qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-1571) The ssl C++ example appears leaky, proton::listener does not have a destructor
Date Fri, 06 Oct 2017 20:12:00 GMT

    [ https://issues.apache.org/jira/browse/PROTON-1571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16195183#comment-16195183
] 

ASF subversion and git services commented on PROTON-1571:
---------------------------------------------------------

Commit 3e4b963a6c77723dd1796fe64af970d87b239d36 in qpid-proton's branch refs/heads/master
from [~aconway]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=3e4b963 ]

PROTON-1571: c++: ssl example is leaky

Nothing to do with SSL, the problem was the example code throwing from an event
handling function. We should not leak even in this case, but I will raise a
separate issue.

Made the following positive  changes while investigating:
- Added trival copy/assign/dtor to proton::listener as future-proofing.
- Added C TLS tests to proactor.c


> The ssl C++ example appears leaky, proton::listener does not have a destructor
> ------------------------------------------------------------------------------
>
>                 Key: PROTON-1571
>                 URL: https://issues.apache.org/jira/browse/PROTON-1571
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: cpp-binding, examples
>    Affects Versions: proton-c-0.18.0
>         Environment: commit e631bf6b11960d9687d42dfdde1ff4c65804981c (upstream/master)
> Author: Andrew Stitcher <astitcher@apache.org>
> Date:   Thu Aug 31 17:31:17 2017 -0400
>     PROTON-1567: Implement failover urls
>     - Example "reliable" client sending and receiving messages
>     - Also add jitter to retry backoff (with C++11
>            Reporter: Jiri Daněk
>            Assignee: Alan Conway
>             Fix For: proton-c-0.18.0
>
>
> After applying the following patch (to rin in a loop multiple times and to log RSS and
VSS (the last two columns))
> {code}
> diff --git a/examples/cpp/ssl.cpp b/examples/cpp/ssl.cpp
> index 99ceb4aa..f5864f42 100644
> --- a/examples/cpp/ssl.cpp
> +++ b/examples/cpp/ssl.cpp
> @@ -37,6 +37,9 @@
>  
>  #include "fake_cpp11.hpp"
>  
> +#include <stdlib.h>
> +#include <unistd.h>
> +
>  using proton::connection_options;
>  using proton::ssl_client_options;
>  using proton::ssl_server_options;
> @@ -178,8 +181,21 @@ int main(int argc, char **argv) {
>          if (verify != verify_noname && verify != verify_full && verify
!= verify_fail)
>              throw std::runtime_error("bad verify argument: " + verify);
>  
> -        hello_world_direct hwd(address);
> -        proton::default_container(hwd).run();
> +        for (int i = 0; i < 10000; i++) {
> +        try {
> +            hello_world_direct hwd(address);
> +            proton::default_container(hwd).run();
> +        } catch (const std::exception& e) {
> +            if (verify_failed) {
> +                if (verify == verify_fail) {
> +                    std::cout << "Expected failure of connection with wrong peer
name: " << e.what() << std::endl;
> +                }
> +            }
> +        }
> +        int ret = system("ps -eo pmem,comm,pid,maj_flt,min_flt,rss,vsz | grep ssl");
> +        (void)ret;
> +//         sleep(1);
> +        }
>          return 0;
>      } catch (const std::exception& e) {
>          if (verify_failed) {
> {code}
> and normal compilation,
> {{CFLAGS=-g cmake .. -DBUILD_GO=OFF -DENABLE_VALGRIND=OFF -DCMAKE_BUILD_TYPE=Release
-GNijna}}
> run the example and observe that with {{-v fail}}, the RSS grows, while without it, it
seems to keep steady. This to me suggests that either the binding does not properly handle
failures, or that the example itself does not.
> {noformat}
> $ examples/cpp/ssl -a amqps://localhost:46085/examples -c /home/jdanek/Work/repos/qpid-proton/examples/cpp/ssl_certs
-v fail
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0    378  6892  35928
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0    475  7124  36344
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0    572  7500  36756
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0    669  7736  37160
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0    773  7828  37444
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0    874  8192  37860
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0    972  8292  38272
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0   1074  8684  38664
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0   1175  8776  38936
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0   1274  9164  39336
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0   1375  9268  39752
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0   1476  9632  40164
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0   1575  9864  40568
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0   1677  9956  40852
> Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL
Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
>  0.0 ssl             29657      0   1778 10320  41268
> {noformat}
> {noformat}
> [nix-shell:~/Work/repos/qpid-proton/build]$ examples/cpp/ssl -a amqps://localhost:46085/examples
-c /home/jdanek/Work/repos/qpid-proton/examples/cpp/ssl_certs
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0    377  6824  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0    471  6864  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0    554  6948  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0    637  6988  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0    720  6988  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0    803  6988  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0    886  6988  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0    969  6988  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0   1063  6992  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0   1157  7000  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0   1244  7000  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0   1327  7000  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0   1410  7000  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0   1493  7000  35928
> Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
> Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
> Hello World!
>  0.0 ssl             29707      0   1576  7000  35928
> {noformat}
> With one loop through the for and running under valgrind, it shows leak in pn_listener.
I think that either the example should free the listener, or the C++ binding should have a
destructor in proton::listener object to take care of it. The first solution would be more
flexible, the second is more C++ style, RAII, I mean.
> {noformat}
> valgrind --leak-check=full examples/cpp/ssl -a amqps://localhost:46085/examples -c /home/jdanek/Work/repos/qpid-proton/examples/cpp/ssl_certs
-v fail
> [...]
> ==29439== HEAP SUMMARY:
> ==29439==     in use at exit: 472,452 bytes in 4,340 blocks
> ==29439==   total heap usage: 17,516 allocs, 13,176 frees, 2,003,666 bytes allocated
> ==29439== 
> ==29439== 373,692 (208 direct, 373,484 indirect) bytes in 1 blocks are definitely lost
in loss record 1,583 of 1,583
> ==29439==    at 0x4C2DBD5: calloc (in /nix/store/gv9x2j31hvn0wf37h4jmb9xz6vgc3vvv-valgrind-3.12.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==29439==    by 0x509128F: pn_listener (epoll.c:1339)
> ==29439==    by 0x4E6017B: proton::container::impl::listen_common_lh(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&) (in /home/jdanek/Work/repos/qpid-proton/build/proton-c/bindings/cpp/libqpid-proton-cpp.so.11.0.0)
> ==29439==    by 0x4E60348: proton::container::impl::listen(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&) (in /home/jdanek/Work/repos/qpid-proton/build/proton-c/bindings/cpp/libqpid-proton-cpp.so.11.0.0)
> ==29439==    by 0x408256: hello_world_direct::on_container_start(proton::container&)
(in /home/jdanek/Work/repos/qpid-proton/build/examples/cpp/ssl)
> ==29439==    by 0x5DA4EA8: __pthread_once_slow (in /nix/store/l48biijfr1j6d5kdg911051x2phfjrz7-glibc-2.25/lib/libpthread-2.25.so)
> ==29439==    by 0x4E62CD9: void std::call_once<void (proton::container::impl::*)(),
proton::container::impl*>(std::once_flag&, void (proton::container::impl::*&&)(),
proton::container::impl*&&) (in /home/jdanek/Work/repos/qpid-proton/build/proton-c/bindings/cpp/libqpid-proton-cpp.so.11.0.0)
> ==29439==    by 0x4E6223F: proton::container::impl::run(int) (in /home/jdanek/Work/repos/qpid-proton/build/proton-c/bindings/cpp/libqpid-proton-cpp.so.11.0.0)
> ==29439==    by 0x4062BB: main (in /home/jdanek/Work/repos/qpid-proton/build/examples/cpp/ssl)
> ==29439== 
> ==29439== LEAK SUMMARY:
> ==29439==    definitely lost: 208 bytes in 1 blocks
> ==29439==    indirectly lost: 373,484 bytes in 1,056 blocks
> ==29439==      possibly lost: 0 bytes in 0 blocks
> ==29439==    still reachable: 98,760 bytes in 3,283 blocks
> ==29439==         suppressed: 0 bytes in 0 blocks
> ==29439== Reachable blocks (those to which a pointer was found) are not shown.
> [..]
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message