From e5e535237db330dead6f8f38b268298076911907 Mon Sep 17 00:00:00 2001 From: Kevin Schoedel Date: Mon, 22 Nov 2021 11:01:24 -0500 Subject: [PATCH] Catch or release ObjectPool leaks #### Problem No action is taken if an `ObjectPool` is destroyed while objects remain live. For the `BitMapObjectPool` case, such objects can't be safely touched. For `HeapObjectPool` such objects can be used but can't be released. Some leaks have been fixed (#11983, #12031), but there are still a few remaining. Fixes #11880 _Possible use of destroyed pool objects_ #### Change overview - Add a `BitMapObjectPool` template argument indicating what to do if it is destroyed with live objects: abort with an error message, release all objects (which calls their destructors), or (transitionally) ignore the condition. - Fix shutdown ordering in `DeviceControllerSystemState`. - For existing pools in `SessionManager`, ignore the condition. #### Testing CI; no changes to functionality. --- .../CHIPDeviceControllerFactory.cpp | 14 +++-- src/lib/support/Pool.h | 54 ++++++++++++++----- src/lib/support/tests/TestPool.cpp | 4 ++ src/transport/SecureSessionTable.h | 2 +- src/transport/SessionManager.h | 9 ++-- src/transport/UnauthenticatedSessionTable.h | 2 +- 6 files changed, 61 insertions(+), 24 deletions(-) diff --git a/src/controller/CHIPDeviceControllerFactory.cpp b/src/controller/CHIPDeviceControllerFactory.cpp index df423e1b4620f3..95bb7f69a1de97 100644 --- a/src/controller/CHIPDeviceControllerFactory.cpp +++ b/src/controller/CHIPDeviceControllerFactory.cpp @@ -223,6 +223,15 @@ CHIP_ERROR DeviceControllerSystemState::Shutdown() // Shut down the interaction model app::InteractionModelEngine::GetInstance()->Shutdown(); + // Shut down the TransportMgr. This holds Inet::UDPEndPoints so it must be shut down + // before PlatformMgr().Shutdown() shuts down Inet. + if (mTransportMgr != nullptr) + { + mTransportMgr->Close(); + chip::Platform::Delete(mTransportMgr); + mTransportMgr = nullptr; + } + #if CONFIG_DEVICE_LAYER // // We can safely call PlatformMgr().Shutdown(), which like DeviceController::Shutdown(), @@ -247,11 +256,6 @@ CHIP_ERROR DeviceControllerSystemState::Shutdown() mSystemLayer = nullptr; mInetLayer = nullptr; - if (mTransportMgr != nullptr) - { - chip::Platform::Delete(mTransportMgr); - mTransportMgr = nullptr; - } if (mMessageCounterManager != nullptr) { diff --git a/src/lib/support/Pool.h b/src/lib/support/Pool.h index ec9540756af73f..41851e39f422bc 100644 --- a/src/lib/support/Pool.h +++ b/src/lib/support/Pool.h @@ -159,6 +159,16 @@ struct HeapObjectList : HeapObjectListNode } // namespace internal +/** + * Action taken if objects remain allocated when a pool is destroyed. + */ +enum class OnObjectPoolDestruction +{ + AutoRelease, ///< Release any objects still allocated. + Die, ///< Abort if any objects remain allocated. + UnsafeDoNotUse, ///< Do nothing; keep historical behaviour until leaks are fixed. +}; + /** * @class ObjectPool * @@ -191,14 +201,24 @@ struct HeapObjectList : HeapObjectListNode * @tparam T type of element to be allocated. * @tparam N a positive integer max number of elements the pool provides. */ -template +template class BitMapObjectPool : public internal::StaticAllocatorBitmap, public internal::PoolCommon { public: BitMapObjectPool() : StaticAllocatorBitmap(mData.mMemory, mUsage, N, sizeof(T)) {} ~BitMapObjectPool() { - // ReleaseAll(); + switch (Action) + { + case OnObjectPoolDestruction::AutoRelease: + ReleaseAll(); + break; + case OnObjectPoolDestruction::Die: + VerifyOrDie(Allocated() == 0); + break; + case OnObjectPoolDestruction::UnsafeDoNotUse: + break; + } } template @@ -264,15 +284,21 @@ class BitMapObjectPool : public internal::StaticAllocatorBitmap, public internal * * @tparam T type to be allocated. */ -template +template class HeapObjectPool : public internal::Statistics, public internal::PoolCommon { public: HeapObjectPool() {} ~HeapObjectPool() { - // TODO(#11880): Release all active objects (or verify that none are active) when destroying the pool. - // ReleaseAll(); + if (Action == OnObjectPoolDestruction::AutoRelease) + { + ReleaseAll(); + } + else + { + VerifyOrDie(Allocated() == 0); + } } template @@ -338,11 +364,11 @@ class HeapObjectPool : public internal::Statistics, public internal::PoolCommon< #endif // CHIP_SYSTEM_CONFIG_POOL_USE_HEAP #if CHIP_SYSTEM_CONFIG_POOL_USE_HEAP -template -using ObjectPool = HeapObjectPool; +template +using ObjectPool = HeapObjectPool; #else // CHIP_SYSTEM_CONFIG_POOL_USE_HEAP -template -using ObjectPool = BitMapObjectPool; +template +using ObjectPool = BitMapObjectPool; #endif // CHIP_SYSTEM_CONFIG_POOL_USE_HEAP enum class ObjectPoolMem @@ -353,17 +379,17 @@ enum class ObjectPoolMem #endif // CHIP_SYSTEM_CONFIG_POOL_USE_HEAP }; -template +template class MemTypeObjectPool; -template -class MemTypeObjectPool : public BitMapObjectPool +template +class MemTypeObjectPool : public BitMapObjectPool { }; #if CHIP_SYSTEM_CONFIG_POOL_USE_HEAP -template -class MemTypeObjectPool : public HeapObjectPool +template +class MemTypeObjectPool : public HeapObjectPool { }; #endif // CHIP_SYSTEM_CONFIG_POOL_USE_HEAP diff --git a/src/lib/support/tests/TestPool.cpp b/src/lib/support/tests/TestPool.cpp index 2245a9322baf9a..aaca635ba9f71f 100644 --- a/src/lib/support/tests/TestPool.cpp +++ b/src/lib/support/tests/TestPool.cpp @@ -136,6 +136,8 @@ void TestCreateReleaseObjectStatic(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, GetNumObjectsInUse(pool) == kSize); NL_TEST_ASSERT(inSuite, pool.Allocated() == kSize); NL_TEST_ASSERT(inSuite, pool.Exhausted()); + + pool.ReleaseAll(); } #if CHIP_SYSTEM_CONFIG_POOL_USE_HEAP @@ -325,6 +327,8 @@ void TestForEachActiveObject(nlTestSuite * inSuite, void * inContext) } NL_TEST_ASSERT(inSuite, count >= kSize / 2); NL_TEST_ASSERT(inSuite, count <= kSize); + + pool.ReleaseAll(); } void TestForEachActiveObjectStatic(nlTestSuite * inSuite, void * inContext) diff --git a/src/transport/SecureSessionTable.h b/src/transport/SecureSessionTable.h index 62a2429e172a5f..e117d7539520bf 100644 --- a/src/transport/SecureSessionTable.h +++ b/src/transport/SecureSessionTable.h @@ -124,7 +124,7 @@ class SecureSessionTable private: Time::TimeSource mTimeSource; - BitMapObjectPool mEntries; + BitMapObjectPool mEntries; }; } // namespace Transport diff --git a/src/transport/SessionManager.h b/src/transport/SessionManager.h index 3cd472ff49f6be..50c66f96510eca 100644 --- a/src/transport/SessionManager.h +++ b/src/transport/SessionManager.h @@ -286,16 +286,19 @@ class DLL_EXPORT SessionManager : public TransportMgrDelegate State mState; // < Initialization state of the object SessionMessageDelegate * mCB = nullptr; - BitMapObjectPool, CHIP_CONFIG_MAX_SESSION_CREATION_DELEGATES> + BitMapObjectPool, CHIP_CONFIG_MAX_SESSION_CREATION_DELEGATES, + OnObjectPoolDestruction::UnsafeDoNotUse> mSessionCreationDelegates; // TODO: This is a temporary solution to release sessions, in the near future, SessionReleaseDelegate will be // directly associated with the every SessionHandle. Then the callback function is called on over the handle // delegate directly, in order to prevent dangling handles. - BitMapObjectPool, CHIP_CONFIG_MAX_SESSION_RELEASE_DELEGATES> + BitMapObjectPool, CHIP_CONFIG_MAX_SESSION_RELEASE_DELEGATES, + OnObjectPoolDestruction::UnsafeDoNotUse> mSessionReleaseDelegates; - BitMapObjectPool, CHIP_CONFIG_MAX_SESSION_RECOVERY_DELEGATES> + BitMapObjectPool, CHIP_CONFIG_MAX_SESSION_RECOVERY_DELEGATES, + OnObjectPoolDestruction::UnsafeDoNotUse> mSessionRecoveryDelegates; TransportMgrBase * mTransportMgr = nullptr; diff --git a/src/transport/UnauthenticatedSessionTable.h b/src/transport/UnauthenticatedSessionTable.h index c265d43fe249e7..179c967820c0a4 100644 --- a/src/transport/UnauthenticatedSessionTable.h +++ b/src/transport/UnauthenticatedSessionTable.h @@ -223,7 +223,7 @@ class UnauthenticatedSessionTable } Time::TimeSource mTimeSource; - BitMapObjectPool mEntries; + BitMapObjectPool mEntries; }; } // namespace Transport