[Xorp-hackers] Crash due to stale cached xrl sender pointer.
Bruce Simpson
bms at incunabulum.net
Sun Nov 8 06:02:47 PST 2009
The attached patch changes the allocation semantics of the cached Xrl
pointer to be per-client-instance rather than per-library-instance.
It does this by modifying the Xrl client stub generator to include a
named auto_ptr<Xrl> for each method in the Xrl client stub.
Sizes are for FreeBSD 7.2/amd64 with gcc 4.2.1. Hopefully it should give
others a feel for working with the code generator.
This probably doesn't fix the original race, but it may make it
easier to mitigate some other way, by giving us a handle on the cached
Xrls which are causing the problem, rather than letting them dangle in
the BSS segment. That, and it should fix the glaringly obvious memory
leakage, and non-reentrancy, caused by polluting a library with 'static
Xrl*' instances.
I've tested this briefly with the current SVN tree, just by running
a xorp_finder, call_xrl, and a xorp_rib. This exercises the reentrancy
of the XRL client stubs, because the Finder Client is instantiated once
for every XrlRouter. The RIB uses libfeaclient, which instantiates its
*own* XrlRouter instance (yes, you can have more than one per
process...) for getting interface updates from the FEA.
This patch does increase the code size of the stubs very slightly;
that's the trade-off. As we are no longer holding the cached 'static
Xrl*' in the BSS segment, it shrinks versus the code segment;
auto_ptr<T> doesn't use any additional data storage above the pointer
type, but we are now checking allocations and deallocations of Xrl for
the stubs.
When building with shared libraries, the template expansions for
auto_ptr are a lost opportunity for coalescing with the linker, although
this only wastes ~128 bytes per library (for auto_ptr<Xrl>::get() and
auto_ptr<Xrl>::reset()). Most of this seems to be NOP padding for cache
line alignment.
I'm still not 100% happy with how the XrlPFSender cache mechanism
works. Because we're holding a pointer somewhere, to something whose
lifecycle is managed somewhere else, there really isn't any other answer
than the one you've already suggested.
I'm not that happy about using ref_ptr<T> to do it, for much the
same reasons as I've already described earlier in this thread -- there
is no clean syntax for observing a ref_ptr vs Boost's shared_ptr/weak_ptr.
I'm not at all happy about using ref_ptr<T>&, because it is all too
easy to ignore its specific meaning and introduce problems. Certainly,
the only reason I did it in Spt, was because that class was already
using ref_ptr<T> internally to track nodes in a container.
Granted, this is code fairly deep down in the core of the tree,
which many developers would never need to touch directly, but that makes
it even more important to be careful.
In Thrift, the binary blobs themselves can be decoupled from where
they go. There is a potential chicken-and-egg problem if we support
multiple TProtocol types, where we would need to know the sender before
the stubs create the blob; if we just speak TBinaryProtocol to
everything, we don't have this problem, but it does mean we can't just
tell the XORP RPC endpoints 'speak JSON to this guy', 'speak XML-RPC to
this guy', 'speak AMQP to this guy' etc.
So the idea of caching the transport we'd prefer to transmit from,
is still one that bears further scrutiny, even in a re-spin. The
difference is, for maximum flexibility, Thrifted XRL stubs would
actually want to see XrlPFSender's equivalent upfront, before
XrlSender::send() is even called.
This is after scrutinizing libxipc even further this week, and
realizing most of what's there is to support asynchrony.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sizes-xif-autoptr.txt
Url: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-hackers/attachments/20091108/fccc60fe/attachment.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sizes-xif-noautoptr.txt
Url: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-hackers/attachments/20091108/fccc60fe/attachment-0001.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: xrl-auto-ptr.diff
Url: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-hackers/attachments/20091108/fccc60fe/attachment.ksh
More information about the Xorp-hackers
mailing list