Entertainment at it's peak. The news is by your side.

The Easy Ones – Three Bugs Hiding in the Open


I write so a lot about investigations into sophisticated bugs – CPU defects, kernel bugs, transient 4-GB memory allocations – nonetheless most bugs are no longer that esoteric. Now and again monitoring down a bug is as straightforward as taking note of server dashboards, spending a fast time in a profiler, or taking a watch at compiler warnings.

Right here then are three necessary bugs which I stumbled on and mounted that had been sitting within the beginning, tantalizing looking ahead to someone to perceive.

Server CPU Surprise

Memory DIMMsJust a few years within the past I spent a few weeks doing some memory investigations on live recreation servers. The servers were running Linux in a long way away data centers so mighty of my time became spent getting permissions so I could tunnel to the servers, and finding out how to successfully employ perf and diversified Linux diagnostic instruments. I stumbled on a sequence of bugs that were inflicting memory usage to be triple what it wished to be and I mounted those:

  • I stumbled on arrangement ID mismatches which meant that a novel copy of ~20 MB of data became loaded for every recreation as an substitute of being reused
  • I stumbled on an unused (!) 50 MB (!!) world variable that became memset to zero (!!!), thus guaranteeing it consumed per-job physical RAM
  • Miscellaneous smaller fixes

However that’s no longer what this chronicle is about.

Having taken the time to be taught to profile our recreation servers I figured I will have the ability to accumulate to tranquil plod around a minute extra, so I ran perf on the servers for undoubtedly one of our diversified video games. The foremost server job that I profiled became… odd. The live gaze of the CPU sampled data showed that a single characteristic became moving 100% of the CPU time. Within that characteristic it regarded as if it would display camouflage that tantalizing fourteen instructions were executing. However that didn’t designate sense.

My first assumption became I became the employ of perf incorrectly or became misinterpreting the suggestions. I checked out some diversified server processes and stumbled on that roughly half of of them were in this odd shriek. The diversified half of had CPU profiles that regarded extra regular.

The characteristic in query became traversing a linked record of navigation nodes. I requested around and stumbled on a programmer who stated that floating-level precision disorders would possibly enviornment off the sport to generate navigation lists with loops. They’d repeatedly meant to cap how many nodes will probably be traversed nonetheless had by no methodology acquired around to it.

So, mystery solved, staunch? Floating-level instabilities enviornment off loops within the navigation lists, the sport traverses them forever, the habits is explained.

However… this explanation meant that each time this happened the server job would get into an infinite loop, all avid gamers would need to disconnect, and the server job would admire an total CPU core indefinitely. If that became taking place wouldn’t we at final speed out of resources on our server machines? Wouldn’t someone accumulate, you understand, noticed?

I tracked down the server monitoring and stumbled on a graph that regarded one thing admire this:

Synthesized recreation of server CPU usage over three months

As a long way lend a hand as the monitoring went (a 365 days or two) I could gaze the every day and weekly fluctuations of server load, and overlaid on that became a month-to-month pattern. CPU usage would continuously designate bigger and then plunge lend a hand the overall style down to zero. A minute extra asking around revealed that the server machines were rebooted as soon as a month. And at final the whole lot made sense:

  • On any particular speed of a recreation there became a tiny chance that the server job would get stuck in an infinite loop
  • When this happened the avid gamers would disconnect and the server job would cease in this loop till the machines were rebooted on the tip of the month
  • The CPU monitoring dashboard clearly showed that this bug became reducing server capability by about 50% on average
  • No one ever checked out the monitoring dashboard

The repair became a few strains of code to end traversing after twenty navigation nodes, presumably saving a few million greenbacks in server and energy charges. I didn’t salvage this bug by taking a watch on the monitoring graphs, nonetheless any one who checked out them will accumulate.

I luxuriate in that the frequency of the bug became completely enviornment to maximize the label without ever barely inflicting serious sufficient problems for it to be caught. It’s admire a virus which evolves to designate other folks cough, nonetheless no longer execute them.

Behind startup

Visual Studio IDEMap developer productivity is intimately tied to the latency of the edit/bring together/link/debug cycle. That’s, having made a substitute to a source file how prolonged does it bewitch to be running a novel binary with that substitute integrated? I’ve carried out tons of work over time on reducing bring together/link times, nonetheless startup times are also necessary. Some video games enact a broad amount of work each time they are launched. I’m impatient and I’m in overall the foremost person to disclose a few hours or days making an strive to designate recreation startup speed a few seconds quicker.

On this case I ran my approved profiler and checked out the CPU usage right thru the preliminary load. There became one stage that regarded basically the most promising: about ten seconds spent initializing some lighting data. I became hopeful that there would possibly per chance furthermore very neatly be some potential to speed up those calculations and maybe keep 5 seconds or so from startup time. Earlier than digging in too deeply I consulted with the graphics skilled. They stated:

“We don’t employ that lighting data in this recreation” – “Honest bewitch away the name.”

Oh. Effectively. That became easy.

With half of an hour of profiling and a one-line substitute the originate time to the foremost menu became carve in half of, with no unprecedented effort required.

An in uncomfortable health-timed shatter

The variable arguments in printf formatting methodology that it is straightforward to get kind mismatches. The qualified results fluctuate significantly:

  1. printf(“0x%08lx”, p); // Printing a pointer as an int – truncation or worse on 64-bit
  2. printf(“%d, %f”, f, i); // Swapping drift and int – would possibly print nonsense, or would possibly in actuality work (!)
  3. printf(“%s %d”, i, s); // Swapping the say of string and int – will presumably shatter

The regular says that these mismatches are undefined habits so technically the leisure would possibly happen, and some compilers will generate code that deliberately crashes on any of these mismatches, nonetheless these are among the maybe results (aside: figuring out why #2 in overall prints the desired outcome is a staunch ABI puzzle).

These mistakes are very easy to designate so standard compilers all accumulate solutions to warn builders when they accumulate a mismatch. gcc and clang accumulate annotations for printf-style capabilities and would possibly warn on mismatches (though, sadly, the annotations don’t work on wprintf-style capabilities). VC++ has (diversified, sadly) annotations that /analyze can employ to warn on mismatches, nonetheless for individuals who’re no longer the employ of /analyze then it would handiest warn on the CRT-outlined printf/wprintf-style capabilities, no longer your have personalized capabilities.

The corporate I became working at had annotated their printf-style capabilities so as that gcc/clang would emit warnings nonetheless had then decided to ignore the warnings. This is an odd decision since these warnings are 100% glorious indicators of bugs – the signal-to-noise ratio is infinite.

I made up my mind to launch cleaning up these bugs the employ of VC++’s annotations and /analyze to be determined I stumbled on the overall bugs. I’d labored my potential thru many of the errors and had one final substitute looking ahead to code-evaluate earlier than I submitted it.

Power plugThat weekend we had a energy outage on the suggestions heart and the overall servers went down (there would possibly per chance furthermore had been some energy-configuration mistakes). The on-name other folks scrambled to get issues lend a hand up and running earlier than too mighty money became lost.

The comical ingredient about printf bugs is that they now and again misbehave 100% of the time that they’re accomplished. That’s, within the event that they are able to print fallacious data or shatter then they now and again enact it each time that they speed. So, the perfect potential that these bugs stick around is within the event that they are in logging code that is by no methodology read, or error dealing with code that is never accomplished.

It turns out that “restarting all servers concurrently” hits some code paths that are no longer generally accomplished. Servers that are beginning up crawl taking a rely on diversified servers, can’t salvage them, and print a message admire:

fprintf(log, “Can’t salvage server %s. Error code %d.n”, err, server_name);

Oops. Variadic arguments mismatch. And a shatter.

Unrelated kiteboarding pictureThe on-name other folks now had a further enviornment. The servers wished to be restarted, nonetheless that couldn’t be carried out till the shatter dumps were examined, the bug became stumbled on, the bug became mounted, the server binaries rebuilt, and a novel accomplish deployed. This became a moderately mercurial job – a few hours I maintain – nonetheless an fully avoidable one.

It felt admire the perfect chronicle to level to why we are going to have the option to build as a lot as tranquil bewitch the time to resolve these warnings – why ignore warnings that insist you that code will undoubtedly shatter or misbehave when accomplished? However no one regarded as if it would care that fixing this class of warnings would provably accumulate saved us a few hours of downtime. Indubitably, the corporate custom didn’t seem drawn to any of these fixes. However it wasn’t till this final bug that I realized I needed to circulate on to a determined company.


If everyone on a venture spends all of their time heads-down working on the facets and known bugs then there are presumably some easy bugs hiding in straightforward situation. Steal some time to survey thru the logs, tidy up compiler warnings (though, in fact, for individuals who accumulate compiler warnings or no longer it is a long way important to rethink your life decisions), and disclose a fast time running a profiler. Additional points for individuals who add personalized logging, allow some novel warnings, or employ a profiler that no-one else does.

And for individuals who designate glorious fixes that make stronger memory/CPU/stability and no-one cares, maybe salvage a company where they enact.

Read More

1 Comment
  1. […] Pingback: The Easy Ones – Three Bugs Hiding in the Open – GistTree […]

Leave A Reply

Your email address will not be published.