This is an archive of the discontinued LLVM Phabricator instance.

Differential D50126

[Support] fix TempFile infinite loop and permission denied errors
ClosedPublic

Authored by inglorion on Jul 31 2018, 7:23 PM.

Details

Reviewers
pcc
rnk
zturner
Commits
rG9b36f51ae761: [Support] fix TempFile infinite loop and permission denied errors
rL338745: [Support] fix TempFile infinite loop and permission denied errors
Summary

On Windows, TempFile::create() was prone to failing with permission
denied errors when a process created many tempfiles without providing
a model large enough to accommodate them. There was also a problem
with createUniqueEntity getting into an infinite loop when all names
permitted by the model are in use. This change fixes both of these
problems and adds a unit test for them.

Diff Detail

Repository
rL LLVM

Event Timeline

inglorion created this revision.Jul 31 2018, 7:23 PM
Herald added a subscriber: hiraditya. · View Herald TranscriptJul 31 2018, 7:23 PM
Harbormaster completed remote builds in B20943: Diff 158454.Jul 31 2018, 7:24 PM
inglorion added a child revision: D50127: [Support] use larger character set for creating unique filenames.Jul 31 2018, 8:17 PM
zturner added a subscriber: inglorion.Jul 31 2018, 8:20 PM

How could 16 characters not be enough? That’s 35^16 unique file names?

inglorion added a comment.Jul 31 2018, 8:44 PM

@zturner, the models we use here are 6 characters. Chosen from a set of 16 characters gives 16M possibilities. Randomly generating them gives a 50%+ probability of a collision after 5000 names or so. I have another patch up (D50127) to use a 32-character set instead, which means the same 6 character model gives about a billion possible names and you need to generate about 40,000 of them before you have a 50% probability of a collision.

inglorion added a comment.Jul 31 2018, 8:48 PM

This diff fixes a problem where, on Windows, TempFile::create() would immediately fail when the same name is tried again before the first file with that name is gone. That makes collisions less of an issue, because we can actually use more of the available names before we give up. It also fixes a problem where trying to create a tempfile when all available names are taken would lead to an infinite loop.

inglorion added a comment.Aug 2 2018, 10:30 AM

Is this good to go?

zturner accepted this revision.Aug 2 2018, 10:36 AM
This revision is now accepted and ready to land.Aug 2 2018, 10:36 AM
pcc requested changes to this revision.Aug 2 2018, 10:38 AM

No, I have comments.

This revision now requires changes to proceed.Aug 2 2018, 10:38 AM
This revision was not accepted when it landed; it landed in state Needs Revision.Aug 2 2018, 10:42 AM
Closed by commit rL338745: [Support] fix TempFile infinite loop and permission denied errors (authored by inglorion). · Explain Why
This revision was automatically updated to reflect the committed changes.
pcc added inline comments.Aug 2 2018, 10:57 AM
llvm/lib/Support/Path.cpp
194 ↗(On Diff #158454)

This is unlikely to be the problem given the number of % characters typically in a model. It's more likely to be the case that we're getting permission denied because we don't actually have permission. That's what I'd say in the comment here.

inglorion added a comment.Aug 2 2018, 11:18 AM

Sorry, Peter. Saw your reply after I had already pushed the change. Would:

// Limit the number of attempts we make, so that we don't infinite loop. E.g.
// "permission denied" could be for a specific file (so we retry with a
// different name) or for the whole directory (retry would always fail).
// Checking which is racy, so we try a number of times, then give up.

be a better comment? If so, I'll land that as a follow-up.

pcc added a comment.Aug 2 2018, 11:22 AM

Looks great, thanks.

inglorion mentioned this in rL338755: [Support] [NFC] change comment about retries in createUniqueEntity.Aug 2 2018, 11:27 AM
inglorion added a comment.Aug 2 2018, 11:28 AM

Comment changed in rL338755.

fedor.sergeev added a subscriber: fedor.sergeev.Nov 19 2018, 1:48 PM

The test introduced here seems to be invalid.
It assumes that 16*128 attempts to choose a random hex number will cover all 16 available numbers.
Obviously, the chance for this test to fail is rather low but it is not 0.

(and yes, today it failed in my test run)

Herald added a subscriber: kristina. · View Herald TranscriptNov 19 2018, 1:48 PM
inglorion added a comment.Jan 4 2019, 2:38 PM

@fedor.sergeev: You're right, thanks for pointing that out. Sent D56336 to fix that.

Revision Contents

PathSize
llvm/
trunk/
lib/
Support/
77 lines
unittests/
Support/
31 lines

Diff 158797

llvm/trunk/lib/Support/Path.cpp

Show First 20 LinesShow All 184 Lines▼ Show 20 LinescreateUniqueEntity(const Twine &Model, int &ResultFD,
// From here on, DO NOT modify model. It may be needed if the randomly chosen // From here on, DO NOT modify model. It may be needed if the randomly chosen
// path already exists. // path already exists.
ResultPath = ModelStorage; ResultPath = ModelStorage;
// Null terminate. // Null terminate.
ResultPath.push_back(0); ResultPath.push_back(0);
ResultPath.pop_back(); ResultPath.pop_back();
retry_random_path: // Limit the number of attempts we make, so that we don't infinite loop when
// we run out of filenames that fit the model.
std::error_code EC;
for (int Retries = 128; Retries > 0; --Retries) {
// Replace '%' with random chars. // Replace '%' with random chars.
for (unsigned i = 0, e = ModelStorage.size(); i != e; ++i) { for (unsigned i = 0, e = ModelStorage.size(); i != e; ++i) {
if (ModelStorage[i] == '%') if (ModelStorage[i] == '%')
ResultPath[i] = "0123456789abcdef"[sys::Process::GetRandomNumber() & 15]; ResultPath[i] =
"0123456789abcdef"[sys::Process::GetRandomNumber() & 15];
} }
// Try to open + create the file. // Try to open + create the file.
switch (Type) { switch (Type) {
case FS_File: { case FS_File: {
if (std::error_code EC = EC = sys::fs::openFileForReadWrite(Twine(ResultPath.begin()), ResultFD,
sys::fs::openFileForReadWrite(Twine(ResultPath.begin()), ResultFD, sys::fs::CD_CreateNew, Flags, Mode);
sys::fs::CD_CreateNew, Flags, Mode)) { if (EC) {
if (EC == errc::file_exists) // errc::permission_denied happens on Windows when we try to open a file
goto retry_random_path; // that has been marked for deletion.
if (EC == errc::file_exists || EC == errc::permission_denied)
continue;
return EC; return EC;
} }
return std::error_code(); return std::error_code();
} }
case FS_Name: { case FS_Name: {
std::error_code EC = EC = sys::fs::access(ResultPath.begin(), sys::fs::AccessMode::Exist);
sys::fs::access(ResultPath.begin(), sys::fs::AccessMode::Exist);
if (EC == errc::no_such_file_or_directory) if (EC == errc::no_such_file_or_directory)
return std::error_code(); return std::error_code();
if (EC) if (EC)
return EC; return EC;
goto retry_random_path; continue;
} }
case FS_Dir: { case FS_Dir: {
if (std::error_code EC = EC = sys::fs::create_directory(ResultPath.begin(), false);
sys::fs::create_directory(ResultPath.begin(), false)) { if (EC) {
if (EC == errc::file_exists) if (EC == errc::file_exists)
goto retry_random_path; continue;
return EC; return EC;
} }
return std::error_code(); return std::error_code();
} }
} }
llvm_unreachable("Invalid Type"); llvm_unreachable("Invalid Type");
} }
return EC;
}
namespace llvm { namespace llvm {
namespace sys { namespace sys {
namespace path { namespace path {
const_iterator begin(StringRef path, Style style) { const_iterator begin(StringRef path, Style style) {
const_iterator i; const_iterator i;
i.Path = path; i.Path = path;
▲ Show 20 LinesShow All 995 LinesShow Last 20 Lines

llvm/trunk/unittests/Support/Path.cpp

Show First 20 LinesShow All 675 Lines▼ Show 20 Lines const char *Path216 =
"abcdefghijklmnopqrstuvwxyz5abcdefghijklmnopqrstuvwxyz4" "abcdefghijklmnopqrstuvwxyz5abcdefghijklmnopqrstuvwxyz4"
"abcdefghijklmnopqrstuvwxyz3abcdefghijklmnopqrstuvwxyz2" "abcdefghijklmnopqrstuvwxyz3abcdefghijklmnopqrstuvwxyz2"
"abcdefghijklmnopqrstuvwxyz1abcdefghijklmnopqrstuvwxyz0"; "abcdefghijklmnopqrstuvwxyz1abcdefghijklmnopqrstuvwxyz0";
ASSERT_NO_ERROR(fs::createTemporaryFile(Path216, "", TempPath)); ASSERT_NO_ERROR(fs::createTemporaryFile(Path216, "", TempPath));
ASSERT_NO_ERROR(fs::remove(Twine(TempPath))); ASSERT_NO_ERROR(fs::remove(Twine(TempPath)));
#endif #endif
} }
TEST_F(FileSystemTest, TempFileCollisions) {
SmallString<128> TestDirectory;
ASSERT_NO_ERROR(
fs::createUniqueDirectory("CreateUniqueFileTest", TestDirectory));
FileRemover Cleanup(TestDirectory);
SmallString<128> Model = TestDirectory;
path::append(Model, "%.tmp");
SmallString<128> Path;
std::vector<fs::TempFile> TempFiles;
auto TryCreateTempFile = [&]() {
Expected<fs::TempFile> T = fs::TempFile::create(Model);
if (T) {
TempFiles.push_back(std::move(*T));
return true;
} else {
logAllUnhandledErrors(T.takeError(), errs(),
"Failed to create temporary file: ");
return false;
}
};
// We should be able to create exactly 16 temporary files.
for (int i = 0; i < 16; ++i)
EXPECT_TRUE(TryCreateTempFile());
EXPECT_FALSE(TryCreateTempFile());
for (fs::TempFile &T : TempFiles)
cantFail(T.discard());
}
TEST_F(FileSystemTest, CreateDir) { TEST_F(FileSystemTest, CreateDir) {
ASSERT_NO_ERROR(fs::create_directory(Twine(TestDirectory) + "foo")); ASSERT_NO_ERROR(fs::create_directory(Twine(TestDirectory) + "foo"));
ASSERT_NO_ERROR(fs::create_directory(Twine(TestDirectory) + "foo")); ASSERT_NO_ERROR(fs::create_directory(Twine(TestDirectory) + "foo"));
ASSERT_EQ(fs::create_directory(Twine(TestDirectory) + "foo", false), ASSERT_EQ(fs::create_directory(Twine(TestDirectory) + "foo", false),
errc::file_exists); errc::file_exists);
ASSERT_NO_ERROR(fs::remove(Twine(TestDirectory) + "foo")); ASSERT_NO_ERROR(fs::remove(Twine(TestDirectory) + "foo"));
#ifdef LLVM_ON_UNIX #ifdef LLVM_ON_UNIX
▲ Show 20 LinesShow All 1,001 LinesShow Last 20 Lines