header_map: copy constructor for HeaderMapImpl. #4129
Conversation
Previously, we were picking up the default copy constructor, despite having effectively a copy constructor for the base class HeaderMap. This appears to resolve the leak in envoyproxy#4118. Risk level: Low Testing: Unit test added. Signed-off-by: Harvey Tuch <htuch@google.com>
| @@ -292,6 +292,9 @@ HeaderMapImpl::HeaderMapImpl(const HeaderMap& rhs) : HeaderMapImpl() { | |||
| this); | |||
| } | |||
|
|
|||
| HeaderMapImpl::HeaderMapImpl(const HeaderMapImpl& rhs) | |||
| : HeaderMapImpl(static_cast<const HeaderMap&>(rhs)) {} | |||
There was a problem hiding this comment.
Sorry I'm confused. How is this different from what the compiler did before?
There was a problem hiding this comment.
It was synthesizing the default copy constructor, since we only supplied a constructor for the class we were deriving from AFAICT.
There was a problem hiding this comment.
There's something more going on here though, witness the build failures. Looking into this now.
…estHeaderMapImpl. Signed-off-by: Harvey Tuch <htuch@google.com>
|
I think this is the proper fix. By marking Still puzzled why the copy assignment ever worked (CC @jsedgwick). |
| }, | ||
| this); | ||
| } | ||
| HeaderMapImpl::HeaderMapImpl(const HeaderMapImpl& rhs) |
There was a problem hiding this comment.
Is this change still needed? It's unclear to me why the compiler won't just pick the other one.
There was a problem hiding this comment.
I think so; the implicit copy constructor is deleted, the above constructor for HeaderMap isn't actually a copy constructor.
Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Harvey Tuch <htuch@google.com>
|
OK, just chatted with @jsedgwick and have some ideas for how to try and either rationalize this or simplify, will update later tonight. |
Signed-off-by: Harvey Tuch <htuch@google.com>
|
@mattklein123 I just figured this out, I think, with some great help from @jsedgwick. He pointed out that what was going on is not some magic implicit copy constructor generation, which should have been impossible because of the non-copyable HeaderEntryImpl, but instead the compiler was falling back on the implicit move constructor that was generated in lieu. Moving The solution is basically what I had this arvo; by making Ultimately, maybe we would want to make Let nobody ever say fuzzing doesn't churn up fun bugs ;) |
Signed-off-by: Harvey Tuch <htuch@google.com>
| */ | ||
| class HeaderList { | ||
| class HeaderList : NonCopyable { |
There was a problem hiding this comment.
I think it's fine to block move, but why not just block the implicit move constructor inside NonCopyable? I realize it's called NonCopyable but I'm pretty sure in all cases where we use that we also don't want move?
There was a problem hiding this comment.
I don't think this change is needed anymore, but fine to keep.
test/test_common/utility.cc
Outdated
| return *this; | ||
| } | ||
|
|
||
| removePrefix(LowerCaseString("")); |
There was a problem hiding this comment.
WDYT of factoring out a separate clear() method in the public API while you are in here?
There was a problem hiding this comment.
I would rather not make any API public on HeaderMapImpl that we don't need to. This is a performance sensitive object and we should avoid having folks do slow/inefficient things with it that they don't need to.
There was a problem hiding this comment.
If someone does need to clear(), I think it'd be better for it to be abstracted at the class interface.
Right now removePrefix(LowerCaseString("")) seems like it might be specific to the implementation?
But a compromise might be to define clear() but make it private or protected, with a note about exposing it in the future if there's a real need.
There was a problem hiding this comment.
Arguably, nobody should be doing this, removePrefix is a horrible way to clear, it's only suitable for test purposes. I'm going to follow Matt's suggestion and move this to TestHeaderMapImpl only.
| void HeaderMapImpl::copyFrom(const HeaderMap& header_map) { | ||
| header_map.iterate( | ||
| [](const HeaderEntry& header, void* context) -> HeaderMap::Iterate { | ||
| // TODO(mattklein123) PERF: Avoid copying here is not necessary. |
There was a problem hiding this comment.
s/is/if/ ?
Do we keep a bit indicating whether a header-map contains owned strings or refs?
There was a problem hiding this comment.
Will fix typo, performance optimization is orthogonal.
| @@ -304,6 +293,22 @@ HeaderMapImpl::HeaderMapImpl( | |||
| } | |||
| } | |||
|
|
|||
| void HeaderMapImpl::copyFrom(const HeaderMap& header_map) { | |||
| header_map.iterate( | |||
There was a problem hiding this comment.
If you are defining a copy-ctor I think you should also define an assignment operator (and test it).
https://en.cppreference.com/w/cpp/language/rule_of_three
I see you are defining one in a test subclass, but it doesn't look like you've got one in HeaderMapImpl.
There was a problem hiding this comment.
Yes, that's fair. I will mvoe copy assignment to HeaderMapImpl.
| HeaderString key_string; | ||
| key_string.setCopy(header.key().c_str(), header.key().size()); | ||
| HeaderString value_string; | ||
| value_string.setCopy(header.value().c_str(), header.value().size()); |
There was a problem hiding this comment.
Best practice is to use .data() rather than .c_str() here (x2), although I admit in practice I don't see how they can differ :)
There was a problem hiding this comment.
There is no .data() on header.value().
|
@mattklein123 @jmarantz review feedback in last commit. I don't think we should mark |
source/common/http/header_map_impl.h
Outdated
| // implicit move constructor, moving HeaderMapImpl is unsafe (see HeaderList comments). | ||
| HeaderMapImpl(const HeaderMapImpl& rhs); | ||
| // Safe copy assignment; this is highly inefficient, don't use this except for tests. | ||
| HeaderMapImpl& operator=(const HeaderMapImpl& rhs); |
There was a problem hiding this comment.
Sorry to have more comments on this, but my concern about these changes is that we can accidentally start copying without knowing about it. Is it not possible to make HeaderMapImpl NonCopyable but then add the copy/assignment constructors in TestHeaderMapImpl?
There was a problem hiding this comment.
That's a fair point. Having copy-ctor and assign-operator illegal is fine, but it would be nice to have copyFrom() as an explicit call.
There was a problem hiding this comment.
Yes, we can do this then. I'm honestly surprised what a mess this all is. If anyone wants ammunition in the language wars that points to C++ being a time suck and unreasonably complicated for even experienced programmers to work with, this is a prime example.
Signed-off-by: Harvey Tuch <htuch@google.com>
source/common/http/header_map_impl.h
Outdated
| @@ -80,6 +81,9 @@ class HeaderMapImpl : public HeaderMap { | |||
| size_t size() const override { return headers_.size(); } | |||
|
|
|||
| protected: | |||
| void copyFrom(const HeaderMap& rhs); | |||
There was a problem hiding this comment.
comment that these are protected because they are suspected to be slow, and should only be used in tests?
| */ | ||
| class HeaderList { | ||
| class HeaderList : NonCopyable { |
There was a problem hiding this comment.
I don't think this change is needed anymore, but fine to keep.
|
I rather mark things everywhere as |
* origin/master: fix flaky RBAC integration test. (envoyproxy#4147) header_map: copy constructor for HeaderMapImpl. (envoyproxy#4129) test: moving websocket tests to using HTTP codec. (envoyproxy#4143) upstream: init host hc value based on hc value from other priorities (envoyproxy#3959) Signed-off-by: Snow Pettersen <snowp@squareup.com>
Previously, since we had an implicitly deleted copy constructor, we picked up the implicitly created move constructor. This then performed a move operation on HeaderList, which is not safe to move because it contains iterator elements, which can point to end() and so are not safe when when moved, see the Notes in https://en.cppreference.com/w/cpp/container/list/list.
In this PR, we explicitly mark HeaderList as non-copyable (also suppresses the implicit move constructor), then provide an explicit copy constructor and assignment operator for TestHeaderImpl.
This appears to resolve the leak in #4118.
Risk level: Low
Testing: Unit test added.
Signed-off-by: Harvey Tuch htuch@google.com