Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-1571

The ssl C++ example appears leaky, proton::listener does not have a destructor

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: proton-c-0.18.0
    • Fix Version/s: proton-c-0.18.0
    • Component/s: cpp-binding, examples
    • Labels:
      None
    • Environment:

      Description

      After applying the following patch (to rin in a loop multiple times and to log RSS and VSS (the last two columns))

      diff --git a/examples/cpp/ssl.cpp b/examples/cpp/ssl.cpp
      index 99ceb4aa..f5864f42 100644
      --- a/examples/cpp/ssl.cpp
      +++ b/examples/cpp/ssl.cpp
      @@ -37,6 +37,9 @@
       
       #include "fake_cpp11.hpp"
       
      +#include <stdlib.h>
      +#include <unistd.h>
      +
       using proton::connection_options;
       using proton::ssl_client_options;
       using proton::ssl_server_options;
      @@ -178,8 +181,21 @@ int main(int argc, char **argv) {
               if (verify != verify_noname && verify != verify_full && verify != verify_fail)
                   throw std::runtime_error("bad verify argument: " + verify);
       
      -        hello_world_direct hwd(address);
      -        proton::default_container(hwd).run();
      +        for (int i = 0; i < 10000; i++) {
      +        try {
      +            hello_world_direct hwd(address);
      +            proton::default_container(hwd).run();
      +        } catch (const std::exception& e) {
      +            if (verify_failed) {
      +                if (verify == verify_fail) {
      +                    std::cout << "Expected failure of connection with wrong peer name: " << e.what() << std::endl;
      +                }
      +            }
      +        }
      +        int ret = system("ps -eo pmem,comm,pid,maj_flt,min_flt,rss,vsz | grep ssl");
      +        (void)ret;
      +//         sleep(1);
      +        }
               return 0;
           } catch (const std::exception& e) {
               if (verify_failed) {
      

      and normal compilation,

      CFLAGS=-g cmake .. -DBUILD_GO=OFF -DENABLE_VALGRIND=OFF -DCMAKE_BUILD_TYPE=Release -GNijna

      run the example and observe that with -v fail, the RSS grows, while without it, it seems to keep steady. This to me suggests that either the binding does not properly handle failures, or that the example itself does not.

      $ examples/cpp/ssl -a amqps://localhost:46085/examples -c /home/jdanek/Work/repos/qpid-proton/examples/cpp/ssl_certs -v fail
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0    378  6892  35928
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0    475  7124  36344
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0    572  7500  36756
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0    669  7736  37160
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0    773  7828  37444
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0    874  8192  37860
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0    972  8292  38272
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0   1074  8684  38664
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0   1175  8776  38936
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0   1274  9164  39336
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0   1375  9268  39752
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0   1476  9632  40164
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0   1575  9864  40568
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0   1677  9956  40852
      Expected failure of connection with wrong peer name: amqp:connection:framing-error: SSL Failure: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
       0.0 ssl             29657      0   1778 10320  41268
      
      [nix-shell:~/Work/repos/qpid-proton/build]$ examples/cpp/ssl -a amqps://localhost:46085/examples -c /home/jdanek/Work/repos/qpid-proton/examples/cpp/ssl_certs
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0    377  6824  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0    471  6864  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0    554  6948  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0    637  6988  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0    720  6988  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0    803  6988  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0    886  6988  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0    969  6988  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0   1063  6992  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0   1157  7000  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0   1244  7000  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0   1327  7000  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0   1410  7000  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0   1493  7000  35928
      Inbound server connection connected via SSL.  Protocol: TLSv1/SSLv3
      Outgoing client connection connected via SSL.  Server certificate identity CN=test_server
      Hello World!
       0.0 ssl             29707      0   1576  7000  35928
      

      With one loop through the for and running under valgrind, it shows leak in pn_listener. I think that either the example should free the listener, or the C++ binding should have a destructor in proton::listener object to take care of it. The first solution would be more flexible, the second is more C++ style, RAII, I mean.

      valgrind --leak-check=full examples/cpp/ssl -a amqps://localhost:46085/examples -c /home/jdanek/Work/repos/qpid-proton/examples/cpp/ssl_certs -v fail
      
      [...]
      
      ==29439== HEAP SUMMARY:
      ==29439==     in use at exit: 472,452 bytes in 4,340 blocks
      ==29439==   total heap usage: 17,516 allocs, 13,176 frees, 2,003,666 bytes allocated
      ==29439== 
      ==29439== 373,692 (208 direct, 373,484 indirect) bytes in 1 blocks are definitely lost in loss record 1,583 of 1,583
      ==29439==    at 0x4C2DBD5: calloc (in /nix/store/gv9x2j31hvn0wf37h4jmb9xz6vgc3vvv-valgrind-3.12.0/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==29439==    by 0x509128F: pn_listener (epoll.c:1339)
      ==29439==    by 0x4E6017B: proton::container::impl::listen_common_lh(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (in /home/jdanek/Work/repos/qpid-proton/build/proton-c/bindings/cpp/libqpid-proton-cpp.so.11.0.0)
      ==29439==    by 0x4E60348: proton::container::impl::listen(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (in /home/jdanek/Work/repos/qpid-proton/build/proton-c/bindings/cpp/libqpid-proton-cpp.so.11.0.0)
      ==29439==    by 0x408256: hello_world_direct::on_container_start(proton::container&) (in /home/jdanek/Work/repos/qpid-proton/build/examples/cpp/ssl)
      ==29439==    by 0x5DA4EA8: __pthread_once_slow (in /nix/store/l48biijfr1j6d5kdg911051x2phfjrz7-glibc-2.25/lib/libpthread-2.25.so)
      ==29439==    by 0x4E62CD9: void std::call_once<void (proton::container::impl::*)(), proton::container::impl*>(std::once_flag&, void (proton::container::impl::*&&)(), proton::container::impl*&&) (in /home/jdanek/Work/repos/qpid-proton/build/proton-c/bindings/cpp/libqpid-proton-cpp.so.11.0.0)
      ==29439==    by 0x4E6223F: proton::container::impl::run(int) (in /home/jdanek/Work/repos/qpid-proton/build/proton-c/bindings/cpp/libqpid-proton-cpp.so.11.0.0)
      ==29439==    by 0x4062BB: main (in /home/jdanek/Work/repos/qpid-proton/build/examples/cpp/ssl)
      ==29439== 
      ==29439== LEAK SUMMARY:
      ==29439==    definitely lost: 208 bytes in 1 blocks
      ==29439==    indirectly lost: 373,484 bytes in 1,056 blocks
      ==29439==      possibly lost: 0 bytes in 0 blocks
      ==29439==    still reachable: 98,760 bytes in 3,283 blocks
      ==29439==         suppressed: 0 bytes in 0 blocks
      ==29439== Reachable blocks (those to which a pointer was found) are not shown.
      
      [..]
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                aconway Alan Conway
                Reporter:
                jdanek Jiri Daněk
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: