ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-12-06 17:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't use JobQueue during shutdown (RIPD-1356):

Browse Source 
If the JobQueue is used during shutdown then those Jobs may access
Stoppables after they have already stopped.  This violates the
preconditions of Stoppables and may lead to undefined behavior.

The solution taken here is to reference count all Jobs in the
JobQueue.  At stop time all Jobs already in the JobQueue are
allowed to run to completion, but no further Jobs are allowed
into the JobQueue.

If a Job is rejected from the JobQueue (because we are stopping),
then JobQueue::addJob() returns false, so the caller can make any
necessary adjustments.
This commit is contained in:
Scott Schurr
2017-04-06 17:39:42 -07:00
committed by seelabs
parent fc89d2e014
commit efe3700f70
29 changed files with 652 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/test/core/JobCounter_test.cpp
View File

@@ -20,16 +20,22 @@
#include <BeastConfig.h>
#include <ripple/core/JobCounter.h>
#include <ripple/beast/unit_test.h>
#include <test/jtx/Env.h>
#include <atomic>
#include <chrono>
#include <thread>
namespace ripple {
namespace test {
//------------------------------------------------------------------------------
class JobCounter_test : public beast::unit_test::suite
{
// We're only using Env for its Journal.
jtx::Env env {*this};
beast::Journal j {env.app().journal ("JobCounter_test")};
void testWrap()
{
// Verify reference counting.
@@ -41,8 +47,8 @@ class JobCounter_test : public beast::unit_test::suite
// wrapped1 should be callable with a Job.
{
Job j;
(*wrapped1)(j);
Job job;
(*wrapped1)(job);
}
{
// Copy should increase reference count.
@@ -66,7 +72,8 @@ class JobCounter_test : public beast::unit_test::suite
BEAST_EXPECT (jobCounter.count() == 0);
// Join with 0 count should not stall.
jobCounter.join();
using namespace std::chrono_literals;
jobCounter.join("testWrap", 1ms, j);
// Wrapping a Job after join() should return boost::none.
BEAST_EXPECT (jobCounter.wrap ([] (Job&) {}) == boost::none);
@@ -83,21 +90,22 @@ class JobCounter_test : public beast::unit_test::suite
// Calling join() now should stall, so do it on a different thread.
std::atomic<bool> threadExited {false};
std::thread localThread ([&jobCounter, &threadExited] ()
std::thread localThread ([&jobCounter, &threadExited, this] ()
{
// Should stall after calling join.
jobCounter.join();
using namespace std::chrono_literals;
jobCounter.join("testWaitOnJoin", 1ms, j);
threadExited.store (true);
});
// Wait for the thread to call jobCounter.join().
while (! jobCounter.joined());
// The thread should still be active after waiting a millisecond.
// The thread should still be active after waiting 5 milliseconds.
// This is not a guarantee that join() stalled the thread, but it
// improves confidence.
using namespace std::chrono_literals;
std::this_thread::sleep_for (1ms);
std::this_thread::sleep_for (5ms);
BEAST_EXPECT (threadExited == false);
// Destroy the Job and expect the thread to exit (asynchronously).
@@ -119,4 +127,5 @@ public:
BEAST_DEFINE_TESTSUITE(JobCounter, core, ripple);
}
} // test
} // ripple

154
src/test/core/JobQueue_test.cpp Normal file
View File

@@ -0,0 +1,154 @@
//------------------------------------------------------------------------------
/*
This file is part of rippled: https://github.com/ripple/rippled
Copyright (c) 2017 Ripple Labs Inc.
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
//==============================================================================
#include <BeastConfig.h>
#include <ripple/core/JobQueue.h>
#include <ripple/beast/unit_test.h>
#include <test/jtx/Env.h>
namespace ripple {
namespace test {
//------------------------------------------------------------------------------
class JobQueue_test : public beast::unit_test::suite
{
void testAddJob()
{
jtx::Env env {*this};
JobQueue& jQueue = env.app().getJobQueue();
{
// addJob() should run the Job (and return true).
std::atomic<bool> jobRan {false};
BEAST_EXPECT (jQueue.addJob (jtCLIENT, "JobAddTest1",
[&jobRan] (Job&) { jobRan = true; }) == true);
// Wait for the Job to run.
while (jobRan == false);
}
{
// If the JobQueue's JobCounter is join()ed we should no
// longer be able to add Jobs (and calling addJob() should
// return false).
using namespace std::chrono_literals;
beast::Journal j {env.app().journal ("JobQueue_test")};
JobCounter& jCounter = jQueue.jobCounter();
jCounter.join("JobQueue_test", 1s, j);
// The Job should never run, so having the Job access this
// unprotected variable on the stack should be completely safe.
// Not recommended for the faint of heart...
bool unprotected;
BEAST_EXPECT (jQueue.addJob (jtCLIENT, "JobAddTest2",
[&unprotected] (Job&) { unprotected = false; }) == false);
}
}
void testPostCoro()
{
jtx::Env env {*this};
JobQueue& jQueue = env.app().getJobQueue();
{
// Test repeated post()s until the Coro completes.
std::atomic<int> yieldCount {0};
auto const coro = jQueue.postCoro (jtCLIENT, "PostCoroTest1",
[&yieldCount] (std::shared_ptr<JobQueue::Coro> const& coroCopy)
{
while (++yieldCount < 4)
coroCopy->yield();
});
BEAST_EXPECT (coro != nullptr);
// Wait for the Job to run and yield.
while (yieldCount == 0);
// Now re-post until the Coro says it is done.
int old = yieldCount;
while (coro->runnable())
{
BEAST_EXPECT (coro->post());
while (old == yieldCount) { }
coro->join();
BEAST_EXPECT (++old == yieldCount);
}
BEAST_EXPECT (yieldCount == 4);
}
{
// Test repeated resume()s until the Coro completes.
int yieldCount {0};
auto const coro = jQueue.postCoro (jtCLIENT, "PostCoroTest2",
[&yieldCount] (std::shared_ptr<JobQueue::Coro> const& coroCopy)
{
while (++yieldCount < 4)
coroCopy->yield();
});
if (! coro)
{
// There's no good reason we should not get a Coro, but we
// can't continue without one.
BEAST_EXPECT (false);
return;
}
// Wait for the Job to run and yield.
coro->join();
// Now resume until the Coro says it is done.
int old = yieldCount;
while (coro->runnable())
{
coro->resume(); // Resume runs synchronously on this thread.
BEAST_EXPECT (++old == yieldCount);
}
BEAST_EXPECT (yieldCount == 4);
}
{
// If the JobQueue's JobCounter is join()ed we should no
// longer be able to add a Coro (and calling postCoro() should
// return false).
using namespace std::chrono_literals;
beast::Journal j {env.app().journal ("JobQueue_test")};
JobCounter& jCounter = jQueue.jobCounter();
jCounter.join("JobQueue_test", 1s, j);
// The Coro should never run, so having the Coro access this
// unprotected variable on the stack should be completely safe.
// Not recommended for the faint of heart...
bool unprotected;
auto const coro = jQueue.postCoro (jtCLIENT, "PostCoroTest3",
[&unprotected] (std::shared_ptr<JobQueue::Coro> const&)
{ unprotected = false; });
BEAST_EXPECT (coro == nullptr);
}
}
public:
void run()
{
testAddJob();
testPostCoro();
}
};
BEAST_DEFINE_TESTSUITE(JobQueue, core, ripple);
} // test
} // ripple

1
src/test/unity/core_test_unity.cpp
View File

@@ -23,6 +23,7 @@
#include <test/core/CryptoPRNG_test.cpp>
#include <test/core/DeadlineTimer_test.cpp>
#include <test/core/JobCounter_test.cpp>
#include <test/core/JobQueue_test.cpp>
#include <test/core/SociDB_test.cpp>
#include <test/core/Stoppable_test.cpp>
#include <test/core/TerminateHandler_test.cpp>