[SERVER-48146] FailPoint usage is unsafe at static init and shutdown time - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.9.0
Component/s: Internal Code
Labels:
- servicearch-wfbf-day

Backwards Compatibility:
Fully Compatible
Sprint:
Service arch 2020-12-28

Description

FailPoint objects are designed to be defined as nonlocal objects, and referred to in arbitrary code paths as e.g. `if (failpoint.shouldFail()) ...` to provide test injection and instrumentation. Calls to FailPoint::shouldFail must to be correct even before the failpoint initializer has run, or after the failpoint has been destroyed.

We can fix it by making FailPoint objects into trivial facade objects using std::aligned_storage that lazily initializes its state when member functions are called.

For performance paths that are known to be lifetime-safe, we can use an accessor to get at the unchecked state of the FailPoint, skipping the atomic initializer guard.

Attachments

Issue Links

is related to

SERVER-53409 refresh some names in FailPoint implementation

Closed

Activity

People

Assignee:: Billy Donahue

Reporter:: Billy Donahue

Participants:: Billy Donahue, Githook User, Jason Carey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: May 12 2020 05:28:34 PM UTC

Updated:: Jan 29 2021 08:13:05 PM UTC

Resolved:: Dec 17 2020 01:16:22 PM UTC