c++代码,程序偶尔有pure virtual method called打印
参考链接二有一个复现场景
找这种场景就可以了
真是惊奇,这种场景我以为编译器会抓到
这段代码是研究 folly发现的 源代码在这里
前提: 方法
class Widget {
private:
void forbidden();
};
访问
void hijack(Widget& w) {
w.forbidden(); // ERROR!
}
In function 'void hijack(Widget&)':
error: 'void Widget::forbidden()' is private
within this context
| w.forbidden();
|
解决思路
比如
class Calculator {
float current_val = 0.f;
public:
void clear_value() { current_val = 0.f; };
float value() const {
return current_val;
};
void add(float x) { current_val += x; };
void multiply(float x) { current_val *= x; };
};
using Operation = void (Calculator::*)(float);
Operation op1 = &Calculator::add;
Operation op2 = &Calculator::multiply;
Calculator calc{};
(calc.*op1)(123.0f); // Calls add
(calc.*op2)(10.0f); // Calls multiply
class Widget {
public:
static auto forbidden_fun() {
return &Widget::forbidden;
}
private:
void forbidden();
};
void hijack(Widget& w) {
using ForbiddenFun = void (Widget::*)();
ForbiddenFun const forbidden_fun = Widget::forbidden_fun();
// Calls a private member function on the Widget
// instance passed in to the function.
(w.*forbidden_fun)();
}
但是一般函数是不会这么设计API的,太傻逼了,那怎么搞?
The C++17 standard contains the following paragraph (with the parts of interest to us marked in bold):
17.7.2 (item 12)
The usual access checking rules do not apply to names used to specify explicit instantiations. [Note: In particular, the template arguments and names used in the function declarator (including parameter types, return types and exception specifications) may be private types or objects which would normally not be accessible and the template may be a member template or member function which would not normally be accessible.]
重点 显式实例化
// The first template parameter is the type
// signature of the pointer-to-member-function.
// The second template parameter is the pointer
// itself.
template <
typename ForbiddenFun,
ForbiddenFun forbidden_fun
>
struct HijackImpl {
static void apply(Widget& w) {
// Calls a private method of Widget
(w.*forbidden_fun)();
}
};
// Explicit instantiation is allowed to refer to
// `Widget::forbidden` in a scope where it's not
// normally permissible.
template struct HijackImpl<
decltype(&Widget::forbidden),
&Widget::forbidden
>;
void hijack(Widget& w) {
HijackImpl<decltype(&Widget::forbidden), &Widget::forbidden>::apply(w);
}
但是还是报错,理论上可行,但实际上还是会提示私有,原因在于HijackImpl不是显式实例化
// HijackImpl is the mechanism for injecting the
// private member function pointer into the
// hijack function.
template <
typename ForbiddenFun,
ForbiddenFun forbidden_fun
>
class HijackImpl {
// Definition of free function inside the class
// template to give it access to the
// forbidden_fun template argument.
// Marking hijack as a friend prevents it from
// becoming a member function.
friend void hijack(Widget& w) {
(w.*forbidden_fun)();
}
};
// Declaration in the enclosing namespace to make
// hijack available for name lookup.
void hijack(Widget& w);
// Explicit instantiation of HijackImpl template
// bypasses access controls in the Widget class.
template class
HijackImpl<
decltype(&Widget::forbidden),
&Widget::forbidden
>;
总结这几条
还有一个最终的问题,实现和实例化都在头文件,在所有的编译单元(translation units, TU)里, 显式实例化只能是一个,否则会报mutiple 链接错误,如何保证?
folly的做法,加个匿名tag,这样每个TU的符号名都不一样,最终方案如下
namespace {
// This is a *different* type in every translation
// unit because of the anonymous namespace.
struct TranslationUnitTag {};
}
void hijack(Widget& w);
template <
typename Tag,
typename ForbiddenFun,
ForbiddenFun forbidden_fun
>
class HijackImpl {
friend void hijack(Widget& w) {
(w.*forbidden_fun)();
}
};
// Every translation unit gets its own unique
// explicit instantiation because of the
// guaranteed-unique tag parameter.
template class HijackImpl<
TranslationUnitTag,
decltype(&Widget::forbidden),
&Widget::forbidden
>;
https://rigtorp.se/spinlock/
不多说,上代码
struct alignas(64) spinlock {
std::atomic<bool> lock_ = {0};
void lock() noexcept {
for (;;) {
// Optimistically assume the lock is free on the first try
if (!lock_.exchange(true, std::memory_order_acquire)) {
return;
}
// Wait for lock to be released without generating cache misses
while (lock_.load(std::memory_order_relaxed)) {
// Issue X86 PAUSE or ARM YIELD instruction to reduce contention between
// hyper-threads
__builtin_ia32_pause();
}
}
}
bool try_lock() noexcept {
// First do a relaxed load to check if lock is free in order to prevent
// unnecessary cache misses if someone does while(!try_lock())
return !lock_.load(std::memory_order_relaxed) &&
!lock_.exchange(true, std::memory_order_acquire);
}
void unlock() noexcept {
lock_.store(false, std::memory_order_release);
}
};
Ticket spinlocks
https://mfukar.github.io/2017/09/08/ticketspinlock.html
struct TicketSpinLock {
/**
* Attempt to grab the lock:
* 1. Get a ticket number
* 2. Wait for it
*/
void enter() {
const auto ticket = next_ticket.fetch_add(1, std::memory_order_relaxed);
while (true) {
const auto currently_serving = now_serving.load(std::memory_order_acquire);
if (currently_serving == ticket) {
break;
}
const size_t previous_ticket = ticket - currently_serving;
const size_t delay_slots = BACKOFF_MIN * previous_ticket;
while (delay_slots--) {
spin_wait();
}
}
}
static inline void spin_wait(void) {
#if (COMPILER == GCC || COMPILER == LLVM)
/* volatile here prevents the asm block from being moved by the optimiser: */
asm volatile("pause" ::: "memory");
#elif (COMPILER == MVCC)
__mm_pause();
#endif
}
/**
* Since we're in the critical section, no one can modify `now_serving`
* but this thread. We just want the update to be atomic. Therefore we can use
* a simple store instead of `now_serving.fetch_add()`:
*/
void leave() {
const auto successor = now_serving.load(std::memory_order_relaxed) + 1;
now_serving.store(successor, std::memory_order_release);
}
/* These are aligned on a cache line boundary in order to avoid false sharing: */
alignas(CACHELINE_SIZE) std::atomic_size_t now_serving = {0};
alignas(CACHELINE_SIZE) std::atomic_size_t next_ticket = {0};
};
static_assert(sizeof(TicketSpinLock) == 2*CACHELINE_SIZE,
"TicketSpinLock members may not be aligned on a cache-line boundary");
傻逼jenkins
不知道平台的人把jenkins怎么了,可能是升级了。能用内置CI还是不要用第三方组件,真是闹心
不止这一个命令,git rm都会乱码,我还以为是脚本隐藏了不可见字符,改了半天啊不好使
然后猜测是有中文注释的原因,去掉,依旧不行
最后发现参考链接1 在脚本前加一行
export LANG="en_US.UTF-8"
PATH被清空了。在脚本前加上PATH定义即可
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
asan常见的 抓错报告 编译带上 -fsanitize=address 链接带上 -lasan
R: AddressSanitizer: global-buffer-overflow on address 0x000000a8f8ff at pc 0x7ff6eafde870 bp 0x7ffc75471220 sp 0x7ffc754709d0 READ of size 49 at 0x000000a8f8ff thread T0 #0 0x7ff6eafde86f in __interceptor_memcmp ../../../../gcc-5.4.0/libsanitizer/asan/asan_interceptors.cc:333
注意memcmp的第三个参数,取两个字符串中最小的长度
相关概念 OOB memory access
assert(n == strlen(val)); AddressSanitizer: heap-buffer-overflow
可能字符串没有分配’\0’的空间,用strlen会导致堆空间越界
这个rocksdb的报错。 搜了一圈,二进制是jemalloc编的,和asan和rocksdb 有冲突产生的报错。临时禁止掉
ASAN_OPTIONS=check_malloc_usable_size=0
重编二进制,不带jemalloc,好使了
AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned: 0x7f121aed6000
#0 0x7f121f506990 in __interceptor_malloc_usable_size ../../../../gcc-5.4.0/libsanitizer/asan/asan_malloc_linux.cc:104
#1 0x8c7929 in rocksdb::Arena::AllocateNewBlock(unsigned long) util/arena.cc:221
#2 0x8c79c4 in rocksdb::Arena::AllocateFallback(unsigned long, bool) util/arena.cc:114
#3 0x8df67a in rocksdb::LogBuffer::AddLogToBuffer(unsigned long, char const*, __va_list_tag*) util/log_buffer.cc:24
#4 0x8df8c8 in rocksdb::LogToBuffer(rocksdb::LogBuffer*, char const*, ...) util/log_buffer.cc:88
#5 0x749300 in rocksdb::DBImpl::FlushMemTableToOutputFile(rocksdb::ColumnFamilyData*, rocksdb::MutableCFOptions const&, bool*, rocksdb::JobContext*, rocksdb::SuperVersionContext*, rocksdb::LogBuffer*) db/db_impl_compaction_flush.cc:183
#6 0x74c1f4 in rocksdb::DBImpl::FlushMemTablesToOutputFiles(rocksdb::autovector<rocksdb::DBImpl::BGFlushArg, 8ul> const&, bool*, rocksdb::JobContext*, rocksdb::LogBuffer*) db/db_impl_compaction_flush.cc:229
#7 0x74d3b0 in rocksdb::DBImpl::BackgroundFlush(bool*, rocksdb::JobContext*, rocksdb::LogBuffer*, rocksdb::FlushReason*) db/db_impl_compaction_flush.cc:2025
#8 0x74da4f in rocksdb::DBImpl::BackgroundCallFlush() db/db_impl_compaction_flush.cc:2059
#9 0x8e8a27 in std::function<void ()>::operator()() const /usr/local/include/c++/5.4.0/functional:2267
#10 0x8e8a27 in rocksdb::ThreadPoolImpl::Impl::BGThread(unsigned long) util/threadpool_imp.cc:265
#11 0x8e8c0e in rocksdb::ThreadPoolImpl::Impl::BGThreadWrapper(void*) util/threadpool_imp.cc:303
#12 0x7f121e1fb8ef in execute_native_thread_routine ../../../../../gcc-5.4.0/libstdc++-v3/src/c++11/thread.cc:84
#13 0x7f121dd19dc4 in start_thread (/lib64/libpthread.so.0+0x7dc4)
#14 0x7f121da477fc in __clone (/lib64/libc.so.6+0xf67fc)
AddressSanitizer can not describe address in more detail (wild memory access suspected).
SUMMARY: AddressSanitizer: bad-malloc_usable_size ../../../../gcc-5.4.0/libsanitizer/asan/asan_malloc_linux.cc:104 __interceptor_malloc_usable_size
Thread T2 created by T0 here:
#0 0x7f121f4a80d4 in __interceptor_pthread_create ../../../../gcc-5.4.0/libsanitizer/asan/asan_interceptors.cc:179
#1 0x7f121e1fba32 in __gthread_create /home/vdb/gcc-5.4-build/x86_64-unknown-linux-gnu/libstdc++-v3/include/x86_64-unknown-linux-gnu/bits/gthr-default.h:662
#2 0x7f121e1fba32 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) ../../../../../gcc-5.4.0/libstdc++-v3/src/c++11/thread.cc:149
fd数目有没有上涨?
lsof -n|awk '{print $2}'| sort | uniq -c | sort -nr | head
20个最高fd线程
for x in `ps -eF| awk '{ print $2 }'`;do echo `ls /proc/$x/fd 2> /dev/null | wc -l` $x `cat /proc/$x/cmdline 2> /dev/null`;done | sort -n -r | head -n 20
具体到进程
ll /proc/pid/fd | wc -l
fd都用来干啥了
strace -p pid -f -e read,write,close