[
https://issues.apache.org/jira/browse/DISPATCH-2046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17335682#comment-17335682
]
ASF GitHub Bot commented on DISPATCH-2046:
------------------------------------------
kgiusti commented on a change in pull request #1176:
URL: https://github.com/apache/qpid-dispatch/pull/1176#discussion_r623201753
##########
File path: src/server.c
##########
@@ -1644,25 +1657,31 @@ void qd_listener_decref(qd_listener_t* li)
qd_connector_t *qd_server_connector(qd_server_t *server)
{
- qd_connector_t *ct = new_qd_connector_t();
- if (!ct) return 0;
- ZERO(ct);
- sys_atomic_init(&ct->ref_count, 1);
- ct->server = server;
- qd_failover_item_list_t conn_info_list;
- DEQ_INIT(conn_info_list);
- ct->conn_info_list = conn_info_list;
- ct->conn_index = 1;
- ct->state = CXTR_STATE_INIT;
- ct->lock = sys_mutex();
- ct->conn_msg = (char*) malloc(300);
- memset(ct->conn_msg, 0, 300);
- ct->timer = qd_timer(ct->server->qd, try_open_cb, ct);
- if (!ct->lock || !ct->timer) {
- qd_connector_decref(ct);
- return 0;
- }
- return ct;
+ qd_connector_t *connector = new_qd_connector_t();
+ if (!connector) return 0;
+ ZERO(connector);
+ sys_atomic_init(&connector->ref_count, 1);
+ DEQ_INIT(connector->conn_info_list);
+
+ connector->server = server;
Review comment:
How does that make a difference? I don't understand - the other stuff
(conn_index, server, etc) are idempotent - it doesn't matter if they are set or
not if the initialization fails.
If it's a matter of preference then no problem - I just don't see any
advantage to that change.
##########
File path: src/server.c
##########
@@ -1644,25 +1657,31 @@ void qd_listener_decref(qd_listener_t* li)
qd_connector_t *qd_server_connector(qd_server_t *server)
{
- qd_connector_t *ct = new_qd_connector_t();
- if (!ct) return 0;
- ZERO(ct);
- sys_atomic_init(&ct->ref_count, 1);
- ct->server = server;
- qd_failover_item_list_t conn_info_list;
- DEQ_INIT(conn_info_list);
- ct->conn_info_list = conn_info_list;
- ct->conn_index = 1;
- ct->state = CXTR_STATE_INIT;
- ct->lock = sys_mutex();
- ct->conn_msg = (char*) malloc(300);
- memset(ct->conn_msg, 0, 300);
- ct->timer = qd_timer(ct->server->qd, try_open_cb, ct);
- if (!ct->lock || !ct->timer) {
- qd_connector_decref(ct);
- return 0;
- }
- return ct;
+ qd_connector_t *connector = new_qd_connector_t();
+ if (!connector) return 0;
+ ZERO(connector);
+ sys_atomic_init(&connector->ref_count, 1);
+ DEQ_INIT(connector->conn_info_list);
+
+ connector->server = server;
+ connector->conn_index = 1;
+ connector->state = CXTR_STATE_INIT;
+ connector->lock = sys_mutex();
+ if (!connector->lock)
+ goto error;
+ connector->timer = qd_timer(connector->server->qd, try_open_cb, connector);
+ if (!connector->timer)
+ goto error;
+ connector->conn_msg = (char*) malloc(300);
+ if (!connector->conn_msg)
+ goto error;
+ memset(connector->conn_msg, 0, 300);
+ return connector;
+
+error:
Review comment:
Triggered!
goto's for error handling in C code are not evil. In fact, when using an
RAII resource allocation model they simplify the code. For example, if I had
to check every allocation and clean up on each check, you'd get:
`allocate_lock();`
`if (connector->lock) {`
` allocate_timer();`
` if (timer) {`
` allocate conn_msg;`
` if (conn_msg) {`
` memset conn_msg;`
` return connector`
` } else {`
` free_timer();`
` free_lock();`
` } else {`
` free_lock();`
` }`
`}`
`decref();`
`return 0;`
Is that code actually better than the goto version? Now assume you make a
change where you need to allocate something else. In the if case you'll have
to add another level of indentation and update each separate cleanup "else" to
deal with unwinding the new resource.
Google "arrow anti-pattern" for another example.
##########
File path: src/connection_manager.c
##########
@@ -790,6 +790,8 @@ qd_error_t qd_entity_refresh_connector(qd_entity_t* entity,
void *impl)
int i = 1;
int num_items = 0;
+ sys_mutex_lock(ct->lock);
+
Review comment:
Remember the connector will be in the "deleted" state until the related
connection has closed.
Would it be better to report the state as "CLOSING" instead of "DELETED"?
At least if - for whatever reason - the connection hasn't closed we don't
ignore connectors that still exist.
##########
File path: src/server.c
##########
@@ -1155,56 +1156,55 @@ static qd_failover_item_t
*qd_connector_get_conn_info(qd_connector_t *ct) {
/* Timer callback to try/retry connection open */
-static void try_open_lh(qd_connector_t *ct)
+static void try_open_lh(qd_connector_t *connector)
{
- if (ct->state != CXTR_STATE_CONNECTING && ct->state != CXTR_STATE_INIT) {
- /* No longer referenced by pn_connection or timer */
- qd_connector_decref(ct);
+ // Allocate a new connection. No other thread will touch this
+ // connection until pn_proactor_connect is called below
+ qd_connection_t *qd_conn = qd_server_connection(connector->server,
&connector->config);
+ if (!qd_conn) { /* Try again later */
+ qd_log(connector->server->log_source, QD_LOG_CRITICAL, "Allocation
failure connecting to %s",
+ connector->config.host_port);
+ connector->delay = 10000;
+ connector->state = CXTR_STATE_CONNECTING;
Review comment:
It needs to be CONNECTING. The CONNECTING state indicates the timer has
been scheduled (and shouldn't be rescheduled).
FAILED means the connection has dropped and we're waiting for the connection
to be cleaned up before we schedule the timer.
They are two different states - this must be CONNECTING.
##########
File path: src/connection_manager.c
##########
@@ -859,16 +861,23 @@ qd_error_t qd_entity_refresh_connector(qd_entity_t*
entity, void *impl)
case CXTR_STATE_INIT:
state_info = "INITIALIZING";
break;
+ case CXTR_STATE_DELETED:
+ state_info = "DELETED";
+ break;
default:
state_info = "UNKNOWN";
break;
}
if (qd_entity_set_string(entity, "failoverUrls", failover_info) == 0
- && qd_entity_set_string(entity, "connectionStatus", state_info) == 0
- && qd_entity_set_string(entity, "connectionMsg", ct->conn_msg) ==
0)
+ && qd_entity_set_string(entity, "connectionStatus", state_info) == 0
+ && qd_entity_set_string(entity, "connectionMsg", ct->conn_msg) == 0) {
+
+ sys_mutex_unlock(ct->lock);
Review comment:
Yes, I agree. Many changes in this patch is to clarify the code by
replacing variable names like "ct" and "ctx", which are used inconsistently to
sometimes mean "connector" or sometimes mean "qd_connection" with actual
unambiguous names such as "connector" or "qd_conn".
While short names make typing easier, it makes reading the code harder. An
we end up reading the code more often than writing it.
##########
File path: src/alloc_pool.c
##########
@@ -90,7 +90,7 @@ DEQ_DECLARE(qd_alloc_type_t, qd_alloc_type_list_t);
#if QD_MEMORY_STATS
static const char *leaking_types[] = {
// DISPATCH-1679:
- "qd_timer_t", "qd_connector_t",
+ //"qd_timer_t", "qd_connector_t",
Review comment:
Yes that needs to be removed - will do
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Panic in handle due to deleted connector.
> -----------------------------------------
>
> Key: DISPATCH-2046
> URL: https://issues.apache.org/jira/browse/DISPATCH-2046
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Routing Engine
> Affects Versions: 1.15.0
> Reporter: Alex Ward
> Assignee: Ken Giusti
> Priority: Major
> Fix For: 1.17.0
>
>
> I am seeing a segv at line 1063 due to ctx->connector being 0 in
> server.c:handle().
> {code:java}
> (ugdb-x86_64-7.11-261) p ctx
> $6 = (qd_connection_t *) 0x802e55890
> (ugdb-x86_64-7.11-261) p *ctx
> $7 = {prev = 0x8023df490, next = 0x802e7a890, name = 0x0, server =
> 0x80220d0c0, opened = false, closed = false, closed_locally = false, enqueued
> = 0, timer = 0x0, pn_conn = 0x8023ec050, pn_sessions = {0x0 <repeats 15
> times>}, ssl = 0x0, listener = 0x0, connector = 0x0, connector_lock =
> 0x8023e6600, context = 0x0, user_context = 0x0, link_context = 0x0,
> connection_id = 12, user_id = 0x0, free_user_id = false, policy_settings =
> 0x0, n_sessions = 0, n_senders = 0, n_receivers = 0, open_container = 0x0,
> deferred_calls = {head = 0x0, tail = 0x0, scratch = 0x0, size = 0},
> deferred_call_lock = 0x8023e65c0, policy_counted = false, role = 0x801a17660
> "route-container", free_link_session_list = {head = 0x0, tail = 0x0, scratch
> = 0x0, size = 0}, strip_annotations_in = false, strip_annotations_out =
> false, wake = 0x8005d6e20 <connection_wake>, rhost = '\000' <repeats 1024
> times>, rhost_port = '\000' <repeats 1056 times>}
> {code}
> As the comment at the start of handle() states, there is only one event being
> handled at a time, but it doesn’t look like there is anything to stop someone
> clearing ctx->connector between lines 1055 and 1063. The python code seems to
> be coming in and deleting the connector while handle() is using it.
> [https://github.com/apache/qpid-dispatch/blob/main/src/server.c]
> {code:java}
> 989 /* Events involving a connection or listener are serialized by the
> proactor so
> 990 * only one event per connection / listener will be processed at a time.
>
> 991 */
> 992 static bool handle(qd_server_t *qd_server, pn_event_t *e,
> pn_connection_t *pn_conn, qd_connection_t *ctx)
> 993 {
>
> 994 if (pn_conn && qdr_is_authentication_service_connection(pn_conn)) {
>
> 995 qdr_handle_authentication_service_connection_event(e);
>
> 996 return true;
>
> 997 }
>
> 998
>
> 999 switch (pn_event_type(e)) {
> …
> 1051 case PN_TRANSPORT_ERROR:
>
> 1052 {
>
> 1053 pn_transport_t *transport = pn_event_transport(e);
>
> 1054 pn_condition_t* condition = transport ?
> pn_transport_condition(transport) : NULL;
> 1055 if (ctx && ctx->connector) { /* Outgoing connection */
>
> 1056 qd_increment_conn_index(ctx);
>
> 1057 const qd_server_config_t *config =
> &ctx->connector->config;
> 1058 ctx->connector->state = CXTR_STATE_FAILED;
>
> 1059 char conn_msg[300];
>
> 1060 if (condition && pn_condition_is_set(condition)) {
>
> 1061 qd_format_string(conn_msg, 300, "[C%"PRIu64"]
> Connection to %s failed: %s %s", ctx->connection_id, config->host_port,
>
> 1062 pn_condition_get_name(condition),
> pn_condition_get_description(condition));
> 1063 strcpy(ctx->connector->conn_msg, conn_msg);
> {code}
> Another thread is at line 1063 in qd_connection_manager_delete_connector so
> it looks like this thread just cleared ctx->connector that is being used in
> handle. What is meant to be preventing this happening?
> [https://github.com/apache/qpid-dispatch/blob/main/src/connection_manager.c]
> {code:java}
> 1055 void qd_connection_manager_delete_connector(qd_dispatch_t *qd, void
> *impl)
> 1056 {
>
> 1057 qd_connector_t *ct = (qd_connector_t*) impl;
>
> 1058 if (ct) {
>
> 1059 sys_mutex_lock(ct->lock);
>
> 1060 if (ct->ctx) {
>
> 1061 ct->ctx->connector = 0;
>
> 1062 if(ct->ctx->pn_conn)
>
> 1063 qd_connection_invoke_deferred(ct->ctx, deferred_close,
> ct->ctx->pn_conn);
> 1064
>
> 1065 }
>
> 1066 sys_mutex_unlock(ct->lock);
> 1067 DEQ_REMOVE(qd->connection_manager->connectors, ct);
>
> 1068 qd_connector_decref(ct);
>
> 1069 }
>
> 1070 }
> {code}
> Does anyone have any suggestions for how to prevent this? Doesn't look like
> I could use ct->lock in handle().
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
