From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org> To: Igor Munkin <imun@tarantool.org> Cc: tarantool-patches@dev.tarantool.org Subject: Re: [Tarantool-patches] [PATCH v2 1/1] box: export box_session_push to the public C API Date: Wed, 8 Apr 2020 22:35:57 +0200 [thread overview] Message-ID: <9c602d2d-9963-b8f3-46a9-eacaf1a94278@tarantool.org> (raw) In-Reply-To: <20200408153339.GF5713@tarantool.org> Hi! Thanks for the review! >> diff --git a/src/box/call.c b/src/box/call.c >> index a46a61c3c..be4f71f59 100644 >> --- a/src/box/call.c >> +++ b/src/box/call.c >> @@ -64,17 +64,55 @@ port_msgpack_get_msgpack(struct port *base, uint32_t *size) >> return port->data; >> } >> > > <snipped> > >> + >> +char * >> +port_mspack_set_plain(struct port *base, const char *plain, uint32_t len) >> +{ >> + struct port_msgpack *port = (struct port_msgpack *) base; >> + assert(port->plain == NULL); >> + port->plain = (char *)malloc(len + 1); > > Typo: here is some mess with cast style: here you omit the whitespace > prior to <malloc>, but there is a cast with whitespace prior to variable > few line above. I guess there is the one policy for it (at least within > a single translation unit). Yes, we decided to remove whitespace after cast, since we don't apply it for other unary operators. I still didn't use to it. Fixed. Although probably not everywhere, so be attentive during the next review. ==================== diff --git a/src/box/box.cc b/src/box/box.cc index 15e79df19..cfdf961c5 100644 --- a/src/box/box.cc +++ b/src/box/box.cc @@ -1462,7 +1462,7 @@ box_session_push(const char *data, const char *data_end) if (session == NULL) return -1; struct port_msgpack port; - struct port *base = (struct port *) &port; + struct port *base = (struct port *)&port; port_msgpack_create(base, data, data_end - data); int rc = session_push(session, session_sync(session), base); port_msgpack_destroy(base); diff --git a/src/box/call.c b/src/box/call.c index be4f71f59..811c44c65 100644 --- a/src/box/call.c +++ b/src/box/call.c @@ -67,7 +67,7 @@ port_msgpack_get_msgpack(struct port *base, uint32_t *size) static int port_msgpack_dump_msgpack(struct port *base, struct obuf *out) { - struct port_msgpack *port = (struct port_msgpack *) base; + struct port_msgpack *port = (struct port_msgpack *)base; assert(port->vtab == &port_msgpack_vtab); size_t size = port->data_sz; if (obuf_dup(out, port->data, size) == size) @@ -85,7 +85,7 @@ port_msgpack_dump_plain(struct port *base, uint32_t *size); void port_msgpack_destroy(struct port *base) { - struct port_msgpack *port = (struct port_msgpack *) base; + struct port_msgpack *port = (struct port_msgpack *)base; assert(port->vtab == &port_msgpack_vtab); free(port->plain); } @@ -93,7 +93,7 @@ port_msgpack_destroy(struct port *base) char * port_mspack_set_plain(struct port *base, const char *plain, uint32_t len) { - struct port_msgpack *port = (struct port_msgpack *) base; + struct port_msgpack *port = (struct port_msgpack *)base; assert(port->plain == NULL); port->plain = (char *)malloc(len + 1); if (port->plain == NULL) { diff --git a/test/box/function1.c b/test/box/function1.c index b2ce752a9..a28431e86 100644 --- a/test/box/function1.c +++ b/test/box/function1.c @@ -249,6 +249,6 @@ test_sleep(box_function_ctx_t *ctx, const char *args, const char *args_end) int test_push(box_function_ctx_t *ctx, const char *args, const char *args_end) { - (void) ctx; + (void)ctx; return box_session_push(args, args_end); } ==================== > Minor: AFAIR <void *> is casted considering the destination pointer type > *in plain C*. Is it a kinda Tarantool-wide rule to explicitly cast > pointers for such assignments? Yes, we cast in C too. Usually, in the new code. Still many old places omit the cast, and Vladimir usually omitted it even in the new code. Hard even to tell what is more - with cast or without. >> + if (port->plain == NULL) { >> + diag_set(OutOfMemory, len + 1, "malloc", "port->plain"); >> + return NULL; >> + } >> + memcpy(port->plain, plain, len); >> + port->plain[len] = 0; >> + return port->plain; >> +} >> + >> diff --git a/src/box/lua/console.c b/src/box/lua/console.c >> index bd454c269..396cb87f2 100644 >> --- a/src/box/lua/console.c >> +++ b/src/box/lua/console.c >> @@ -390,19 +391,17 @@ console_set_output_format(enum output_format output_format) >> } >> >> /** >> - * Dump port lua data with respect to output format: >> + * Dump Lua data to text with respect to output format: >> * YAML document tagged with !push! global tag or Lua string. >> - * @param port Port lua. >> + * @param L Lua state. >> * @param[out] size Size of the result. >> * >> - * @retval not NULL Tagged YAML document. >> + * @retval not NULL Tagged YAML document or Lua text. >> * @retval NULL Error. >> */ >> -const char * >> -port_lua_dump_plain(struct port *port, uint32_t *size) >> +static const char * >> +lua_dump_plain(struct lua_State *L, uint32_t *size) > > Please no... lua_* and luaL_* are Lua standart namespace prefixes, let's > stop spoiling it right here (even if the function is localized within a > translation unit). Agree. I removed 'lua_' prefix from all new functions: ==================== diff --git a/src/box/lua/console.c b/src/box/lua/console.c index 396cb87f2..886120eac 100644 --- a/src/box/lua/console.c +++ b/src/box/lua/console.c @@ -400,7 +400,7 @@ console_set_output_format(enum output_format output_format) * @retval NULL Error. */ static const char * -lua_dump_plain(struct lua_State *L, uint32_t *size) +console_dump_plain(struct lua_State *L, uint32_t *size) { enum output_format fmt = console_get_output_format(); if (fmt == OUTPUT_FORMAT_YAML) { @@ -438,7 +438,7 @@ lua_dump_plain(struct lua_State *L, uint32_t *size) const char * port_lua_dump_plain(struct port *base, uint32_t *size) { - return lua_dump_plain(((struct port_lua *)base)->L, size); + return console_dump_plain(((struct port_lua *)base)->L, size); } /** @@ -446,7 +446,7 @@ port_lua_dump_plain(struct port *base, uint32_t *size) * regarding Lua errors. */ static int -lua_port_msgpack_dump_plain(struct lua_State *L) +port_msgpack_dump_plain_via_lua(struct lua_State *L) { char **result = (char **)lua_touserdata(L, lua_upvalueindex(1)); struct port_msgpack *port = @@ -460,7 +460,7 @@ lua_port_msgpack_dump_plain(struct lua_State *L) * MessagePack -> Lua text. */ luamp_decode(L, luaL_msgpack_default, &data); - data = lua_dump_plain(L, size); + data = console_dump_plain(L, size); if (data == NULL) { *result = NULL; return 0; @@ -480,7 +480,7 @@ port_msgpack_dump_plain(struct port *base, uint32_t *size) lua_pushlightuserdata(L, &result); lua_pushlightuserdata(L, base); lua_pushlightuserdata(L, size); - lua_pushcclosure(L, lua_port_msgpack_dump_plain, 3); + lua_pushcclosure(L, port_msgpack_dump_plain_via_lua, 3); if (lua_pcall(L, 0, 0, 0) != 0) { /* * Error string is pushed in case it was a Lua ==================== > Furthermore, it doesn't respect the lua_CFunction > signature and lua_* prefix is definitely a misguiding one here. Let's > try to use another prefix here. This is because it is not a lua_CFunction. It is not called anywhere via lua_call/pcall/cpcall. But I got the point. >> { >> - struct port_lua *port_lua = (struct port_lua *) port; >> - struct lua_State *L = port_lua->L; >> enum output_format fmt = console_get_output_format(); >> if (fmt == OUTPUT_FORMAT_YAML) { >> int rc = lua_yaml_encode(L, luaL_yaml_default, "!push!", >> @@ -435,6 +434,68 @@ port_lua_dump_plain(struct port *port, uint32_t *size) >> return result; >> } >> >> +/** Plain text converter for port Lua data. */ >> +const char * >> +port_lua_dump_plain(struct port *base, uint32_t *size) >> +{ >> + return lua_dump_plain(((struct port_lua *)base)->L, size); > > Typo: one more time, it looks like a mess in type cast style within a > single translation unit. Fixed above. >> +} >> + >> +/** >> + * A helper for port_msgpack_dump_plain() to execute it safely >> + * regarding Lua errors. >> + */ >> +static int >> +lua_port_msgpack_dump_plain(struct lua_State *L) > > I was so deep into the patch semantics and totally missed it in v1... > Let's think about the prefix different from Lua standart one. Fixed above. >> +{ >> + char **result = (char **)lua_touserdata(L, lua_upvalueindex(1)); >> + struct port_msgpack *port = >> + (struct port_msgpack *)lua_touserdata(L, lua_upvalueindex(2)); >> + uint32_t *size = (uint32_t *)lua_touserdata(L, lua_upvalueindex(3)); >> + const char *data = port->data; >> + /* >> + * MessagePack -> Lua object -> YAML/Lua text. The middle >> + * is not really needed here, but there is no >> + * MessagePack -> YAML encoder yet. Neither >> + * MessagePack -> Lua text. >> + */ >> + luamp_decode(L, luaL_msgpack_default, &data); >> + data = lua_dump_plain(L, size); >> + if (data == NULL) { >> + *result = NULL; >> + return 0; >> + } >> + *result = port_mspack_set_plain((struct port *)port, data, *size); >> + return 0; >> + } >> + >> +/** Plain text converter for raw MessagePack. */ >> +const char * >> +port_msgpack_dump_plain(struct port *base, uint32_t *size) >> +{ >> + struct lua_State *L = tarantool_L; > > Moved our discussion from the previous thread here: > > ================================================================================ > >> I was afraid that in case of an OOM we will leave garbage in >> tarantool_L. >> But if you say we can use tarantool_L safely, then ok, I am not against >> that. It is just one another reason to start panic when the heap of Lua >> are out of memory, because otherwise data on tarantool_L will leak. > > When OOM occurs both host and guest stacks are unwinded to the closest > protected frame (i.e. the one created via <lua_pcall> below). It will be unwinded, but only in case we got to the call. What if one of lua_pushlightuserdata() would throw an OOM? Nothing will be removed, because this function (port_dump_plain) does not work on tarantool_L. It may be a pure C stack not intersecting with Lua anyhow. We use tarantool_L as some kind of external buffer and a last resort to reach Lua objects from pure C context. So if a throw happens before lua_pcall(), we will leave something on tarantool_L. Right? > Guest stack base is restored to the corresponding slot, slots above the top > one won't be marked and GC objects will be collected sometime later. If > there are no unmanaged memory allocations underneath then no leaks > occur. > >> >> On the other hand, the new thread will also leak, so probably this is >> a lose-lose situation, but with tarantool_L it is a little simpler. > > I might be missing something, but I see no memory leak since you create > a protected frame via <lua_pcall>. It may not manage to get to it and fail during pushing the argument. > ================================================================================ > >> + char *result = NULL; >> + int top = lua_gettop(L); >> + (void) top; >> + lua_pushlightuserdata(L, &result); >> + lua_pushlightuserdata(L, base); >> + lua_pushlightuserdata(L, size); >> + lua_pushcclosure(L, lua_port_msgpack_dump_plain, 3); >> + if (lua_pcall(L, 0, 0, 0) != 0) { > > If <lua_port_msgpack_dump_plain> returns nothing via guest stack, you > can use more convenient <lua_cpcall>[1] here. It requires almost no > auxillary actions: just fill a structure to be passed via the void > pointer argument to the function. Now we are talking :) Seems like this thing will protect from any leaks 99%, right? (Except in case of a fail it may be not able to push error object on the stack, is it possible?). ==================== diff --git a/src/box/call.c b/src/box/call.c index 811c44c65..599df7f60 100644 --- a/src/box/call.c +++ b/src/box/call.c @@ -90,7 +90,7 @@ port_msgpack_destroy(struct port *base) free(port->plain); } -char * +int port_mspack_set_plain(struct port *base, const char *plain, uint32_t len) { struct port_msgpack *port = (struct port_msgpack *)base; @@ -98,11 +98,11 @@ port_mspack_set_plain(struct port *base, const char *plain, uint32_t len) port->plain = (char *)malloc(len + 1); if (port->plain == NULL) { diag_set(OutOfMemory, len + 1, "malloc", "port->plain"); - return NULL; + return -1; } memcpy(port->plain, plain, len); port->plain[len] = 0; - return port->plain; + return 0; } static const struct port_vtab port_msgpack_vtab = { diff --git a/src/box/lua/console.c b/src/box/lua/console.c index 886120eac..ff2db5832 100644 --- a/src/box/lua/console.c +++ b/src/box/lua/console.c @@ -448,11 +448,15 @@ port_lua_dump_plain(struct port *base, uint32_t *size) static int port_msgpack_dump_plain_via_lua(struct lua_State *L) { - char **result = (char **)lua_touserdata(L, lua_upvalueindex(1)); - struct port_msgpack *port = - (struct port_msgpack *)lua_touserdata(L, lua_upvalueindex(2)); - uint32_t *size = (uint32_t *)lua_touserdata(L, lua_upvalueindex(3)); + void **ctx = (void **)lua_touserdata(L, 1); + struct port_msgpack *port = (struct port_msgpack *)ctx[0]; + uint32_t *size = (uint32_t *)ctx[1]; const char *data = port->data; + /* + * Need to pop, because YAML decoder will consume all what + * can be found on the stack. + */ + lua_pop(L, 1); /* * MessagePack -> Lua object -> YAML/Lua text. The middle * is not really needed here, but there is no @@ -461,11 +465,10 @@ port_msgpack_dump_plain_via_lua(struct lua_State *L) */ luamp_decode(L, luaL_msgpack_default, &data); data = console_dump_plain(L, size); - if (data == NULL) { - *result = NULL; - return 0; - } - *result = port_mspack_set_plain((struct port *)port, data, *size); + if (data == NULL) + assert(port->plain == NULL); + else + port_mspack_set_plain((struct port *)port, data, *size); return 0; } @@ -474,14 +477,13 @@ const char * port_msgpack_dump_plain(struct port *base, uint32_t *size) { struct lua_State *L = tarantool_L; - char *result = NULL; - int top = lua_gettop(L); - (void) top; - lua_pushlightuserdata(L, &result); - lua_pushlightuserdata(L, base); - lua_pushlightuserdata(L, size); - lua_pushcclosure(L, port_msgpack_dump_plain_via_lua, 3); - if (lua_pcall(L, 0, 0, 0) != 0) { + void *ctx[2] = {(void *)base, (void *)size}; + /* + * lua_cpcall() protects from errors thrown from Lua which + * may break a caller, not knowing about Lua and not + * expecting any exceptions. + */ + if (lua_cpcall(L, port_msgpack_dump_plain_via_lua, ctx) != 0) { /* * Error string is pushed in case it was a Lua * error. @@ -489,11 +491,9 @@ port_msgpack_dump_plain(struct port *base, uint32_t *size) assert(lua_isstring(L, -1)); diag_set(ClientError, ER_PROC_LUA, lua_tostring(L, -1)); lua_pop(L, 1); - assert(lua_gettop(L) == top); return NULL; } - assert(lua_gettop(L) == top); - return result; + return ((struct port_msgpack *)base)->plain; } /** diff --git a/src/box/port.h b/src/box/port.h index 7ef5a2c63..32d13f589 100644 --- a/src/box/port.h +++ b/src/box/port.h @@ -107,7 +107,7 @@ port_msgpack_destroy(struct port *base); /** * Set plain text version of data in the given port. It is copied. */ -char * +int port_mspack_set_plain(struct port *base, const char *plain, uint32_t len); /** Port for storing the result of a Lua CALL/EVAL. */ ==================== >> + /* >> + * Error string is pushed in case it was a Lua >> + * error. >> + */ >> + assert(lua_isstring(L, -1)); >> + diag_set(ClientError, ER_PROC_LUA, lua_tostring(L, -1)); >> + lua_pop(L, 1); >> + assert(lua_gettop(L) == top); >> + return NULL; >> + } >> + assert(lua_gettop(L) == top); >> + return result; >> +} >> diff --git a/test/box/push.test.lua b/test/box/push.test.lua >> index 7ae6f4a86..d2dc31db6 100644 >> --- a/test/box/push.test.lua >> +++ b/test/box/push.test.lua >> @@ -264,3 +264,54 @@ chan_push:put(true) >> chan_push:get() >> box.schema.func.drop('do_long_and_push') >> box.session.on_disconnect(nil, on_disconnect) >> + >> +-- >> +-- gh-4734: C API for session push. >> +-- >> +build_path = os.getenv("BUILDDIR") >> +old_cpath = package.cpath > > Minor: I see no reason for saving original package.cpath, if you are not > restoring it further. Thereby this line looks to be excess. That is a bug, I should restore it. ==================== diff --git a/test/box/push.result b/test/box/push.result index f5d8fe563..23b420420 100644 --- a/test/box/push.result +++ b/test/box/push.result @@ -696,3 +696,6 @@ box.schema.user.revoke('guest', 'super') box.schema.func.drop('function1.test_push') --- ... +package.cpath = old_cpath +--- +... diff --git a/test/box/push.test.lua b/test/box/push.test.lua index d2dc31db6..ffeeee3e4 100644 --- a/test/box/push.test.lua +++ b/test/box/push.test.lua @@ -315,3 +315,5 @@ server:close() box.schema.user.revoke('guest', 'super') box.schema.func.drop('function1.test_push') + +package.cpath = old_cpath ==================== >> +package.cpath = build_path..'/test/box/?.so;'..build_path..'/test/box/?.dylib;'..old_cpath >> + >> +box.schema.func.create('function1.test_push', {language = 'C'}) >> +box.schema.user.grant('guest', 'super') >> +c = netbox.connect(box.cfg.listen) >> +messages = {} >> +c:call('function1.test_push', \ >> + {1, 2, 3}, \ >> + {on_push = table.insert, \ >> + on_push_ctx = messages}) >> +messages >> +c:close() >> +-- >> +-- C can push to the console. >> +-- >> +ffi = require('ffi') >> +cd = ffi.new('char[3]') >> +cd[0] = 65 >> +cd[1] = 0 >> +cd[2] = 67 >> +-- A string having 0 byte inside. Check that it is handled fine. >> +s = ffi.string(cd, 3) > > This can be done much simpler way that requires no FFI: > | s = '\x65\x00\x67' Cool, thanks for the hint: ==================== diff --git a/test/box/push.result b/test/box/push.result index 23b420420..7888e4d92 100644 --- a/test/box/push.result +++ b/test/box/push.result @@ -604,23 +604,8 @@ c:close() -- -- C can push to the console. -- -ffi = require('ffi') ---- -... -cd = ffi.new('char[3]') ---- -... -cd[0] = 65 ---- -... -cd[1] = 0 ---- -... -cd[2] = 67 ---- -... -- A string having 0 byte inside. Check that it is handled fine. -s = ffi.string(cd, 3) +s = '\x41\x00\x43' --- ... console = require('console') diff --git a/test/box/push.test.lua b/test/box/push.test.lua index ffeeee3e4..f4518466e 100644 --- a/test/box/push.test.lua +++ b/test/box/push.test.lua @@ -282,16 +282,13 @@ c:call('function1.test_push', \ on_push_ctx = messages}) messages c:close() + -- -- C can push to the console. -- -ffi = require('ffi') -cd = ffi.new('char[3]') -cd[0] = 65 -cd[1] = 0 -cd[2] = 67 + -- A string having 0 byte inside. Check that it is handled fine. -s = ffi.string(cd, 3) +s = '\x41\x00\x43' console = require('console') fio = require('fio') ====================
next prev parent reply other threads:[~2020-04-08 20:35 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-04-07 23:20 Vladislav Shpilevoy 2020-04-08 15:33 ` Igor Munkin 2020-04-08 20:35 ` Vladislav Shpilevoy [this message] 2020-04-11 9:38 ` Igor Munkin 2020-04-11 18:11 ` Vladislav Shpilevoy 2020-04-11 18:11 ` Igor Munkin 2020-04-12 14:15 ` Vladislav Shpilevoy 2020-04-14 7:54 ` Kirill Yukhin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=9c602d2d-9963-b8f3-46a9-eacaf1a94278@tarantool.org \ --to=v.shpilevoy@tarantool.org \ --cc=imun@tarantool.org \ --cc=tarantool-patches@dev.tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH v2 1/1] box: export box_session_push to the public C API' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox