mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-15 19:02:04 +00:00
5a4f21c50f
- TSA is a static analyzer build by Google which finds race conditions
and deadlocks at compile time.
- It works by associating a shared member variable with a
synchronization primitive that protects it. The compiler can then
check at each access if proper locking happened before. A good
introduction are [0] and [1].
- TSA requires some help by the programmer via annotations. Luckily,
LLVM's libcxx already has annotations for std::mutex, std::lock_guard,
std::shared_mutex and std::scoped_lock. This commit enables them
(--> contrib/libcxx-cmake/CMakeLists.txt).
- Further, this commit adds convenience macros for the low-level
annotations for use in ClickHouse (--> base/defines.h). For
demonstration, they are leveraged in a few places.
- As we compile with "-Wall -Wextra -Weverything", the required compiler
flag "-Wthread-safety-analysis" was already enabled. Negative checks
are an experimental feature of TSA and disabled
(--> cmake/warnings.cmake). Compile times did not increase noticeably.
- TSA is used in a few places with simple locking. I tried TSA also
where locking is more complex. The problem was usually that it is
unclear which data is protected by which lock :-(. But there was
definitely some weird code where locking looked broken. So there is
some potential to find bugs.
*** Limitations of TSA besides the ones listed in [1]:
- The programmer needs to know which lock protects which piece of shared
data. This is not always easy for large classes.
- Two synchronization primitives used in ClickHouse are not annotated in
libcxx:
(1) std::unique_lock: A releaseable lock handle often together with
std::condition_variable, e.g. in solve producer-consumer problems.
(2) std::recursive_mutex: A re-entrant mutex variant. Its usage can be
considered a design flaw + typically it is slower than a standard
mutex. In this commit, one std::recursive_mutex was converted to
std::mutex and annotated with TSA.
- For free-standing functions (e.g. helper functions) which are passed
shared data members, it can be tricky to specify the associated lock.
This is because the annotations use the normal C++ rules for symbol
resolution.
[0] https://clang.llvm.org/docs/ThreadSafetyAnalysis.html
[1] https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/42958.pdf
39 lines
1.2 KiB
C++
39 lines
1.2 KiB
C++
#pragma once
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
#include <mutex>
|
|
#include <unordered_set>
|
|
#include <base/defines.h>
|
|
|
|
|
|
namespace Poco { class URI; }
|
|
namespace Poco { namespace Util { class AbstractConfiguration; } }
|
|
|
|
namespace DB
|
|
{
|
|
class RemoteHostFilter
|
|
{
|
|
/**
|
|
* This class checks if URL is allowed.
|
|
* If primary_hosts and regexp_hosts are empty all urls are allowed.
|
|
*/
|
|
public:
|
|
void checkURL(const Poco::URI & uri) const; /// If URL not allowed in config.xml throw UNACCEPTABLE_URL Exception
|
|
|
|
void setValuesFromConfig(const Poco::Util::AbstractConfiguration & config);
|
|
|
|
void checkHostAndPort(const std::string & host, const std::string & port) const; /// Does the same as checkURL, but for host and port.
|
|
|
|
private:
|
|
std::atomic_bool is_initialized = false;
|
|
|
|
mutable std::mutex hosts_mutex;
|
|
std::unordered_set<std::string> primary_hosts TSA_GUARDED_BY(hosts_mutex); /// Allowed primary (<host>) URL from config.xml
|
|
std::vector<std::string> regexp_hosts TSA_GUARDED_BY(hosts_mutex); /// Allowed regexp (<hots_regexp>) URL from config.xml
|
|
|
|
/// Checks if the primary_hosts and regexp_hosts contain str. If primary_hosts and regexp_hosts are empty return true.
|
|
bool checkForDirectEntry(const std::string & str) const;
|
|
};
|
|
}
|