Fix logic that moves goal handles when one expires #360
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sloretz
added
bug
wjwwood
approved these changes
Dec 14, 2018
jacobperron
reviewed
Dec 15, 2018
| --num_goal_handles; | ||
| action_server->impl->goal_handles[i] = action_server->impl->goal_handles[num_goal_handles]; | ||
| allocator.deallocate(action_server->impl->goal_handles[num_goal_handles], allocator.state); |
There was a problem hiding this comment.
Would the logic also be fixed if this deallocate was for index i and moved one line up?
For sure the --i; is needed.
allocator.deallocate(action_server->impl->goal_handles[i], allocator.state);
action_server->impl->goal_handles[i] = action_server->impl->goal_handles[num_goal_handles];
action_server->impl->goal_handles[num_goal_handles] = NULL;
// decrement i to check the same index again now that it has a new goal handle
--i;
Just want to make sure I understand the bug :)
There was a problem hiding this comment.
That would be an improvement, though it would still have a bug. All goal handles need to be moved to shrink the array, but this shrinking logic is doing it one at a time in a block that only executes if the goal handle at i has expired. An active goal at the end of the array would be lost when the array shrinks because this bit wouldn't be reached. If there were two goals that expired at once then goal handles after the second expired one would only be moved back one place when they need to be moved back two places.
This PR adds a for-loop to make sure all goals after the expired one are moved.
There was a problem hiding this comment.
It makes sense to me, thanks for the explanation!
|
CI (testing packages above rcl_action)
|
emersonknapp
pushed a commit
to emersonknapp/rcl
that referenced
this pull request
Feb 13, 2019
* update docs about possibility of rcl_take no taking (ros2#356) * update rcl_wait doc with respect to subs and possibility of failing takes * add a note about possible failing takes in rcl_take docs * 0.6.2 * Set rmw_wait timeout using ros timers too (ros2#357) * 0.6.3 * Avoid timer period being set to 0 (ros2#359) * Fix logic that moves goal handles when one expires (ros2#360) * Fix error from uncrustify v0.68 (ros2#364) * Ensure that context instance id storage is aligned correctly (ros2#365) * Ensure that context instance id storage is aligned correctly * Make alignment compatible with MSVC * Namespace alignment macro with RCL_ * [rcl] Guard against bad allocation calling rcl_arguments_copy() (ros2#367) * [rcl] Add test for copying arguments struct with no arguments * Override allocate function in test to reveal bug * [rcl] Only allocate arrays if there are things to copy in rcl_argument_copy() Also guard against freeing invalid pointers if rcl_argument_copy() fails. * Remove uncessary guard against NULL pointer * linter, styles, uncrustify fixes
emersonknapp
pushed a commit
to emersonknapp/rcl
that referenced
this pull request
Feb 13, 2019
* update docs about possibility of rcl_take no taking (ros2#356) * update rcl_wait doc with respect to subs and possibility of failing takes * add a note about possible failing takes in rcl_take docs * 0.6.2 * Set rmw_wait timeout using ros timers too (ros2#357) * 0.6.3 * Avoid timer period being set to 0 (ros2#359) * Fix logic that moves goal handles when one expires (ros2#360) * Fix error from uncrustify v0.68 (ros2#364) * Ensure that context instance id storage is aligned correctly (ros2#365) * Ensure that context instance id storage is aligned correctly * Make alignment compatible with MSVC * Namespace alignment macro with RCL_ * [rcl] Guard against bad allocation calling rcl_arguments_copy() (ros2#367) * [rcl] Add test for copying arguments struct with no arguments * Override allocate function in test to reveal bug * [rcl] Only allocate arrays if there are things to copy in rcl_argument_copy() Also guard against freeing invalid pointers if rcl_argument_copy() fails. * Remove uncessary guard against NULL pointer * linter, styles, uncrustify fixes
jacobperron
pushed a commit
that referenced
this pull request
Feb 21, 2019
* Changing security directory lookup to a prefix match rather than exact match. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Changing security directory lookup to a prefix match rather than exact match. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Changing security directory lookup to a prefix match rather than exact match. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Changing security directory lookup to a prefix match rather than exact match. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Adding security_directory module and moving rcl_get_secure_root function to it. Adding tests. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Changing security directory prefix matching to be optional. Improving error messages around security directory lookup. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Fixing get_best_matching_directory so that it always fetches the next file inside the loop. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * make pr ready for ros2cli security feature (#1) * update docs about possibility of rcl_take no taking (#356) * update rcl_wait doc with respect to subs and possibility of failing takes * add a note about possible failing takes in rcl_take docs * 0.6.2 * Set rmw_wait timeout using ros timers too (#357) * 0.6.3 * Avoid timer period being set to 0 (#359) * Fix logic that moves goal handles when one expires (#360) * Fix error from uncrustify v0.68 (#364) * Ensure that context instance id storage is aligned correctly (#365) * Ensure that context instance id storage is aligned correctly * Make alignment compatible with MSVC * Namespace alignment macro with RCL_ * [rcl] Guard against bad allocation calling rcl_arguments_copy() (#367) * [rcl] Add test for copying arguments struct with no arguments * Override allocate function in test to reveal bug * [rcl] Only allocate arrays if there are things to copy in rcl_argument_copy() Also guard against freeing invalid pointers if rcl_argument_copy() fails. * Remove uncessary guard against NULL pointer * linter, styles, uncrustify fixes Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Update rcl/include/rcl/security_directory.h Co-Authored-By: AAlon <avishayalon@gmail.com> Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Adding line break in docstring Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Removing duplicate doc string Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Removing tinydir from the source tree, instead using the ROS package tinydir_vendor. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Removing tinydir Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Reformatting license notice as per linter template. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Update test_security_directory.cpp Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Changing input to putenv to be a global, statically allocated buffer. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * test_security_directory - Using a larger buffer for env string manipulations. Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Copy environment variable to allocated string so it is not clobbered by next lookup Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Address review comments fix security directory exact match comment and unset env vars before tests Signed-off-by: Emerson Knapp <eknapp@amazon.com> * Remove strncpy Signed-off-by: Emerson Knapp <eknapp@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes a bug in the action server that can result in a crash when a goal is expired. The logic to move goals backwards when one expires can leave invalid pointers and lose track of valid goal handles.
To reproduce the crash
Shorten the expire time to make the crash happen sooner
Build
Start an action server
Run an action client a bunch of times (hapens within 10 times usually with 15 second expiration timeout)
When the goal time expires, sometimes the broken logic will leave an invalid pointer that causes an exception later when something tries to access it.