NodeState#computeExclusionFilter does not recompute exclusions when the incomingEdges have not changed count or identities, but the incomingEdges' transitiveExclusions have changed

[jskillin-idt]

Gradle is overzealous in excluding transitive dependencies when one dependency excludes, but another does not. It appears this is due to a cache hit that should've been a cache miss. The only way I caught this is because when the lockfile is present, it shuffles the resolver's dependency node queue just enough that the cache miss triggers correctly, and Gradle reports an error that the dependency tree no longer matches the lockfile.

It appears that a combination of having a platform dependency with a large amount of constraints, combined with a dependency on maven-embedder, creates just the right ordering, in which exclusions can be inherited early by a transitive of a transitive, and never updated when edges change the outcome of the exclusions.

Expected Behavior

The dependency tree should show all transitives in the dependency tree that ought to be present, with or without a lockfile present.

Current Behavior

Gradle, depending on the order which dependency nodes are queued for processing, excludes dependencies that ought not to have been excluded.

Context

This affects our ability to create reproducible builds, because the lockfile triggers a failure in release testing. It also creates some anxiety that transitives, which should be present, will be missing, simply due to internal details.

Steps to Reproduce

Reproducer: https://github.com/jskillin-idt/gradle-gradle-issues-22525

1. Run ./gradlew dependencies --configuration runtimeClasspath and notice that Gradle includes the dependencies in the graph, but they are not in the lockfile. To be clear, the error_prone_annotations and j2objc-annotations dependencies ought to be present in both the lockfile and the tree.

runtimeClasspath - Runtime classpath of source set 'main'.
 ...
+--- org.apache.maven:maven-embedder:3.8.6
 ...
|    +--- org.apache.maven:maven-core:3.8.6
 ...
|    |    +--- com.google.inject:guice:4.2.2
|    |    |    +--- aopalliance:aopalliance:1.0
|    |    |    \--- com.google.guava:guava:25.1-android -> 31.1-jre
|    |    |         +--- com.google.guava:failureaccess:1.0.1
|    |    |         +--- com.google.errorprone:error_prone_annotations:2.11.0 -> 2.14.0
|    |    |         \--- com.google.j2objc:j2objc-annotations:1.3
 ...
     +--- com.google.inject:guice:4.2.2 (*)
 ...
+--- com.google.guava:guava:{strictly 31.1-jre} -> 31.1-jre (c)
+--- com.google.guava:failureaccess:{strictly 1.0.1} -> 1.0.1 (c)
+--- com.google.errorprone:error_prone_annotations:2.14.0 FAILED
\--- com.google.j2objc:j2objc-annotations:1.3 FAILED

2. Remove gradle.lockfile and run ./gradlew dependencies --configuration runtimeClasspath again. Notice that the dependency tree is missing dependencies that ought to be there:

runtimeClasspath - Runtime classpath of source set 'main'.
 ...
\--- org.apache.maven:maven-embedder:3.8.6
 ...
     +--- org.apache.maven:maven-core:3.8.6
 ...
     |    +--- com.google.inject:guice:4.2.2
     |    |    +--- aopalliance:aopalliance:1.0
     |    |    \--- com.google.guava:guava:25.1-android -> 31.1-jre
     |    |         \--- com.google.guava:failureaccess:1.0.1
 ...
     +--- com.google.inject:guice:4.2.2 (*)

3. Run ./gradlew dependencies --write-locks and you will be back at step 1 again, with the missing dependencies back where they should be, but now mismatching with the lockfile.

Initial Investigation

I've done as much debugging as I can do, and it appears to me that the bug comes down to this line:

gradle/subprojects/dependency-management/src/main/java/org/gradle/api/internal/artifacts/ivyservice/resolveengine/graph/builder/NodeState.java

Line 1014 in 9465c2c

private boolean sameIncomingEdgesAsPreviousPass(int incomingEdgeCount) {

The comment here, in context, gave me a chuckle:

    private boolean sameIncomingEdgesAsPreviousPass(int incomingEdgeCount) {
        // This is a heuristic, more than truth: it is possible that the 2 long hashs
        // are identical AND that the sizes of collections are identical, but it's
        // extremely unlikely (never happened on test cases even on large dependency graph)
        return cachedModuleResolutionFilter != null
            && previousIncomingHash == incomingHash
            && previousIncomingEdgeCount == incomingEdgeCount;
    }

The issue is that guava (see reproducer output) has a chance of being processed by the loop in DependencyGraphBuilder#traverseGraph before guice has all of its edges attached.

In one case, when the lockfile isn't present, only the maven-embedder -> guice edge is the only one present on guice when guava queries for excludes. This edge is extremely harsh about the excludes that should be applied, so at this point in the traversal, guava's dependencies are almost entirely excluded.

Later, the maven-core -> guice edge is processed and the guava node is properly requeued when guice gets new incoming edges. However, when it's guava's time to be reprocessed, guava's incoming edge identities or counts haven't changed, and the cache hits when it ought not to hit. As a result, guava retains the harsh exclusions and does not have as many dependencies as it should have to satisfy maven-core.

When the lockfile is present, the two edges are queued earlier, and so guava retrieves the correct exclusion filter, and the correct dependencies are added to the graph.

Your Environment

$ ./gradlew --version
------------------------------------------------------------
Gradle 7.5.1
------------------------------------------------------------

Build time:   2022-08-05 21:17:56 UTC
Revision:     d1daa0cbf1a0103000b71484e1dbfe096e095918

Kotlin:       1.6.21
Groovy:       3.0.10
Ant:          Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM:          11.0.16 (Ubuntu 11.0.16+8-post-Ubuntu-0ubuntu122.04)
OS:           Linux 5.15.0-52-generic amd64

$ java --version
openjdk 11.0.16 2022-07-19
OpenJDK Runtime Environment (build 11.0.16+8-post-Ubuntu-0ubuntu122.04)
OpenJDK 64-Bit Server VM (build 11.0.16+8-post-Ubuntu-0ubuntu122.04, mixed mode, sharing)

[eskatos]

Thank you for providing a valid reproducer.

The issue is in the backlog of the relevant team but this area of Gradle is currently not a focus one so it might take a while before a fix is made.

[jskillin-idt]

Thanks for checking in! I appreciate it!

The workaround at present is to take the dependent of the "flickering" transitives (in the reproducer, that's guava) and add it as a direct dependency to force the transitives to resolve the same way. It means more transitives than otherwise, since this bypasses the exclusion filters which caused the bug in the first place, but it at least means that the tree resolves consistently.

This workaround will keep things moving until a fix is available.

[jskillin-idt]

The issue is in the backlog of the relevant team but this area of Gradle is currently not a focus one so it might take a while before a fix is made.

I figured I'd wait a year (I almost made it 😄 ) before checking in and seeing if there's any possibility of this bug getting attention? I hope my root cause analysis and reproducer is useful to ease the burden of whoever tackles this one.

[jvandort]

You've provided quite a bit of context. Thank you for the effort you've put in here.

This indeed seems like a bug in the engine, but, as you've noticed, we haven't been able to address this behind the mountain of other issues we are working on.

Given that, have you investigated this enough to propose a solution for it? If not I worry that this will just remain in our backlog

[jskillin-idt]

Given that, have you investigated this enough to propose a solution for it? If not I worry that this will just remain in our backlog

I apologize for the slow response. I've been super busy.

If I have specific recommendations, I'll add another comment here.

In the meantime, here's what I remember from back when I was investigating this. There were two options, if I remember right:

• We all take a performance hit and dump the hopeful caching algorithm in favor of simpler accuracy. This is the easy choice, as it's the least likely to break things and the most likely to fix things, and it removes code that adds complexity to the overall code base, but given that these lines of code are probably hit hundreds of times in every Gradle run, the impact of this performance hit is high enough to not intuitively sit well with me. I don't have metrics to prove the gut feeling out, however.
• We increase the amount of metadata the caching algorithm is using to cover the case where "incomingEdges have not changed count or identities, but the incomingEdges' transitiveExclusions have changed". This will use more resources to keep that extra metadata handy, but will hopefully keep most of the performance gains from the cache while fixing this specific issue. There may, however, be other bugs lurking in this caching algorithm that I am unaware of.

[jskillin-idt]

The reproducer still works great! I don't know why the label was removed.

[jskillin-idt]

I had time to dig further into this issue, and I have traced to what I believe is a better place. It may be possible to write a smaller reproducer now that the bug is located, at least theoretically.

I'm going to try to add headers to break this wall of text up a bit 😄

Setting up the Debugger

First, I found it helpful to add a breakpoint to the NodeState class and watch how each call to computeExclusionFilter proceeded. Using an IDE, I wrote a breakpoint with the condition of java.util.List.of("com.google.guava:guava:31.1-jre", "com.google.inject:guice:4.2.2", "org.apache.maven:maven-core:3.8.6", "org.apache.maven:maven-embedder:3.8.6").contains(this.component.toString()) on this line here.

This breakpoint is triggered in the following orders depending on the presence of the lockfile:

• Without lockfile: maven-embedder / guice / maven-core / guava / guice
• With lockfile: maven-embedder / maven-core / guice / guava

If you recall from the original description of the bug, I had identified that the issue happens when the lockfile isn't present. Without the lockfile, "when it's guava's time to be reprocessed, guava's incoming edge identities or counts haven't changed, and the cache hits when it ought not to hit. As a result, guava retains the harsh exclusions and does not have as many dependencies as it should have to satisfy maven-core." In the order I put above, this reprocessing happens without a lockfile during guice's resolution at the very end.

I reconfirmed this with my testing. I carefully reconstructed by hand the so-called "transitive exclusions" that the EdgeStates capture, by verifying against the contents of the POM files. Those EdgeStates track how exclusions travel transitively down the dependency tree via the transitiveExclusions variable, at least. These fall out of sync on the guice -> guava edge.

Tracing Through NodeState

What makes this so hard to debug is the code flow is behaving exactly as expected: guice's NodeState has logic which detects that its dependencies ("outgoing edges") need updating here, and triggers a whole bunch of logic that seems to carefully, meticulously unwind guava, and others, out of the dependency tree (which I think is called a "configuration" in the code).

After that, visitDependencies is called here and passes in the updated resolutionFilter which contains the new, smaller set of exclusions. This goes into a for loop which goes over each known dependency, and for each dependency, it makes a call to createAndLinkEdgeState here which, again, takes in the new, smaller resolutionFilter.

This is where the logic starts to show signs trouble. The first line in createAndLinkEdgeState here uses a computeIfAbsent call to discover either an existing EdgeState instance, or create one.

The edgesCache variable houses a HashMap, so the check for an existing cache state uses the hash code of the DependencyState object. The DependencyState object takes the following as inputs for its hash code:

• The DependencyMetadata's hash code, which in this particular case is MavenDependencyMetadata, which is the default Object hash code.
• The ComponentSelector's hash code, which in this particular case is the DefaultModuleComponentSelector, which takes in the following for its hash code:
  • Version constraint
  • Module identifier
  • Attributes (empty in my case)
  • Requested capabilities (empty in my case)

The data that we care about is resolutionFilter which is not represented anywhere here. Halting execution on this line at this point shows the resolutionFilter being passed in has 7 elements, whereas the one the EdgeState stores has the older, too-broad 13 elements.

Extra Debugging in sameIncomingEdgesAsPreviousPass

This is just one cache that seems to hit when it should miss. Within Gradle's various "State" classes, there are a wide variety of caches being constantly checked, cleared, and refreshed. Keeping them in sync seems like a lot of work! In this case, there appears to be two caches interacting, but they are unaware of each other.

The second cache hit that should be a cache miss is located in the sameIncomingEdgesAsPreviousPass function here. This is the one I originally documented in my opening post.

However, this cache never has a chance of working, because it would simply query the same EdgeState which has not been updated. I'll walk through it quickly.

There are three checks here. There's a check that a cache exists to be reused (cachedModuleResolutionFilter != null), the incoming edges have the same identity (previousIncomingHash == incomingHash) and that the number of incoming edges matches from previously (previousIncomingEdgeCount == incomingEdgeCount).

This cache misses correctly for guava, so NodeState correctly updates its cachedModuleResolutionFilter and returns the result. This updated filter now exists independently in NodeState, and does not communicate to the transitiveExclusions, cachedExclusions, or any other values of relevance in the outgoing edges. I don't know if that is the right solution, but certainly there is a disconnect here.

Finally, this disconnect plays out to produce the bug when guava's NodeState runs the sameIncomingEdgesAsPreviousPass function. The cache hits when it should not. Interestingly, the cache would have missed if the EdgeState objects had their transitiveExclusions updated, because the hash code of the EdgeState is partially determined by the exclusions. Even if this cache did miss, it would only have the pre-existing EdgeStates to query, which have outdated transitiveExclusions and would just get the same result. This means that my original suggestion of bypassing the sameIncomingEdgesAsPreviousPass cache as a quick solution wouldn't have worked.

Conclusion

I don't understand the best way to resolve this, as I don't fully understand the high-level design that led to the NodeState and EdgeState implementations.

At first glance, the correct solution seems to be to check whether the resolutionFilter has changed since the EdgeState was created in createAndLinkEdgeState, update transitiveExclusions within EdgeState, and then cascade whatever updates need to happen from there. I am not certain what might happen if transitiveExclusions is updated, since it appears the code never expects it to update.

It may be possible to live dangerously and simply update transitiveExclusions and see if any tests break, assuming Gradle has a robust set of tests around its resolver. 😄 There is EdgeState#updateTransitiveExcludes after all. (Oddly, it doesn't recompute the hash code, and it's only called when the owning NodeState gets a new exclusion filter which results in the same dependencies. Is this another bug?)

Another possible solution is to involve more metadata in the cache used by createAndLinkEdgeState so that resolutionFilter is included. The problem with this is you will create multiple EdgeState objects for the same edge in the graph, and based on the meticulous unwinding I saw done when NodeState updated outgoing edges, it appears that the EdgeState instances interact in many places, and aren't easily replaced by another instance. I could be wrong.

The other possible solution I could see is a refactor. There are a lot of variables storing the same "exclusion" information at multiple levels that seemed to me to be updated at different points during resolution. That's a lot of state for a developer to take care of, and it makes me nervous to touch the code. It's possible that the authors feel similarly, and have already been planning some refactors here. Since I do not have a good understanding of the high-level design, it's hard for me to anticipate what this would look like.