[ace-bugs] ACE Bug report: file descriptor handling in Select_Reactor_Base.cpp

Johnny Willemsen jwillemsen at remedy.nl
Fri Jun 2 01:11:21 CDT 2017 

Hi,

Thanks for using the PRF form. Please also provide an extension or new
unit test under ACE_wrappers/tests that reproduces this issue. For the
test extension and the patch you can open a new pull request at
https://github.com/DOCGroup/ACE_TAO

Best regards,

Johnny Willemsen

Remedy IT
Postbus 81 | 6930 AB Westervoort | The Netherlands
http://www.remedy.nl

On 06/02/2017 01:48 AM, Paul Sheer wrote:
> Dear ACE team,
>
> Please see the below bug and fix for ACE. We are using ACE in a
> critical national-infrastructure-level software project and for each
> new release of ACE we need to apply the below patch to avoid an
> extremely obscure and rarely-occurring TOTAL LOCKUP of our
> application. Therefore please take this bug seriously. I am unable to
> discuss this bug by email, but I will offer my phone number to anyone
> that wishes an explanation if it is not clear from the text below. I
> have previously reported this, and my request was ignored. Here is a
> bug report about this from ACE 5.4.2 from 2004:
> https://groups.yahoo.com/neo/groups/ace-users/conversations/topics/39957
>
> This fix below has been in our live software for some years now.
>
>
>     ACE VERSION: 6.4.0
>
>     HOST MACHINE and OPERATING SYSTEM: Linux/x86, ALL
>
>     TARGET MACHINE and OPERATING SYSTEM, if different from HOST:
>     COMPILER NAME AND VERSION (AND PATCHLEVEL):  Linux/x86, ALL
>
>     THE $ACE_ROOT/ace/config.h FILE:  N/A
>
>     THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE:   N/A
>
>     CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/default.features
>     (used by MPC when you generate your own makefiles):  N/A
>
>     AREA/CLASS/EXAMPLE AFFECTED: No examples failed
>
>     DOES THE PROBLEM AFFECT:
>         COMPILATION?  No
>         LINKING?    No
>             On Unix systems, did you run make realclean first?  Yes
>         EXECUTION?   Yes
>         OTHER (please specify)?   Corner case bug in file descriptor
> handling, see below.
>
>     SYNOPSIS:
>
> File descriptor sets become corrupted within ACE.
>
>
>     DESCRIPTION:
>
> Under certain combinations of adding and removing handlers to file
> descriptors, adding/removing enabling/disabling callbacks, ACE can
> fail to respond to a file descriptor -- activity on the file descriptor is
> ignored by ACE.
>
>
>     REPEAT BY:
>
> To reproduce remove an intermediate file handle below the max.
> See code below for the obvious logical error.
>
> See https://groups.yahoo.com/neo/groups/ace-users/conversations/topics/39957
>
> See code comments.
>
>
>
>     SAMPLE FIX/WORKAROUND:
>
> See following patch:
>
> ------------patch-------------
> --- Select_Reactor_Base.cpp	2016-11-09 16:18:15.183904489 -0500
> +++ Select_Reactor_Base.cpp-new	2016-11-09 16:19:23.918035481 -0500
> @@ -334,20 +334,22 @@
>    if (!has_any_wait_mask && !has_any_suspend_mask)
>      {
>  #if defined (ACE_WIN32)
>        if (event_handler != 0 && this->event_handlers_.unbind (pos) == -1)
>          return -1;  // Should not happen!
>  #else
>        this->event_handlers_[handle] = 0;
>
>        if (this->max_handlep1_ == handle + 1)
>          {
> +          ACE_HANDLE save_max_handle = this->max_handlep1_;
> +
>            // We've deleted the last entry, so we need to figure out
>            // the last valid place in the array that is worth looking
>            // at.
>            ACE_HANDLE const wait_rd_max =
>              this->select_reactor_.wait_set_.rd_mask_.max_set ();
>            ACE_HANDLE const wait_wr_max =
>              this->select_reactor_.wait_set_.wr_mask_.max_set ();
>            ACE_HANDLE const wait_ex_max =
>              this->select_reactor_.wait_set_.ex_mask_.max_set ();
>
> @@ -365,21 +367,44 @@
>            if (this->max_handlep1_ < wait_ex_max)
>              this->max_handlep1_ = wait_ex_max;
>
>            if (this->max_handlep1_ < suspend_rd_max)
>              this->max_handlep1_ = suspend_rd_max;
>            if (this->max_handlep1_ < suspend_wr_max)
>              this->max_handlep1_ = suspend_wr_max;
>            if (this->max_handlep1_ < suspend_ex_max)
>              this->max_handlep1_ = suspend_ex_max;
>
> +
>            ++this->max_handlep1_;
> +
> +
> +// This is fixed here by Paul Sheer ==============>
> +//
> +// At this point there may exist a non-NULL event_handlers_[x] where
> +// x >= this->max_handlep1_ .
> +//
> +// To fix this bug we simply scan for non-NULL handlers and
> +// increase this->max_handlep1_ as appropriate.
> +
> +          if (save_max_handle > this->max_handlep1_)
> +            {
> +              ACE_HANDLE i;
> +              for (i = save_max_handle - 1; i > this->max_handlep1_ - 1; i--)
> +                {
> +                  if (this->event_handlers_[i] != NULL)
> +                    {
> +                      this->max_handlep1_ = i + 1;
> +                      break;
> +                    }
> +                }
> +            }
>          }
>
>  #endif /* ACE_WIN32 */
>
>        // The handle has been completely removed.
>        complete_removal = true;
>      }
>
>    if (event_handler == 0)
>      return -1;
> ------------end-patch---------------
>
>
> _______________________________________________
> ace-bugs mailing list
> ace-bugs at list.isis.vanderbilt.edu
> http://list.isis.vanderbilt.edu/cgi-bin/mailman/listinfo/ace-bugs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.isis.vanderbilt.edu/pipermail/ace-bugs/attachments/20170602/821c4681/attachment.html>

More information about the ace-bugs mailing list