P linux_musl-x86_64
-	mvn install -P linux-aarch64
-	mvn install -P linux_musl-aarch64
+	mvn clean install $(EXTRA_LOAD_ARG)
+	mvn install -P linux-x86_64 $(EXTRA_LOAD_ARG)
+	mvn install -P linux_musl-x86_64 $(EXTRA_LOAD_ARG)
+	mvn install -P linux-aarch64 $(EXTRA_LOAD_ARG)
+	mvn install -P linux_musl-aarch64 $(EXTRA_LOAD_ARG)
 
 .PHONY: publish
 publish:

aws-lambda-java-runtime-interface-client/pom.xml

@@ -47,6 +47,11 @@
         <target_build_os/>
         <target_build_arch/>
         <ric.classifier/>
+        <!--
+            Some test/integration/codebuild/buildspec.*.yml files will set -DargLineForReflectionTestOnly=""
+            as this is not supported by all flavors of java
+        -->
+        <argLineForReflectionTestOnly>--add-opens java.base/java.net=ALL-UNNAMED</argLineForReflectionTestOnly>
     </properties>
 
     <dependencies>
@@ -93,6 +98,9 @@
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>3.0.0-M9</version>
+                <configuration>
+                    <argLine>${argLineForReflectionTestOnly}</argLine>
+                </configuration>
                 <dependencies>
                     <dependency>
                         <groupId>org.junit.jupiter</groupId>
@@ -110,6 +118,24 @@
                 <artifactId>maven-antrun-plugin</artifactId>
                 <version>1.7</version>
                 <executions>
+                    <execution>
+                        <id>build-jni-lib-for-tests</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <target name="Build JNI libraries for tests">
+                                <exec executable="${project.basedir}/src/main/jni/build-jni-lib.sh"
+                                      failonerror="true" logError="true">
+                                    <arg value="${project.build.directory}"/>
+                                    <arg value="false"/>
+                                    <arg value="${target_build_os}"/>
+                                    <arg value="${target_build_arch}"/>
+                                </exec>
+                            </target>
+                        </configuration>
+                    </execution>
                     <execution>
                         <id>build-jni-lib</id>
                         <phase>prepare-package</phase>

aws-lambda-java-runtime-interface-client/src/main/java/com/amazonaws/services/lambda/crac/ContextImpl.java

@@ -23,25 +23,9 @@ public class ContextImpl extends Context<Resource> {
 
     @Override
     public synchronized void beforeCheckpoint(Context<? extends Resource> context) throws CheckpointException {
-
-        List<Throwable> exceptionsThrown = new ArrayList<>();
-        for (Resource resource : getCheckpointQueueReverseOrderOfRegistration()) {
-            try {
-                resource.beforeCheckpoint(this);
-            } catch (CheckpointException e) {
-                Collections.addAll(exceptionsThrown, e.getSuppressed());
-            } catch (Exception e) {
-                exceptionsThrown.add(e);
-            }
-        }
-
-        if (!exceptionsThrown.isEmpty()) {
-            CheckpointException checkpointException = new CheckpointException();
-            for (Throwable t : exceptionsThrown) {
-                checkpointException.addSuppressed(t);
-            }
-            throw checkpointException;
-        }
+        executeBeforeCheckpointHooks();
+        DNSManager.clearCache();
+        System.gc();
     }
 
     @Override
@@ -87,4 +71,25 @@ private List<Resource> getCheckpointQueueForwardOrderOfRegistration() {
                 .map(Map.Entry::getKey)
                 .collect(Collectors.toList());
     }
+
+    private void executeBeforeCheckpointHooks() throws CheckpointException {
+        List<Throwable> exceptionsThrown = new ArrayList<>();
+        for (Resource resource : getCheckpointQueueReverseOrderOfRegistration()) {
+            try {
+                resource.beforeCheckpoint(this);
+            } catch (CheckpointException e) {
+                Collections.addAll(exceptionsThrown, e.getSuppressed());
+            } catch (Exception e) {
+                exceptionsThrown.add(e);
+            }
+        }
+
+        if (!exceptionsThrown.isEmpty()) {
+            CheckpointException checkpointException = new CheckpointException();
+            for (Throwable t : exceptionsThrown) {
+                checkpointException.addSuppressed(t);
+            }
+            throw checkpointException;
+        }
+    }
 }

aws-lambda-java-runtime-interface-client/src/main/java/com/amazonaws/services/lambda/crac/DNSManager.java

@@ -0,0 +1,10 @@
+/*
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package com.amazonaws.services.lambda.crac;
+
+class DNSManager {
+    static native void clearCache();
+}

aws-lambda-java-runtime-interface-client/src/main/java/com/amazonaws/services/lambda/runtime/api/client/runtimeapi/JniHelper.java

@@ -0,0 +1,64 @@
+/*
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: Apache-2.0
+*/
+package com.amazonaws.services.lambda.runtime.api.client.runtimeapi;
+
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.file.StandardCopyOption;
+import java.util.ArrayList;
+import java.util.List;
+
+public class JniHelper {
+    
+    private static final String NATIVE_LIB_PATH = "/tmp/.libaws-lambda-jni.so";
+    private static final String NATIVE_CLIENT_JNI_PROPERTY = "com.amazonaws.services.lambda.runtime.api.client.runtimeapi.NativeClient.JNI";
+
+    /**
+     * Unpacks JNI library from the JAR to a temporary location and tries to load it using System.load()
+     * Implementation based on AWS CRT
+     * (ref. <a href="https://github.com/awslabs/aws-crt-java/blob/0e9c3db8b07258b57c2503cfc47c787ccef10670/src/main/java/software/amazon/awssdk/crt/CRT.java#L106-L134">...</a>)
+     *
+     * @param libsToTry - array of native libraries to try
+     */
+    public static void load() {
+        String jniLib = System.getProperty(NATIVE_CLIENT_JNI_PROPERTY);
+        if (jniLib != null) {
+            System.load(jniLib);
+        } else {
+            String[] libsToTry = new String[]{
+                    "libaws-lambda-jni.linux-x86_64.so",
+                    "libaws-lambda-jni.linux-aarch_64.so",
+                    "libaws-lambda-jni.linux_musl-x86_64.so",
+                    "libaws-lambda-jni.linux_musl-aarch_64.so"
+            };
+            unpackAndLoad(libsToTry, NativeClient.class);
+        }
+    }
+
+    private static void unpackAndLoad(String[] libsToTry, Class clazz) {
+        List<String> errorMessages = new ArrayList<>();
+        for (String libToTry : libsToTry) {
+            try (InputStream inputStream = clazz.getResourceAsStream(
+                    Paths.get("/jni", libToTry).toString())) {
+                if (inputStream == null) {
+                    throw new FileNotFoundException("Specified file not in the JAR: " + libToTry);
+                }
+                Files.copy(inputStream, Paths.get(NATIVE_LIB_PATH), StandardCopyOption.REPLACE_EXISTING);
+                System.load(NATIVE_LIB_PATH);
+                return;
+            } catch (UnsatisfiedLinkError | Exception e) {
+                errorMessages.add(e.getMessage());
+            }
+        }
+
+        for (int i = 0; i < libsToTry.length; ++i) {
+            System.err.println("Failed to load the native runtime interface client library " + libsToTry[i] +
+                    ". Exception: " + errorMessages.get(i));
+        }
+        System.exit(-1);
+    } 
+}

aws-lambda-java-runtime-interface-client/src/main/java/com/amazonaws/services/lambda/runtime/api/client/runtimeapi/NativeClient.java

@@ -5,14 +5,7 @@
 package com.amazonaws.services.lambda.runtime.api.client.runtimeapi;
 
 import com.amazonaws.services.lambda.runtime.api.client.runtimeapi.dto.InvocationRequest;
-
-import java.io.FileNotFoundException;
-import java.io.InputStream;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.nio.file.StandardCopyOption;
-import java.util.ArrayList;
-import java.util.List;
+import com.amazonaws.services.lambda.runtime.api.client.runtimeapi.JniHelper;
 
 import static com.amazonaws.services.lambda.runtime.api.client.runtimeapi.LambdaRuntimeApiClientImpl.USER_AGENT;
 
@@ -21,60 +14,11 @@
  * interactions with the Runtime API.
  */
 class NativeClient {
-    private static final String NATIVE_LIB_PATH = "/tmp/.libaws-lambda-jni.so";
-    public static final String NATIVE_CLIENT_JNI_PROPERTY = "com.amazonaws.services.lambda.runtime.api.client.runtimeapi.NativeClient.JNI";
     static void init() {
-        loadJNILib();
+        JniHelper.load();
         initializeClient(USER_AGENT.getBytes());
     }
-
-    private static void loadJNILib() {
-        String jniLib = System.getProperty(NATIVE_CLIENT_JNI_PROPERTY);
-        if (jniLib != null) {
-            System.load(jniLib);
-        } else {
-            String[] libsToTry = new String[]{
-                    "libaws-lambda-jni.linux-x86_64.so",
-                    "libaws-lambda-jni.linux-aarch_64.so",
-                    "libaws-lambda-jni.linux_musl-x86_64.so",
-                    "libaws-lambda-jni.linux_musl-aarch_64.so"
-            };
-            unpackAndLoadNativeLibrary(libsToTry);
-        }
-    }
-
-
-    /**
-     * Unpacks JNI library from the JAR to a temporary location and tries to load it using System.load()
-     * Implementation based on AWS CRT
-     * (ref. <a href="https://github.com/awslabs/aws-crt-java/blob/0e9c3db8b07258b57c2503cfc47c787ccef10670/src/main/java/software/amazon/awssdk/crt/CRT.java#L106-L134">...</a>)
-     *
-     * @param libsToTry - array of native libraries to try
-     */
-    static void unpackAndLoadNativeLibrary(String[] libsToTry) {
-
-        List<String> errorMessages = new ArrayList<>();
-        for (String libToTry : libsToTry) {
-            try (InputStream inputStream = NativeClient.class.getResourceAsStream(
-                    Paths.get("/jni", libToTry).toString())) {
-                if (inputStream == null) {
-                    throw new FileNotFoundException("Specified file not in the JAR: " + libToTry);
-                }
-                Files.copy(inputStream, Paths.get(NATIVE_LIB_PATH), StandardCopyOption.REPLACE_EXISTING);
-                System.load(NATIVE_LIB_PATH);
-                return;
-            } catch (UnsatisfiedLinkError | Exception e) {
-                errorMessages.add(e.getMessage());
-            }
-        }
-
-        for (int i = 0; i < libsToTry.length; ++i) {
-            System.err.println("Failed to load the native runtime interface client library " + libsToTry[i] +
-                    ". Exception: " + errorMessages.get(i));
-        }
-        System.exit(-1);
-    }
-
+    
     static native void initializeClient(byte[] userAgent);
 
     static native InvocationRequest next();

aws-lambda-java-runtime-interface-client/src/main/jni/Dockerfile.glibc

@@ -53,9 +53,16 @@ RUN /usr/bin/c++ -c \
         -I${JAVA_HOME}/include/linux \
         -I ./deps/artifacts/include \
         com_amazonaws_services_lambda_runtime_api_client_runtimeapi_NativeClient.cpp -o com_amazonaws_services_lambda_runtime_api_client_runtimeapi_NativeClient.o && \
+    /usr/bin/c++ -c \
+        -std=gnu++11 \
+        -fPIC \
+        -I${JAVA_HOME}/include \
+        -I${JAVA_HOME}/include/linux \
+        -I ./deps/artifacts/include \
+        com_amazonaws_services_lambda_crac_DNSManager.cpp -o com_amazonaws_services_lambda_crac_DNSManager.o && \
     /usr/bin/c++ -shared \
         -std=gnu++11 \
-        -o aws-lambda-runtime-interface-client.so com_amazonaws_services_lambda_runtime_api_client_runtimeapi_NativeClient.o \
+        -o aws-lambda-runtime-interface-client.so com_amazonaws_services_lambda_runtime_api_client_runtimeapi_NativeClient.o com_amazonaws_services_lambda_crac_DNSManager.o \
         -L ./deps/artifacts/lib64/ \
         -L ./deps/artifacts/lib/ \
         -laws-lambda-runtime \

aws-lambda-java-runtime-interface-client/src/main/jni/Dockerfile.musl

@@ -54,9 +54,16 @@ RUN /usr/bin/c++ -c \
         -I${JAVA_HOME}/include/linux \
         -I ./deps/artifacts/include \
         com_amazonaws_services_lambda_runtime_api_client_runtimeapi_NativeClient.cpp -o com_amazonaws_services_lambda_runtime_api_client_runtimeapi_NativeClient.o && \
+    /usr/bin/c++ -c \
+        -std=gnu++11 \
+        -fPIC \
+        -I${JAVA_HOME}/include \
+        -I${JAVA_HOME}/include/linux \
+        -I ./deps/artifacts/include \
+        com_amazonaws_services_lambda_crac_DNSManager.cpp -o com_amazonaws_services_lambda_crac_DNSManager.o && \
     /usr/bin/c++ -shared \
         -std=gnu++11 \
-        -o aws-lambda-runtime-interface-client.so com_amazonaws_services_lambda_runtime_api_client_runtimeapi_NativeClient.o \
+        -o aws-lambda-runtime-interface-client.so com_amazonaws_services_lambda_runtime_api_client_runtimeapi_NativeClient.o com_amazonaws_services_lambda_crac_DNSManager.o \
         -L ./deps/artifacts/lib/ \
         -laws-lambda-runtime \
         -lcurl \

aws-lambda-java-runtime-interface-client/src/main/jni/build-jni-lib.sh

@@ -51,10 +51,21 @@ function build_for_libc_arch() {
       echo "multi-arch not requested, assuming this is a workaround to goofyness when docker buildx is enabled on Linux CI environments."
       echo "enabling docker buildx often updates the docker api version, so assuming that docker cli is also too old to use --output type=tar, so doing alternative build-tag-run approach"
       image_name="lambda-java-jni-lib-${libc_impl}-${arch}"
+
+      # GitHub actions is using dockerx build under the hood. We need to pass --load option to be able to run the image
+      # This args is NOT part of the classic docker build command, so we need to check against a GitHub Action env var not to make local build crash.
+      if [[ "${GITHUB_RUN_ID:+isset}" == "isset" ]]; then
+        EXTRA_LOAD_ARG="--load"
+      else
+        EXTRA_LOAD_ARG=""
+      fi
+
       docker build --platform="${docker_platform}" \
             -t "${image_name}" \
             -f "${SRC_DIR}/Dockerfile.${libc_impl}" \
-            --build-arg CURL_VERSION=${CURL_VERSION} "${SRC_DIR}"
+            --build-arg CURL_VERSION=${CURL_VERSION} "${SRC_DIR}" ${EXTRA_LOAD_ARG}
+
+      echo "Docker image has been successfully built"
 
       docker run --rm --entrypoint /bin/cat "${image_name}" \
             /src/aws-lambda-runtime-interface-client.so > "${artifact}"