我有一些非常复杂的应用程序。它是几个图书馆的组成。 现在QA团队发现了一些问题(某些事情报告错误) Fromm日志我可以看到应用程序正在泄漏文件描述符(7小时自动测试后+1000)。 QA团队提供了关系和打开的文件和端口"来自"活动监视器"我确切地知道哪个服务器连接没有关闭。
从完整的应用程序日志中我可以看到泄漏是非常系统的(没有突然爆发),但我无法重现问题,甚至看到文件描述符的小泄漏。
即使您确定哪个服务器连接永远不会关闭,我也无法找到负责的代码。
我无法重现问题
在日志中,我可以看到我的库维护的所有资源都已正确释放,仍然服务器地址表明这是我的责任或NSURLSession(无效)。
由于还有其他库和应用程序代码,因此第三方代码导致泄漏的可能性很小。
如何找到负责泄漏文件描述符的代码?
最佳候选人使用dtruss looks very promising。
从documentation我可以看到,当使用系统API时,它可以打印堆栈回溯-s
问题是我不知道如何以这种方式使用它,以至于我不会被充斥着信息。
我只需要创建打开的文件描述符的信息以及它被关闭销毁的信息。
由于我无法重现问题,因此需要一个可由QA团队运行的脚本,以便为我提供输出。
如果还有其他方法可以找到文件描述符泄漏的来源,请告诉我。
有bunch of predefined scripts正在使用dtruss,但我没有看到符合我需求的任何内容。
奇怪的是,我所知道的唯一代码是使用有问题的连接,不要直接使用文件描述符,而是使用自定义NSURLSession(配置为:每个主机一个连接,最小TLS 1.0,禁用cookie ,自定义证书验证)。从日志中我可以看到NSURLSession已正确无效。我怀疑NSURLSession是泄密源,但目前这是唯一的候选人。
答案 0 :(得分:1)
好的,我发现了如何做 - 在Solaris 11上,无论如何。我得到了这个输出(是的,我在Solaris 11上需要root):
bash-4.1# dtrace -s fdleaks.d -c ./fdLeaker
open( './fdLeaker' ) returned 3
open( './fdLeaker' ) returned 4
open( './fdLeaker' ) returned 5
falloc fp: ffffa1003ae56590, fd: 3, saved fd: 3
falloc fp: ffffa10139d28f58, fd: 4, saved fd: 4
falloc fp: ffffa10030a86df0, fd: 5, saved fd: 5
opened file: ./fdLeaker
leaked fd: 3
libc.so.1`__systemcall+0x6
libc.so.1`__open+0x29
libc.so.1`open+0x84
fdLeaker`main+0x2b
fdLeaker`_start+0x72
opened file: ./fdLeaker
leaked fd: 4
libc.so.1`__systemcall+0x6
libc.so.1`__open+0x29
libc.so.1`open+0x84
fdLeaker`main+0x64
fdLeaker`_start+0x72
找到泄漏文件描述符的fdleaks.d dTrace脚本:
#!/usr/sbin/dtrace
/* this will probably need tuning
note there can be significant performance
impacts if you make these large */
#pragma D option nspec=4
#pragma D option specsize=128k
#pragma D option quiet
syscall::open*:entry
/ pid == $target /
{
/* arg1 might not have a physical mapping yet so
we can't call copyinstr() until open() returns
and we don't have a file descriptor yet -
we won't get that until open() returns anyway */
self->path = arg1;
}
/* arg0 is the file descriptor being returned */
syscall::open*:return
/ pid == $target && arg0 >= 0 && self->path /
{
/* get a speculation ID tied to this
file descriptor and start speculative
tracing */
openspec[ arg0 ] = speculation();
speculate( openspec[ arg0 ] );
/* this output won't appear unless the associated
speculation id is commited */
printf( "\nopened file: %s\n", copyinstr( self->path ) );
printf( "leaked fd: %d\n\n", arg0 );
ustack();
/* free the saved path */
self->path = 0;
}
syscall::close:entry
/ pid == $target && arg0 >= 0 /
{
/* closing the fd, so discard the speculation
and free the id by setting it to zero */
discard( openspec[ arg0 ] );
openspec[ arg0 ] = 0;
}
/* Solaris uses falloc() to open a file and associate
the fd with an internal file_t structure
When the kernel closes file descriptors that the
process left open, it uses the closeall() function
which walks the internal structures then calls
closef() using the file_t *, so there's no way
to get the original process file descritor in
closeall() or closef() dTrace probes.
falloc() is called on open() to associate the
file_t * with a file descriptor, so this
saves the pointers passed to falloc()
that are used to return the file_t * and
file descriptor once they're filled in
when falloc() returns */
fbt::falloc:entry
/ pid == $target /
{
self->fpp = args[ 2 ];
self->fdp = args[ 3 ];
}
/* Clause-local variables to make casting clearer */
this int fd;
this uint64_t fp;
/* array to associate a file descriptor with its file_t *
structure in the kernel */
int fdArray[ uint64_t fp ];
fbt::falloc:return
/ pid == $target && self->fpp && self->fdp /
{
/* get the fd and file_t * values being
returned to the caller */
this->fd = ( * ( int * ) self->fdp );
this->fp = ( * ( uint64_t * ) self->fpp );
/* associate the fd with its file_t * */
fdArray[ this->fp ] = ( int ) this->fd;
/* verification output */
printf( "falloc fp: %x, fd: %d, saved fd: %d\n", this->fp, this->fd, fdArray[ this->fp ] );
}
/* if this gets called and the dereferenced
openspec array element is a still-valid
speculation id, the fd associated with
the file_t * passed to closef() was never
closed by the process itself */
fbt::closef:entry
/ pid == $target /
{
/* commit the speculative tracing since
this file descriptor was leaked */
commit( openspec[ fdArray[ arg0 ] ] );
}
首先,我写了这个小C程序来泄漏fds:
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
int main( int argc, char **argv )
{
int ii;
for ( ii = 0; ii < argc; ii++ )
{
int fd = open( argv[ ii ], O_RDONLY );
fprintf( stderr, "open( '%s' ) returned %d\n", argv[ ii ], fd );
fd = open( argv[ ii ], O_RDONLY );
fprintf( stderr, "open( '%s' ) returned %d\n", argv[ ii ], fd );
fd = open( argv[ ii ], O_RDONLY );
fprintf( stderr, "open( '%s' ) returned %d\n", argv[ ii ], fd );
close( fd );
}
return( 0 );
}
然后我在这个dTrace脚本下运行它来弄清楚内核关闭孤立文件描述符的行为dtrace -s exit.d -c ./fdLeaker:
#!/usr/sbin/dtrace -s
#pragma D option quiet
syscall::rexit:entry
{
self->exit = 1;
}
syscall::rexit:return
/ self->exit /
{
self->exit = 0;
}
fbt:::entry
/ self->exit /
{
printf( "---> %s\n", probefunc );
}
fbt:::return
/ self->exit /
{
printf( "<--- %s\n", probefunc );
}
这产生了很多输出,我注意到closeall()和closef()函数,检查了源代码,并编写了dTrace脚本。
另请注意,Solaris 11上的进程退出dTrace探针是rexit探针 - 可能在OSX上发生更改。
Solaris上最大的问题是在内核代码中获取文件的文件描述符,以关闭孤立的文件描述符。 Solaris不会被文件描述符关闭,它会在进程的内核打开文件结构中由struct file_t指针关闭。因此,我必须检查Solaris源代码以确定fd与file_t *的关联位置 - 以及falloc() function中的内容。 dTrace脚本将file_t *与其fd关联在一个关联数组中。
这些都不适用于OSX。
如果你很幸运,OSX内核将通过文件描述符本身关闭孤立的文件描述符,或者至少提供一些告诉你fd正在关闭的东西,可能是一个审计功能。