xds: update trace log to only print non-nullptr exceptions#44026
Conversation
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
|
cc @paul-r-gall |
| ASSERT(reason != Envoy::Config::ConfigUpdateFailureReason::ConnectionFailure); | ||
| ENVOY_LOG(trace, "ODCDS-manager: error while fetching a single resource {}: {}", | ||
| resource_name_, e->what()); | ||
| resource_name_, e == nullptr ? "exception not provided" : e->what()); |
There was a problem hiding this comment.
orz, is this causing crashes?
There was a problem hiding this comment.
After re-inspecting the code the assertion above ASSERT(reason != Envoy::Config::ConfigUpdateFailureReason::ConnectionFailure) seems to be incorrect, and was removed.
| disableInitFetchTimeoutTimer(); | ||
| stats_.update_rejected_.inc(); | ||
| ENVOY_LOG(warn, "gRPC config for {} rejected: {}", type_url_, e->what()); | ||
| ENVOY_LOG(warn, "gRPC config for {} rejected: {}", type_url_, |
There was a problem hiding this comment.
The above
// We expect Envoy exception to be thrown when update is rejected.
ASSERT(e != nullptr);
is asserting not nullptr, and if there are cases that e can be nullptr it needs to be removed, here and other places.
I then wonder if we should continue to use the raw pointer other than OptRef.
There was a problem hiding this comment.
RE OptRef vs. pointers, I'm not sure what the difference is in terms of dereferencing a nullptr vs. dereferencing a non-existent optional value.
I'll look into whether e can be null in this case or not.
There was a problem hiding this comment.
After further validation, the passed exception can only be nullptr if it is invoked with a reason that is ConnectionFailure (example).
The error-handling code typically distinguishes between the different reasons, for example:
Not a very safe pattern, but this is what there is at the moment. I've reverted the changes in all the files other than the od-cds subscriptions.
There was a problem hiding this comment.
Seems that the exception can be nullptr even with other reasons (e.g., FetchTimedout):
I still think that the pointer access pattern should be defensive, but I can see the point of having a clear understanding of the code paths.
Updated the comment accordingly.
botengyao
dismissed
their stale review
Clicked the wrong button, it is clearly not an approval ;-)
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
…_fix Signed-off-by: Adi Suissa-Peleg <adip@google.com>
|
Defer this to @botengyao |
|
Could you check the CI also? |
|
/wait |
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
…_fix Signed-off-by: Adi Suissa-Peleg <adip@google.com>
…y#44026) Commit Message: xds: update trace log to only print non-nullptr exceptions Additional Description: Upon an xDS-error, trace-logs output the exception details. However there are a few cases where an exception is created with nullptr passed. This PR introduces defensive coding in the cases where the exception details are printed out to the trace logs. Risk Level: low - only trace-logs are impacted Testing: Added unit test to avoid regression in this case. Docs Changes: N/A Release Notes: N/A - not user facing (trace logs) Platform Specific Features: N/A --------- Signed-off-by: Adi Suissa-Peleg <adip@google.com> Signed-off-by: Xuyang Tao <taoxuy@google.com>
…y#44026) Commit Message: xds: update trace log to only print non-nullptr exceptions Additional Description: Upon an xDS-error, trace-logs output the exception details. However there are a few cases where an exception is created with nullptr passed. This PR introduces defensive coding in the cases where the exception details are printed out to the trace logs. Risk Level: low - only trace-logs are impacted Testing: Added unit test to avoid regression in this case. Docs Changes: N/A Release Notes: N/A - not user facing (trace logs) Platform Specific Features: N/A --------- Signed-off-by: Adi Suissa-Peleg <adip@google.com> Signed-off-by: Jonathan Wu <jtwu@google.com>
…y#44026) Commit Message: xds: update trace log to only print non-nullptr exceptions Additional Description: Upon an xDS-error, trace-logs output the exception details. However there are a few cases where an exception is created with nullptr passed. This PR introduces defensive coding in the cases where the exception details are printed out to the trace logs. Risk Level: low - only trace-logs are impacted Testing: Added unit test to avoid regression in this case. Docs Changes: N/A Release Notes: N/A - not user facing (trace logs) Platform Specific Features: N/A --------- Signed-off-by: Adi Suissa-Peleg <adip@google.com> Signed-off-by: Nick Shipilov <nick.shipilov.n@gmail.com>
…y#44026) Commit Message: xds: update trace log to only print non-nullptr exceptions Additional Description: Upon an xDS-error, trace-logs output the exception details. However there are a few cases where an exception is created with nullptr passed. This PR introduces defensive coding in the cases where the exception details are printed out to the trace logs. Risk Level: low - only trace-logs are impacted Testing: Added unit test to avoid regression in this case. Docs Changes: N/A Release Notes: N/A - not user facing (trace logs) Platform Specific Features: N/A --------- Signed-off-by: Adi Suissa-Peleg <adip@google.com>
3 participants
Commit Message: xds: update trace log to only print non-nullptr exceptions
Additional Description:
Upon an xDS-error, trace-logs output the exception details. However there are a few cases where an exception is created with nullptr passed.
This PR introduces defensive coding in the cases where the exception details are printed out to the trace logs.
Risk Level: low - only trace-logs are impacted
Testing: Added unit test to avoid regression in this case.
Docs Changes: N/A
Release Notes: N/A - not user facing (trace logs)
Platform Specific Features: N/A