Is this Dependency hell or story about CodeCache?

-

 Today, I want to share my opinion about some improvements in the plugins directory, it’s continued article of OWASP dependencies checks (link). 

As we know last time Atlassian start by design to request CodeCache 512M in setenv.sh. (https://jira.atlassian.com/browse/JRASERVER-66796

So based on that general picture we can find the code cache one of the main areas of memory.

image.png

Simply put, JVM Code Cache is an area where JVM stores its bytecode compiled into native code. We call each block of the executable native code a nmethod. The nmethod might be a complete or inlined Java method.

The just-in-time (JIT) compiler is the biggest consumer of the code cache area. That's why some developers call this memory a JIT code cache.

 

 Just to be clear, why do most of apps are a huge memory and time consumers? Most of answer is new functionality, but functionality is not growing exponentially, as a codebase.

  Based on that hypothesis, I investigated the pom.xml in-house apps in my instances and open-source apps, where found a small dependency hell (https://en.wikipedia.org/wiki/Dependency_hell) .

So let’s start. I have almost 400M of installed plugins in Jira’s home.

image.png

  1. Let’s investigate in-house apps, so that’s easy to investigate by maven command from Atlassian SDK.
atlas-mvn dependency:analyze

The output will be like this

image.png

As a result, you can investigate the WARNING messages,

to make it periodically it’s helped me https://maven.apache.org/shared/maven-dependency-analyzer/project-info.html

As an example, I have apps 16M, after reviewing the scopes, dependencies it’s starting to be 5.6MB.

 

2. The same steps you can do with open source apps, e.g. I did with Jira-toolkit app (Atlassian).

image.png

As a result you can easier, make a pull request.

Also, jdeps shows interesting points to understand apps are ready for the new Jira or not, if the in-house developer left and you can’t find any source code.

 

Conclusion

I think in-house developers will do the next easy steps the Atlassian platform will work much efficiently.

  1. Do clean a pom.xml or just use exactly used dependency
  2. Try to maximum reuse dependency like setting in maven <scope>provided</scope>
  3. Please, use up to date the dependency, as can be improved, in different purpose, security or performance improvements or new functionality. Where you can aggregate or review dependencies.

Based on the 3 easy steps we can improve performance and security.

P.S. I will be happy if Atlassian will extend requirements (https://developer.atlassian.com/platform/marketplace/dc-apps-submitting-your-app/), by adding the report of OWASP dependency check (https://owasp.org/www-project-dependency-check/) as the required option.

As a result, we can see reduced dependencies which are to improve the performance, because it’s related to the memory, exact functions, up to date dependencies.

 

Hope it helps.

Cheers,

Gonchik Tsymzhitov

Comments

Post a Comment

Popular posts from this blog

Overview and practical use cases with open source tracing tool for Java Apps. Glowroot. Installation

-
Image
In that small article, you can find how to install the agent of Glowroot. Installation of the application is quite simple on agents, and this article shows a scheme for working with a built-in collector, but for industrial installations we use it with a bundle with elasticsearch. The installation can be both for individual nodes and so for the central collector. In this case, consider for a separate node. Prerequisites: {jira_home} - is location of Jira home directory. {jira_installation_directory} is the location of Jira installation directory.   Steps: Downloading the installer wget -c https://github.com/glowroot/glowroot/releases/download/v0.13.6/glowroot-0.13.6-dist.zip To check, create a directory via command   mkdir -p /{jira_home}/glowroot/tmp Let the Jira process write and set ownership for simplicity, but it is recommended that you just give the write ability to the owner of the Jira process. chown -R jira: /{jira_home}/glowroot We additionally set the argument to setenv.sh in
Read more

Atlassian Community, let's collaborate and provide stats to vendors about our SQL index usage

-
  Hi!  Gonchik is in touch. Today I would like to get a little bit of help from you related SQL indexes on your Jira installation (Data Center, Server edition does not matter).    I would like to share a story about  PostgreSQL  and  Jira 8.13.3  ( JSD 4.13.3 )  release.  In that post I will be happy if you answer and comment about your instance indexes, as those info can help to improve the existing situation of heavy indexes.  Typically, it starts from improvement of configuration (e.g. using  https://postgresqltuner.pl/ ),  then query analyzing, adding indexes, after removing as heavy one (shortly  https://wiki.postgresql.org/wiki/Index_Maintenance ) :)    I use like this query in PostgreSQL: SELECT s.schemaname,        s.relname AS tablename,        s.indexrelname AS indexname,        pg_size_pretty(pg_relation_size(s.indexrelid::regclass)) AS index_size,        idx_tup_read,         idx_tup_fetch,         idx_scan FROM pg_catalog.pg_stat_user_indexes s JOIN pg_catalog.pg_index i O
Read more

How only 2 parameters of PostgreSQL reduced anomaly of Jira Data Center nodes

-
Image
  Hello community, Gonchik Tsymzhitov is in touch. Today, I would like to share with you a short story about postgresqltuner.pl in usage.  So from previous articles I hope you configured the PostgreSQL server and postgresqltuner.pl.  After executing command, ./postgresqltuner.pl --ssd for ssd disks server. You can see like this output: postgresqltuner.pl version 1.0.1 [OK]      I can invoke executables Connecting to /var/run/postgresql:5432 database template1 as user 'postgres'... [OK]      The user account used by me for reporting has superuser rights on this PostgreSQL instance =====  OS information  ===== [INFO]    OS: linux Version: 5.4.17-2036.102.0.2.el8uek.x86_64 Arch: x86_64-linux-thread-multi [INFO]    OS total memory: 41.03 GB [OK]      vm.overcommit_memory is adequate: no memory overcommitment [INFO]    Running under a vmware hypervisor [INFO]    Currently used I/O scheduler(s): mq-deadline =====  General instance informations  ===== -----  PostgreSQL version  -----
Read more