CN114546703B - File handle monitoring and leakage analysis method and device and electronic equipment - Google Patents

File handle monitoring and leakage analysis method and device and electronic equipment Download PDF

Info

Publication number
CN114546703B
CN114546703B CN202210187756.6A CN202210187756A CN114546703B CN 114546703 B CN114546703 B CN 114546703B CN 202210187756 A CN202210187756 A CN 202210187756A CN 114546703 B CN114546703 B CN 114546703B
Authority
CN
China
Prior art keywords
file handle
leakage
file
information
acquisition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210187756.6A
Other languages
Chinese (zh)
Other versions
CN114546703A (en
Inventor
杜中原
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Keynote Network Inc
Original Assignee
Beijing Keynote Network Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Keynote Network Inc filed Critical Beijing Keynote Network Inc
Priority to CN202310063692.3A priority Critical patent/CN116126577B/en
Priority to CN202210187756.6A priority patent/CN114546703B/en
Publication of CN114546703A publication Critical patent/CN114546703A/en
Application granted granted Critical
Publication of CN114546703B publication Critical patent/CN114546703B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • G06F11/0754Error or fault detection not based on redundancy by exceeding limits
    • G06F11/076Error or fault detection not based on redundancy by exceeding limits by exceeding a count or rate limit, e.g. word- or bit count limit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/073Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a memory management context, e.g. virtual memory or cache management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0793Remedial or corrective actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/302Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/81Threshold
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/865Monitoring of software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/88Monitoring involving counting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/885Monitoring specific for caches

Abstract

The disclosure relates to the field of computers, and provides a file handle monitoring and leakage analysis method and device and an electronic device, wherein the file handle monitoring method comprises the following steps: periodically determining the number of file handles of a process; determining a leakage level corresponding to the number of file handles, wherein the leakage level is one of at least two preset leakage levels; acquiring file handle leakage information according to an acquisition strategy associated with the leakage level, wherein the file handle leakage information comprises a call stack for creating file handle operation; and sending file handle leakage information corresponding to the file handle which reaches the preset time length and is not closed to the server after the file handle leakage information is created. The file handle leak analysis method comprises the following steps: receiving leakage information of a plurality of file handles of a process; and performing aggregation classification on call stacks contained in the leakage information of the file handles to obtain one or more call paths and the occurrence frequency of each call path. With one or more embodiments of the present disclosure, file handle monitoring may be implemented.

Description

File handle monitoring and leakage analysis method and device and electronic equipment
Technical Field
The invention relates to the technical field of computers, in particular to a file handle monitoring and leakage analyzing method and device and electronic equipment.
Background
The main reason for handle leakage is that after the file handle is created, the process does not perform the file handle closing operation to close the created file handle. There is typically a limit on the number of file handles that a process can call. If the limit value is exceeded, the process cannot acquire a new file handle. Therefore, leakage of file handles causes great hidden danger to the functional failure of the process.
Disclosure of Invention
According to an aspect of the present disclosure, there is provided a file handle monitoring method, including: periodically determining the number of file handles of a process; determining a leakage level corresponding to the number of file handles, wherein the leakage level is one of at least two preset leakage levels; acquiring file handle leakage information according to acquisition strategies associated with leakage levels, wherein the acquisition strategies associated with each leakage level are different, and the file handle leakage information comprises a call stack for creating file handle operation; and sending file handle leakage information corresponding to the file handle which reaches the preset time length and is not closed to the server after the file handle leakage information is created.
In some embodiments, the acquisition policy is configured to: the higher the leak level, the higher the frequency and/or number of acquisitions.
In some embodiments, the file handle monitoring method further comprises at least one of: sending the leakage grade as file handle leakage information to a server; determining a time stamp of the operation of creating the file handle, and sending the time stamp of the operation of creating the file handle as file handle leakage information to a server; collecting information of file handles created by file handle creating operation, and sending the information of the file handles as file handle leakage information to a server; and determining thread information for creating file handle operation, and sending the thread information serving as file handle leakage information to the server.
In some embodiments, the information of the file handle includes: the type of the file handle and/or the name of the file handle.
In some embodiments, after collecting the file handle leakage information according to the collection policy associated with the leakage level, the method further includes: caching file handle leakage information; when closing the file handle operation, clearing the corresponding file handle leakage information; the method for sending the file handle leakage information corresponding to the file handle which reaches the preset time length and is not closed after being created to the server side comprises the following steps: judging whether the file handle leakage information is cached for a preset time and is not cleared; and if the file handle leakage information cache reaches the preset time length and is not cleared, sending the file handle leakage information which is cached for the preset time length and is not cleared to the server.
In some embodiments, collecting file handle leakage information according to a collection policy associated with a leakage level comprises: the method comprises the steps that a first thread determines an acquisition enabling identifier according to an acquisition strategy associated with a leakage level, wherein the first thread is a non-user thread; and the second thread responds to the file handle creating operation and collects file handle leakage information according to the collection enabling identification, wherein the second thread is a user thread.
In some embodiments, the first thread determining the collection-enabled identifier according to the collection policy associated with the leakage level includes: the first thread determines an acquisition period and an acquisition period interval according to an acquisition strategy associated with the leakage grade; the first thread sets acquisition enabling identification to be allowed to be acquired in an acquisition period, and sets the acquisition enabling identification to be forbidden to be acquired at an acquisition period interval.
In some embodiments, the file handle monitoring method further comprises: and the first thread determines the maximum collection times of the collection period according to the collection strategy associated with the leakage grade.
In some embodiments, the file handle monitoring method further comprises: the second thread responds to the operation of creating the file handle and judges whether the acquisition enabling identification is allowed to be acquired or not; if the acquisition enabling identifier is allowed to be acquired, the second thread judges whether the acquisition times of the acquisition period reach the maximum acquisition times; and if the collection times of the collection period do not reach the maximum collection times, the second thread collects file handle leakage information.
In some embodiments, the file handle monitoring method further comprises: and if the collection times of the collection period reach the maximum collection times, the second thread or the first thread sets a collection enabling identifier as collection prohibition.
In some embodiments, the file handle monitoring method further comprises: the first thread determines the duration of the leak level; and if the duration of the leakage grade reaches the preset duration corresponding to the leakage grade, setting the acquisition enabling identifier as forbidden acquisition by the first thread until the leakage grade is improved.
In some embodiments, the acquisition policy is configured to: the higher the leak level, the longer the acquisition period and/or the shorter the acquisition period interval, and/or the higher the leak level, the greater the maximum number of acquisitions for the acquisition period.
In some embodiments, after sending the file handle leakage information that is not cleared after the cache reaches the preset time duration to the server, the method further includes: the sent file handle leakage information is marked as sent or cleared from the cache.
According to another aspect of the present disclosure, there is provided a file handle leak analysis method including: receiving a plurality of file handle leakage information of a process, wherein the file handle leakage information comprises a call stack for creating file handle operation, and at least part of the file handle leakage information corresponds to a file handle which reaches a preset time length and is not closed after being created; and performing aggregation classification on call stacks contained in the leakage information of the file handles to obtain one or more call paths and the first times of occurrence of each call path.
In some embodiments, each file handle leakage information further comprises: creating the type of the file handle created by the file handle operation; the method for performing aggregation classification on call stacks contained in the leakage information of the file handles to obtain one or more call paths and the first number of times of each call path includes the following steps: and performing aggregation classification on the call stacks contained in the leakage information of the multiple file handles according to the types of the file handles to obtain one or more call paths corresponding to the types of the file handles and the first times of occurrence of each call path.
In some embodiments, each file handle leaks information further comprising: the leakage level corresponding to the file handle leakage information; the file handle leakage analysis method further comprises the following steps: a second number of occurrences of at least a portion of the call path at each of the leakage levels is determined.
In some embodiments, each file handle leakage information further comprises: creating a name of a file handle created by the file handle operation; the file handle leakage analysis method further comprises the following steps: and determining the name of each file handle corresponding to at least part of the call path and the third frequency of occurrence of the name of each file handle.
In some embodiments, the file handle leak analysis method further comprises: and for each calling path, determining a root index of the calling path according to the first times and the second times of the calling path, wherein the root index indicates the possibility that the calling path is the cause of file handle leakage, and the contribution of the second times corresponding to the leakage levels to the root index is higher when the leakage levels are higher.
In some embodiments, receiving a plurality of file handle leakage information for a process includes: receiving leakage information of a plurality of file handles of a process in a preset time period; wherein, the method also comprises: for each call path: determining a time difference value between a time stamp of file handle operation and the starting time of a preset time period in each file handle leakage information corresponding to the calling path; determining the median of the time difference value corresponding to the file handle leakage information corresponding to the calling path; determining the deviation degree of the time difference value of the file handle leakage information corresponding to the calling path relative to the median; and determining a root cause index of the calling path according to the deviation degree, the first frequency and the second frequency of the calling path, wherein the root cause index indicates the possibility that the calling path is the cause of the leakage of the file handle, the contribution of the second frequency corresponding to the leakage level is higher when the leakage level is higher, and the deviation degree is positively correlated with the root cause index.
In some embodiments, the file handle leak analysis method further comprises: receiving the file handle number of a process reported periodically; judging whether the number of file handles of the process exceeds a preset alarm threshold value or not; and if the number of the file handles of the process exceeds a preset alarm threshold value, sending an alarm notice.
According to still another aspect of the present disclosure, there is provided a file handle monitoring apparatus including: the first determining module is used for periodically determining the number of file handles of a process; the second determining module is used for determining a leakage grade corresponding to the number of the file handles, wherein the leakage grade is one of at least two preset leakage grades; the file processing device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring file handle leakage information according to acquisition strategies associated with leakage levels, the acquisition strategies associated with each leakage level are different, and the file handle leakage information comprises a call stack for creating file handle operation; and the sending module is used for sending the file handle leakage information corresponding to the file handle which reaches the preset time length and is not closed to the server after being created.
According to still another aspect of the present disclosure, there is provided a file handle leak analysis apparatus including: the device comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a plurality of file handle leakage information of a process, the file handle leakage information comprises a call stack for creating file handle operation, and at least part of the file handle leakage information corresponds to a file handle which reaches a preset time length and is not closed after being created; and the aggregation module is used for performing aggregation classification on the call stacks contained in the leakage information of the file handles to obtain one or more call paths and the first times of occurrence of each call path.
According to still another aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory storing a program, wherein the program comprises instructions that, when executed by the processor, cause the processor to perform the method of any embodiment of the disclosure.
According to yet another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of any of the embodiments of the present disclosure.
One or more technical solutions provided in the embodiments of the present disclosure may implement monitoring leakage of file handles.
Drawings
Further details, features and advantages of the disclosure are disclosed in the following description of exemplary embodiments, taken in conjunction with the accompanying drawings, in which:
FIG. 1 shows a schematic diagram of an example system in which various methods described herein may be implemented, according to an example embodiment of the present disclosure;
FIG. 2 illustrates a flow diagram of a file handle monitoring method according to an exemplary embodiment of the present disclosure;
FIG. 3 illustrates another flowchart of a file handle monitoring method according to an exemplary embodiment of the present disclosure;
FIG. 4 illustrates a flowchart for collecting file handle leakage information according to a collection policy associated with a leakage level according to an exemplary embodiment of the present disclosure;
FIG. 5 illustrates yet another flowchart of a file handle monitoring method according to an exemplary embodiment of the present disclosure;
FIG. 6 shows a block diagram of a file handle monitoring apparatus according to an example embodiment of the present disclosure;
FIG. 7 illustrates a flow diagram of a file handle leak analysis method in accordance with an exemplary implementation of the present disclosure;
FIG. 8 illustrates another flow diagram of a file handle leak analysis method according to an exemplary implementation of the present disclosure;
FIG. 9 illustrates yet another flow diagram of a file handle leak analysis method according to an exemplary implementation of the present disclosure;
FIG. 10 shows a schematic diagram of a graphical user interface for file handle leak analysis, according to an example embodiment of the present disclosure;
fig. 11 is a block diagram illustrating a structure of a file handle leak analysis apparatus according to an exemplary embodiment of the present disclosure;
FIG. 12 illustrates a block diagram of an exemplary electronic device that can be used to implement embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based at least in part on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description. It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
Aspects of the present disclosure are described below with reference to the accompanying drawings.
Fig. 1 shows a schematic diagram of an example system in which various methods described herein may be implemented, according to an example embodiment of the present disclosure, and as shown in fig. 1, an example system 100 includes: a monitoring device 110 and a server 120. The monitoring device 110 is communicatively coupled to the server 120. The monitoring device 110 is configured to monitor the application 200 and transmit monitoring data to the server 120. The server 120 is configured to receive and store the monitoring data, and may count and analyze the monitoring data.
As an example, the example system 100 can also include a client 130, the client 130 communicatively coupled with the server 120. The client 130 may be configured to display monitoring data, display statistics and analysis results of the detection data, and the like. Clients 130 may include electronic devices such as personal computers, smart phones, tablets, monitor screens, etc., which may be configured to display information and respond to user actions through a graphical user interface such as a browser, application, etc.
Application 200 may comprise a server-side application program. As one example, the application 200 may be a component or service in a microservice rack. Application 200 may include one or more processes, illustrated in FIG. 1 as process 1 through process n, which may be any natural number.
In some cases, the operating system may limit the number of file handles that each process of application 200 may call, beyond which limit a process may not obtain a new file handle. For example, in the Linux environment, everything is represented by files, devices are files, directories are files, and sockets (sockets) are files. The Linux system limits the number of file handles that can be called by the processes, and under the default condition, the maximum number of file handles that can be called by each process is 1024. Wherein, one line of file descriptors represents the number threshold of file handles which can be owned by the current user, the current terminal and a single process, and can be temporarily modified by using an ulimit-n threshold command, and the logging-out is invalid. If permanent modification is desired, ulimit-n threshold may be written into the user's bush _ profile file or/etc/profile. In the Linux system, the maximum handle number limited by each process can be checked through ulimit-n, the maximum file handle number which can be opened by the Linux process is limited, and if the limit is exceeded, an application program can throw exceptions (to man open files).
The monitoring device 110 may be configured to monitor the file handle of at least one of the processes 1 to n to monitor file handle leakage.
Fig. 2 illustrates a flowchart of a file handle monitoring method according to an exemplary embodiment of the present disclosure, and as illustrated in fig. 2, the method includes steps S201 to S204.
In step S201, the number of file handles of a process is periodically determined.
In this embodiment, after determining the number of file handles, step S202 to step S204 are performed.
In step S202, the leakage level corresponding to the number of file handles is determined.
In this embodiment, the leakage level is from one of at least two preset leakage levels. In one embodiment, the leakage level includes a first leakage level and a second leakage level, the first leakage level having a lower leakage level than the second leakage level. In another embodiment, the leakage levels include first, second and third leakage levels, with the leakage levels increasing from the first and second to the third leakage levels in sequence. The leakage levels may be represented by an identification of the leakage levels, such as, but not limited to, first, second, and third leakage levels, which are respectively designated as "1", "2", and "3".
Step S203, collecting file handle leakage information according to the collection strategy associated with the leakage level, wherein the file handle leakage information comprises a call stack for creating file handle operation.
In this embodiment, each leakage level is associated with a corresponding acquisition policy for acquiring file handle leakage information, and the acquisition policies associated with each leakage level are different, thereby realizing acquisition of file handle leakage information for different leakage levels according to different acquisition policies. The acquisition policy may be pre-configured. The acquisition strategy may be configured to adjust the frequency and/or number of acquisitions. As one embodiment, the acquisition policy is configured to: the higher the leak level, the more frequent and/or frequent the acquisition.
And step S204, sending file handle leakage information corresponding to the file handle which reaches the preset time length and is not closed to the server after being created.
If a file handle is not closed for a long time after being created, it can be considered that there may be a file handle leak in the operation that creates the file handle. And if the preset time length is reached and the corresponding file handle is not closed after the file handle creating operation, sending the leakage information of the corresponding file handle to the server.
In this embodiment, the server may be configured to perform file handle leakage analysis based on the collected file handle leakage information.
In some embodiments, the leakage level may also be sent to the server as file handle leakage information. As an embodiment, the leakage level is sent with the call stack that created the file handle operation.
In some embodiments, a timestamp of the operation of creating the file handle is determined, and the timestamp of the operation of creating the file handle is sent to the server as the file handle leakage information.
In some embodiments, the information of the file handle created by the file handle creating operation is collected, and the information of the file handle is sent to the server as file handle leakage information. As one embodiment, the information of the file handle includes a type of the file handle. As another embodiment, the information of the file handle includes a name of the file handle. As one embodiment, the information of the file handle includes the type and name of the file handle.
In some embodiments, thread information for creating the file handle operation is determined, and the thread information is sent to the server as file handle leakage information.
In some embodiments, the number of file handles is sent to the server. As one embodiment, the number of file handles for a process is periodically determined and sent.
Fig. 3 illustrates another flowchart of a file handle monitoring method according to an exemplary embodiment of the present disclosure, and as illustrated in fig. 3, the method includes steps S301 to S306.
In step S301, the number of file handles of a process is periodically determined.
Step S302, determining the leakage level corresponding to the number of file handles.
According to the method, the leakage level corresponding to the file handle number is determined according to the corresponding relation between the leakage level and the file handle number range. The range of the number of file handles corresponding to each leakage level may be set in advance.
As an example, the file handle number range corresponding to the first leakage level is set to be 512-630, the file handle number corresponding to the second leakage level is set to be 631-758, and the file handle number corresponding to the third leakage level is set to be 759-1021 in advance. If the number of the file handles determined each time is less than 512, the file handles are considered to be not leaked; if between 512 and 630, the first leakage level is determined.
Step S303, collecting file handle leakage information according to a collection strategy associated with the leakage level, wherein the file handle leakage information comprises a call stack for creating file handle operation.
Step S304, caching the file handle leakage information, and clearing the corresponding file handle leakage information when closing the file handle operation.
As an embodiment, in step S303, collecting file handle leakage information may further include, but is not limited to, at least one of the following: determining a time stamp of the operation of creating the file handle; collecting information of file handles created by file handle creating operation; thread information for creating a file handle operation is determined.
As an embodiment, in step S304, the cached file handle leakage information may further include, but is not limited to, at least one of the following: a leakage level, a timestamp of the operation creating the file handle, information of the file handle created by the operation creating the file handle, or thread information of the operation creating the file handle.
In step S305, it is determined whether the file handle leakage information is cached for a preset duration and is not cleared. If the file handle leakage information cache reaches the preset time and is not cleared, the process proceeds to step S306.
Step S306, the file handle leakage information which is not cleared when the cache reaches the preset time length is sent to the server.
In one embodiment, after the file handle leakage information which is cached for a preset time and not cleared is sent, the file handle leakage information is marked as sent or cleared.
In some embodiments, file handle leakage information is collected by a first thread and a second thread according to a collection policy associated with a leakage level, wherein the first thread is a non-user thread and the second thread is a user thread. In this embodiment, the user thread is a thread that implements a function of an application, and the non-user thread is relative to whether to implement the function of the application. The process may include one or more second threads.
Fig. 4 shows a flowchart for collecting file handle leakage information according to a collection policy associated with a leakage level according to an exemplary embodiment of the present disclosure, and as shown in fig. 4, the flowchart includes steps S401 to S402.
Step S401, the first thread determines an acquisition enabling identifier according to an acquisition strategy associated with the leakage level.
Wherein the acquisition enable flag can be set to enable acquisition and disable acquisition.
In step S402, the second thread collects file handle leakage information according to the collection enable identifier in response to the create file handle operation.
And the second thread judges whether the acquisition enabling identifier is allowed to be acquired or not, acquires file handle leakage information if the acquisition enabling identifier is allowed to be acquired, and ignores the file handle creating operation if the acquisition enabling identifier is forbidden to be acquired.
As shown in fig. 4, the first thread (non-user thread) executes the logic of the collection policy to determine the collection enabling identifier, and the second thread (user thread) collects data according to the collection enabling identifier, so that at least the monitoring task performed by the user thread can be reduced, and the influence of monitoring on the performance of the application can be reduced.
In order to achieve uniform acquisition over a period of time during which the leakage level lasts, as an embodiment, in step S401, the first thread determines an acquisition period and an acquisition period interval according to an acquisition policy associated with the leakage level. The first thread sets acquisition enabling identification to be allowed to be acquired in an acquisition period, and sets the acquisition enabling identification to be forbidden to be acquired at an acquisition period interval. As one embodiment, the acquisition policy is configured to: the higher the leak level the longer the acquisition period and/or the shorter the acquisition period interval.
As an example, each acquisition period is 1 minute, with an acquisition period of 2 minutes apart, thereby allowing for 1 minute acquisition every 2 minutes. Setting an acquisition enabling identifier to be allowed to acquire within 1 minute of allowing the acquisition; the acquisition enable flag is set to disable acquisition within 2 minutes of the interval. Within 1 minute of allowing collection, the second thread collects file handle leakage information according to the collection enable identification in response to the create file handle operation.
In one embodiment, the first thread sets the acquisition enable flag to enable acquisition and starts timing at the beginning of each acquisition period, the timing is the duration of the acquisition period (e.g., 30 seconds), the timing ends, that is, the acquisition period ends, the first line Cheng Jiangjiang acquisition enable flag is set to disable acquisition and starts timing, the timing is the duration of the acquisition period interval (e.g., 60 seconds), the timing ends, that is, the acquisition period interval ends, and the next acquisition period can be entered.
In one embodiment, the first thread determines that the period of the number of file handles of the process (e.g., 30 seconds) is greater than the acquisition period (e.g., 20 seconds) and less than the sum of the acquisition period and the acquisition period interval (e.g., 20 seconds). At this point, the first thread determines the number of file handles for the process at intervals during the collection and determines a level of leakage based on the number of file handles. If the newly determined leak level is different relative to the last determined leak level, the first thread re-determines the corresponding acquisition period and acquisition period interval. If the newly determined leak level is the same as the last determined leak level, the first thread may enter the next acquisition period after the timing (i.e., the acquisition period interval) has ended.
In one embodiment, the first thread determines that the period of the number of file handles of the process (e.g., 30 seconds) is less than the acquisition period (e.g., 60 seconds). At this point, the first thread determines the number of file handles for the process during the collection period and determines a leakage level based on the number of file handles. If the newly determined leakage grade is different from the leakage grade determined last time, the first thread re-determines the corresponding acquisition period and acquisition period interval, and can start to acquire according to the new acquisition period and acquisition period interval or start to acquire according to the new acquisition period and acquisition period interval after the current acquisition period is finished.
In order to avoid the influence on the application performance due to excessive collection times, as an implementation manner, the first thread determines the maximum collection times of the collection period according to a collection strategy associated with the leakage level, so as to limit the collection times of the second thread in the collection period. As an embodiment, the acquisition policy is configured to: the higher the leak rating the greater the maximum number of acquisitions for a period of time to acquire more acquisitions when the leak rating is high.
In one embodiment, the second thread determines whether the collection enable flag is collection enabled in response to the create file handle operation. If the collection enabling mark is allowed to be collected, the second thread judges whether the collection times of the collection period reach the maximum collection times. And if the collection times of the collection period do not reach the maximum collection times, the second thread collects file handle leakage information.
As an embodiment, if the collection number of the collection period reaches the maximum collection number, the second thread or the first thread sets the collection enable flag as the collection prohibition. Therefore, in the acquisition period, the second thread responds to the operation of creating the file handle, and the acquisition enabling identifier is the operation of forbidding acquisition and can not be acquired, so that whether the acquisition frequency of the acquisition period reaches the maximum acquisition frequency or not can not be judged, and the influence on the application performance can be reduced.
As an embodiment, each leakage level is configured with the same acquisition period and acquisition period interval and with different maximum acquisition times. The first thread determines the file handle number of the process according to a preset period, and determines the leakage level corresponding to the file handle number. And updating the maximum collection times of the collection period when the new leakage grade is determined to be different from the previous leakage grade.
After the leakage grade lasts for a long time, the leakage risk is considered not to be low, and collection is still carried out under the condition of avoiding low leakage risk; and if the duration of the leakage grade reaches the preset duration corresponding to the leakage grade, setting the acquisition enabling identifier as forbidden acquisition by the first thread until the leakage grade is improved.
As an example, the preset duration corresponding to the first leakage level is set to 24 hours, when the duration of the first leakage level reaches 24 hours, the first thread sets the collection enable flag to be prohibited from collecting, and then the second thread does not collect until the leakage level determined based on the number of file handles is increased compared with the current leakage level (for example, the leakage level is increased from the first leakage level to the second leakage level), and then collection can be performed according to the collection policy associated with the determined leakage level.
In one embodiment, the first thread also determines the number of file handles of the process periodically, and determines the leakage level corresponding to the number of file handles. In one embodiment, the file handle leakage information is sent to the server by a third thread, wherein the third thread is a non-user thread.
The following describes a method for monitoring a file handle by a detection Thread (Check Thread), a User Thread (User Thread), and a Report Thread (Report Thread), where the detection Thread and the Report Thread are non-User threads.
Fig. 5 illustrates still another flowchart of a file handle monitoring method according to an exemplary embodiment of the present disclosure, as illustrated in fig. 5, including steps S501 to S522.
Step S501, the detection thread periodically determines the number of file handles of the process.
As an example, the detection thread may be configured to determine the number of file handles of a process at a preset period (e.g., 30 seconds).
Step S502, the detection thread determines the leakage level corresponding to the number of file handles.
Step S503, the detection thread determines the collection enabling identification and the maximum collection times of the collection period according to the collection strategy associated with the leakage level.
And the detection thread determines an acquisition period and an acquisition period interval according to an acquisition strategy associated with the leakage grade. The detection thread sets the collection enabling identification to be allowed to be collected in the collection period, and sets the collection enabling identification to be forbidden to be collected at the collection period interval. As one embodiment, the acquisition policy is configured to: the higher the leak level the longer the acquisition period and/or the shorter the acquisition period interval.
As one embodiment, the detection thread determines the duration of the leak level; and if the duration of the leakage grade reaches the preset duration corresponding to the leakage grade, setting the acquisition enabling identifier as forbidden acquisition by the detection thread until the leakage grade is improved.
In step S511, the user thread responds to the operation of creating the file handle, and determines whether the collection enable flag is collection enabled. If the acquisition enable flag is set to allow acquisition, the flow proceeds to step S512. And if the collection is forbidden, the user thread does not collect.
In step S512, the user thread determines whether the current collection frequency reaches the maximum collection frequency. If the maximum number of acquisitions is reached, the process proceeds to step S513. If the maximum collection number is not reached, the process proceeds to step S514.
In one embodiment, the detection thread resets the number of times of acquisition of the user thread to zero after one acquisition cycle is ended and before the next acquisition cycle is started.
In step S513, the user thread sets the capture enable flag to be disabled for capture.
In step S514, the user thread collects file handle leakage information. The file handle leakage information collected by the user thread includes a call stack for creating file handle operations.
As an embodiment, the user thread also leaks the level of leakage as file handle leakage information.
As one embodiment, the user thread also determines a timestamp of the create file handle operation and also uses the timestamp of the create file handle operation as file handle leakage information.
In one embodiment, the user thread collects information of the file handle created by the operation of creating the file handle, and the information of the file handle is used as leakage information of the file handle.
In one embodiment, the user thread determines thread information (i.e., user thread) for creating the file handle operation, and the thread information is used as file handle leakage information.
In step S515, the user thread caches the file handle leakage information, and clears the corresponding file handle leakage information when closing the file handle operation.
As an embodiment, the create file handle operation is embedded, and the embedded code is configured to perform the above steps S511 to S515. When the file handle operation is performed, the above-described steps S511 to S515 are performed.
In step S521, the reporting thread determines whether the file handle leakage information is cached for a preset duration and is not cleared. If the file handle leakage information cache has not been cleared for the preset time period, the process proceeds to step S522.
In step S522, the reporting thread sends the file handle leakage information that is not cleared when the cache reaches the preset duration to the server.
As an embodiment, the file handle leakage information includes: the leakage level, the call stack of the operation of creating the file handle, the timestamp of the operation of creating the file handle, the information of the file handle created by the operation of creating the file handle, and the information of the thread of the operation of creating the file handle. As an example, the information of the file handle includes: the name of the file handle and/or the type of the file handle.
Fig. 6 is a block diagram illustrating a structure of a file handle monitoring apparatus according to an exemplary embodiment of the present disclosure, and as shown in fig. 6, the apparatus includes: a first determining module 610 for periodically determining the number of file handles of the process. And a second determining module 620, connected to the first determining module 610, for determining a leakage level corresponding to the number of file handles, where the leakage level is one of at least two preset leakage levels. The collecting module 630 is connected to the second determining module 620, and configured to collect file handle leakage information according to collection policies associated with leakage levels, where the collection policies associated with each leakage level are different, and the file handle leakage information includes a call stack for creating a file handle operation. And the sending module 640 is connected to the collecting module 630, and is configured to send file handle leakage information corresponding to a file handle that reaches a preset time length after being created and is not closed to the server.
In some embodiments, the acquisition strategy is configured to acquire more frequently and/or more times the leak level is higher.
In some embodiments, the sending module 640 is further configured to send the leakage level as file handle leakage information to the server. The collecting module 630 is further configured to determine a timestamp of the file handle creating operation, and the sending module 640 is further configured to send the timestamp of the file handle creating operation to the server as file handle leakage information. The collecting module 630 is further configured to collect information of a file handle created by the file handle creating operation, and the sending module 640 is further configured to send the information of the file handle to the server as file handle leakage information, where the information of the file handle may include a type of the file handle and/or a name of the file handle. The collecting module 630 is further configured to determine thread information for creating a file handle operation, and the sending module 640 is further configured to send the thread information to the server as file handle leakage information.
In some embodiments, the collection module 630 is further configured to cache file handle leakage information; and when the file handle operation is closed, clearing the corresponding file handle leakage information. The sending module 640 is further configured to determine whether the file handle leakage information is cached for a preset duration and is not cleared; and if the file handle leakage information cache reaches the preset time length and is not cleared, sending the file handle leakage information which is cached for the preset time length and is not cleared to the server.
In some embodiments, the acquisition module 630 is configured to: determining an acquisition enabling identifier at a first thread according to an acquisition strategy associated with the leakage level, wherein the first thread is a non-user thread; and collecting file handle leakage information according to the collection enabling identification in response to the file handle creating operation at the second thread, wherein the second thread is a user thread.
In some embodiments, the acquisition module 630 is specifically configured to: determining an acquisition period and an acquisition period interval at the first thread according to an acquisition strategy associated with the leakage level; the first thread sets the collection enabling identification to be set as collection permission in the collection period, and sets the collection enabling identification to be collection prohibition at the collection period interval.
In some embodiments, the acquisition module 630 is further configured to: determining the maximum collection times of the collection period at the first thread according to the collection strategy associated with the leakage level.
In some embodiments, the acquisition module 630 is specifically configured to: responding to the file handle creating operation at the second thread, and judging whether the acquisition enabling identifier is allowed to be acquired or not; if the acquisition enabling identifier is allowed to be acquired, the second thread judges whether the acquisition times of the acquisition period reach the maximum acquisition times; and if the collection times of the collection period do not reach the maximum collection times, the second thread collects file handle leakage information.
In some embodiments, the acquisition module 630 is specifically configured to: and if the collection times in the collection period reach the maximum collection times, setting a collection enabling identifier as forbidden collection at the second thread or the first thread.
In some embodiments, the acquisition module 630 is specifically configured to: determining, at a first thread, a length of time that a leak level persists; and if the duration of the leakage grade reaches the preset duration corresponding to the leakage grade, setting the acquisition enabling identifier as forbidden acquisition at the first thread until the leakage grade is improved.
In some embodiments, the acquisition policy is configured to: the higher the leak level the greater the maximum number of acquisitions for the acquisition period.
In some embodiments, the second determining module 620 is configured to determine the leakage level corresponding to the file handle number according to the correspondence between the leakage level and the file handle number range.
The disclosure also provides a file handle leakage analysis method.
Fig. 7 shows a flowchart of a file handle leak analysis method according to an exemplary implementation of the present disclosure, and as shown in fig. 7, the method includes steps S701 to S702.
In step S701, a plurality of file handle leakage information of a process is received.
The file handle leakage information comprises a call stack for creating file handle operation, and at least part of the file handle leakage information corresponds to the file handle which is not closed and reaches a preset time length after being created.
Step S702, performing aggregation classification on the call stacks included in the multiple pieces of file handle leakage information to obtain one or more call paths and a first number of times that each call path occurs.
Fig. 8 shows another flowchart of a file handle leak analysis method according to an exemplary implementation of the present disclosure, and as shown in fig. 8, the method includes steps S801 to S802.
In step S801, a plurality of file handle leakage information of a process is received.
The file handle leakage information comprises a call stack for creating the file handle operation and the type of the file handle created by the file handle creating operation, and at least part of the file handle leakage information corresponds to the file handle which is not closed and reaches a preset time length after being created.
Step S802, according to the type of the file handle, performing aggregation classification on the call stacks contained in the leakage information of the file handles to obtain one or more call paths corresponding to the types of the file handles and the first times of occurrence of each call path.
In some embodiments, each file handle leakage information may further include a leakage level corresponding to the file handle leakage information, and the file handle leakage analysis method further includes: a second number of occurrences of at least a portion of the call path at each leakage level is determined.
In some embodiments, each file handle leakage information may further include a name of a file handle created by the create file handle operation, and the file handle leakage analysis method may further include: and determining the name of each file handle corresponding to at least part of the call path and the third frequency of occurrence of the name of each file handle.
Fig. 9 illustrates yet another flowchart of a file handle leak analysis method according to an exemplary implementation of the present disclosure, and as shown in fig. 9, the method includes steps S901 to S904.
In step S901, a plurality of file handle leakage information of a process is received.
The file handle leakage information comprises a call stack for creating file handle operation and a leakage level corresponding to the file handle leakage information, and at least part of the file handle leakage information corresponds to a file handle which reaches a preset time length after being created and is not closed.
Step S902, performing aggregation classification on the call stacks included in the multiple pieces of file handle leakage information to obtain one or more call paths and a first number of times that each call path occurs.
Step S903, determining a second number of occurrences of at least a portion of the call paths at each leakage level.
And step S904, determining the root index of each calling path according to the first times and the second times of the calling path. The root index indicates the possibility that the calling path is the cause of the leakage of the file handle, and the contribution of the second times corresponding to the leakage levels to the root index is higher when the leakage levels are higher. In one embodiment, the higher the leak level, the higher the weight of the second degree corresponding to the device.
As an example, the leakage levels are a first level, a second level and a third level in sequence from low to high, and the weights of the first level, the second level and the third level are a1, a2 and a3 in sequence, wherein a1< a2< a3. The root Index can be determined as follows: index = a1 × T1+ a2 × T2+ a3 × T3+ b × T, where T denotes a first degree, b denotes a weight of the first degree, and T1, T2, and T3 denote second degrees corresponding to the first stage, the second stage, and the third stage, respectively.
In some embodiments, receiving a plurality of file handle leakage information for a process includes: and the receiving process leaks information from a plurality of file handles within a preset time period. And analyzing the file handle leakage information in a preset time period. For each call path: determining a time difference (denoted as X) between a timestamp of a file handle operation created in each file handle leakage information corresponding to the call path and the starting time of a preset time period i ) (ii) a Determining the median (denoted as X) of the time difference value corresponding to the file handle leakage information corresponding to the call path mid ) (ii) a Determining the deviation degree of the time difference value of the file handle leakage information corresponding to the calling path relative to the median (denoted as S) 2 ) Higher deviation indicates higher continuity; and determining a root cause index of the calling path according to the deviation degree, the first frequency and the second frequency of the calling path, wherein the root cause index indicates the possibility that the calling path is the cause of file handle leakage, the second frequency corresponding to the leakage level is higher in the leakage level, the contribution of the second frequency to the root cause index is higher, and the deviation degree is positively correlated with the root cause index.
As an example, the leakage level is a first level, a second level and a third level from low to high, and the corresponding weights of the first level, the second level and the third level are a1, a2 and a3, wherein a1<a2<a3. The root Index can be determined as follows: index = a1 × T1+ a2 × T2+ a3 × T3+ b × T + c × S 2 Wherein T represents a first degree, b represents a weight of the first degree, T1, T2 and T3 represent second degrees corresponding to the first, second and third stages, respectively, and S 2 Denotes the degree of deviation, and c denotes the weight of the degree of deviation.
As an example, the determination may be made in the following mannerDegree of departure S 2
Figure BDA0003523382360000141
Wherein n represents the total number of file handle leakage information corresponding to the call path, wherein X i Indicating that file handle leakage information occurs at a time difference of the corresponding time period with respect to the start time of the time period, e.g., 12 points, X 1 First occurring point 12 points 01 points, then X 1 =1 (unit is minute). X mid For the occurrence of all median values of X, e.g. X 1 =1 (representing 12 dots 01), X 2 =2,X 3 =3, then X mid =2。
In some examples, a coefficient is applied to the degree of deviation to adjust its value, and the degree of deviation adjusted by the coefficient is expressed as:
Figure BDA0003523382360000142
wherein, T min Representing the total length of time (in the same units as the time difference, e.g. minutes) in the time range, e.g. 3600 for 6 hours. α represents an influence coefficient.
As one embodiment, a small portion of the call paths are sorted based on a root cause index, the more likely the root cause index indicates a cause of file handle leakage, the earlier the call paths are in the sorting.
In some embodiments, the file handle leak analysis method further includes: receiving the file handle number of a process reported periodically; judging whether the number of file handles of the process exceeds a preset alarm threshold value or not; and if the number of the file handles of the process exceeds a preset alarm threshold value, sending an alarm notice.
In some embodiments, the file handle leak analysis method shown in fig. 7 to 9 further includes: and sending the aggregated one or more calling paths and the first times, the second times and the file handle information of each calling path to the client, wherein the first times, the second times and the file handle information are displayed at the client.
Fig. 10 shows a schematic diagram of a graphical user interface of file handle leakage analysis according to an exemplary embodiment of the present disclosure, and as shown in fig. 10, the graphical user interface shows three areas A, B and C, and area a shows a call path and a type and a file handle name of a file handle corresponding to the call path. The area B shows the total number of times each call path in the area a corresponds to, and the area C shows the number of times each call path in the area a corresponds to different leakage levels, as shown in fig. 10, where the leakage levels include light leakage and medium leakage.
Fig. 11 is a block diagram illustrating a structure of a file handle leak analysis apparatus according to an exemplary embodiment of the present disclosure, as shown in fig. 11, including: a receiving module 1110, configured to receive multiple pieces of file handle leakage information of a process, where the file handle leakage information includes a call stack for creating file handle operations, and at least part of the file handle leakage information is sent when the leakage information is cached for a preset time period and is not cleared; the aggregating module 1120 is connected to the receiving module 1110, and configured to perform aggregation classification on the call stacks included in the multiple pieces of file handle leakage information, so as to obtain one or more call paths and a first number of times that each call path occurs.
In some embodiments, each file handle leakage information further comprises: the type of file handle created by the create file handle operation. The aggregation module 1120 is configured to perform aggregation classification on call stacks included in the leakage information of the multiple file handles according to the types of the file handles, and obtain one or more call paths corresponding to the types of the file handles and a first frequency of occurrence of each call path.
In some embodiments, each file handle leakage information further comprises: and the file handle leaks the leakage level corresponding to the information. Aggregation module 1120 is further configured to determine a second number of occurrences of at least a portion of the call paths at the respective leakage levels.
In some embodiments, each file handle leakage information further comprises: the create file handle operation creates the name of the file handle. The aggregation module 1120 is further configured to determine a name of each file handle corresponding to at least a portion of the call path and a third number of times that the name of each file handle occurs.
In some embodiments, the aggregation module 1120 is further configured to determine, for each call path, a root cause index of the call path according to the first number and the second number of times of the call path, where the root cause index indicates a possibility that the call path is a cause of file handle leakage, and the second number corresponding to the leakage level is higher in the leakage level, and contributes to the root cause index.
In some embodiments, the receiving module 1110 is further configured to receive the number of file handles of the periodically reported process; judging whether the number of file handles of the process exceeds a preset alarm threshold value or not; and if the number of the file handles of the process exceeds a preset alarm threshold value, sending an alarm notice.
An exemplary embodiment of the present disclosure also provides an electronic device including: at least one processor; and a memory communicatively coupled to the at least one processor. The memory stores a computer program executable by the at least one processor, the computer program, when executed by the at least one processor, is for causing the electronic device to perform a method according to an embodiment of the disclosure.
The disclosed exemplary embodiments also provide a non-transitory computer readable storage medium storing a computer program, wherein the computer program, when executed by a processor of a computer, is adapted to cause the computer to perform a method according to an embodiment of the present disclosure.
The exemplary embodiments of the present disclosure also provide a computer program product comprising a computer program, wherein the computer program, when executed by a processor of a computer, is adapted to cause the computer to perform a method according to an embodiment of the present disclosure.
Referring to fig. 12, a block diagram of a structure of an electronic device 1200, which may be a server or a client of the present disclosure, which is an example of a hardware device that may be applied to aspects of the present disclosure, will now be described. Electronic device is intended to represent various forms of digital electronic computer devices, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other suitable computers. Electronic devices may also represent various forms of mobile devices, such as personal digital processors, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 12, the electronic apparatus 1200 includes a computing unit 1201, which can perform various appropriate actions and processes in accordance with a computer program stored in a Read Only Memory (ROM) 1202 or a computer program loaded from a storage unit 1208 into a Random Access Memory (RAM) 1203. In the RAM 1203, various programs and data required for the operation of the device 1200 may also be stored. The computing unit 1201, the ROM 1202, and the RAM 1203 are connected to each other by a bus 1204. An input/output (I/O) interface 1205 is also connected to bus 1204.
Various components in the electronic device 1200 are connected to the I/O interface 1205, including: an input unit 1206, an output unit 1207, a storage unit 1208, and a communication unit 1209. The input unit 1206 may be any type of device capable of inputting information to the electronic device 1200, and the input unit 1206 may receive input numeric or character information and generate key signal inputs related to user settings and/or function controls of the electronic device. Output unit 1207 may be any type of device capable of presenting information and may include, but is not limited to, a display, speakers, a video/audio output terminal, a vibrator, and/or a printer. Storage unit 1208 may include, but is not limited to, magnetic or optical disks. The communication unit 1209 allows the electronic device 1200 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunications networks, and may include, but is not limited to, modems, network cards, infrared communication devices, wireless communication transceivers, and/or chipsets, such as bluetooth devices, wiFi devices, wiMax devices, cellular communication devices, and/or the like.
The computing unit 1201 may be a variety of general purpose and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 1201 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 1201 performs the respective methods and processes described above. For example, in some embodiments, the file handle monitoring, leak analysis method may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 1208. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 1200 via the ROM 1202 and/or the communication unit 1209. In some embodiments, the computing unit 1201 may be configured to perform the file handle monitoring, leak analysis method by any other suitable means (e.g., by way of firmware).
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
As used in this disclosure, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

Claims (21)

1. A file handle leak analysis method is characterized by comprising the following steps:
receiving a plurality of file handle leakage information of a process in a preset time period, wherein the file handle leakage information comprises a call stack for creating file handle operation and a leakage level corresponding to the file handle leakage information, and at least part of the file handle leakage information corresponds to a file handle which reaches a preset time length after being created and is not closed;
performing aggregation classification on call stacks contained in the leakage information of the file handles to obtain one or more call paths and a first frequency of occurrence of each call path;
determining a second number of occurrences of at least a portion of the call paths at each leakage level;
for each call path:
determining a time difference value between a time stamp of file handle operation and the starting time of the preset time period in each file handle leakage information corresponding to the calling path; determining the median of the time difference value corresponding to the file handle leakage information corresponding to the calling path; determining the deviation degree of the time difference value of the file handle leakage information corresponding to the calling path relative to the median;
determining a root cause index of the calling path according to the deviation degree, the first times and the second times of the calling path, wherein the root cause index indicates the possibility that the calling path is a cause causing the leakage of the file handle, the higher the leakage level is, the higher the contribution of the second time corresponding to the leakage level to the root cause index is, and the deviation degree is positively correlated with the root cause index.
2. The file handle leak analysis method of claim 1, wherein each of the file handle leak information further comprises: the type of the file handle created by the operation of creating the file handle;
performing aggregation classification on call stacks contained in the leakage information of the file handles to obtain one or more call paths and the first number of times of occurrence of each call path, including: and performing aggregation classification on the call stacks contained in the leakage information of the file handles according to the types of the file handles to obtain one or more call paths corresponding to the types of the file handles and the first times of occurrence of each call path.
3. The file handle leak analysis method according to claim 1 or 2, wherein each of the file handle leak information further includes: the name of the file handle created by the file handle creating operation;
wherein, the file handle leakage analysis method further comprises: and determining the name of each file handle corresponding to at least part of the call path and the third frequency of occurrence of the name of each file handle.
4. The file handle leak analysis method of claim 1, further comprising:
receiving the file handle number of a process reported periodically;
judging whether the number of the file handles of the process exceeds a preset alarm threshold value or not;
and if the file handle number of the process exceeds the preset alarm threshold value, sending an alarm notification.
5. The file handle leakage analysis method according to claim 1, wherein the file handle leakage information acquisition method includes:
in the application of the method, the first and second electrodes are arranged in a circular shape,
periodically determining the number of file handles of a process;
determining a leakage level corresponding to the number of the file handles, wherein the leakage level is one of at least two preset leakage levels;
acquiring file handle leakage information according to the acquisition strategies associated with the leakage levels, wherein the acquisition strategies associated with each leakage level are different, and the file handle leakage information comprises a call stack for creating file handle operation;
and sending file handle leakage information corresponding to the file handle which reaches the preset time length and is not closed to the server after the file handle leakage information is created.
6. The file handle leak analysis method of claim 5, wherein the collection policy is configured to: the higher the leak level, the higher the frequency and/or the more times the acquisition.
7. The file handle leakage analysis method according to claim 5, wherein the file handle leakage information acquisition method further comprises at least one of:
in the context of the present application, it is,
sending the leakage grade as the file handle leakage information to the server;
determining the time stamp of the operation of creating the file handle, and sending the time stamp of the operation of creating the file handle as the leakage information of the file handle to the server;
collecting information of the file handle created by the file handle creating operation, and sending the information of the file handle to the server as leakage information of the file handle;
and determining the thread information of the file handle creating operation, and sending the thread information serving as the file handle leakage information to the server.
8. The file handle leak analysis method according to claim 7, wherein the information of the file handle includes: a type of the file handle and/or a name of the file handle.
9. The file handle leak analysis method according to any one of claims 5 to 8, wherein after collecting file handle leak information according to the collection policy associated with the leak level, the method further comprises:
in the context of the present application, it is,
caching the file handle leakage information;
when closing the file handle operation, clearing the corresponding file handle leakage information;
the method for sending the file handle leakage information corresponding to the file handle which is not closed and reaches the preset time length after being created to the server side comprises the following steps:
judging whether the file handle leakage information is cached for a preset time and is not cleared;
and if the file handle leakage information cache reaches the preset time length and is not cleared, sending the file handle leakage information which reaches the preset time length and is not cleared to a server side.
10. The file handle leak analysis method according to any one of claims 5 to 8, wherein the collecting file handle leak information according to the collection policy associated with the leak level comprises:
a first thread determines an acquisition enabling identifier according to an acquisition strategy associated with the leakage level, wherein the first thread is a non-user thread;
and the second thread responds to the operation of creating the file handle and collects file handle leakage information according to the collection enabling identification, wherein the second thread is a user thread.
11. The file handle leak analysis method of claim 10, wherein the first thread determining a collection enable identifier based on a collection policy associated with the leak level comprises:
the first thread determines an acquisition period and an acquisition period interval according to the acquisition strategy associated with the leakage grade;
the first thread sets the collection enabling identification to be allowed to be collected in the collection period, and sets the collection enabling identification to be forbidden to be collected at the collection period interval.
12. The file handle leak analysis method of claim 11, further comprising:
and the first thread determines the maximum collection times of the collection period according to the collection strategy associated with the leakage grade.
13. The file handle leak analysis method of claim 12, further comprising:
the second thread responds to the operation of creating the file handle and judges whether the acquisition enabling identification is allowed to be acquired or not;
if the acquisition enabling identifier is allowed to be acquired, the second thread judges whether the acquisition frequency of the acquisition period reaches the maximum acquisition frequency;
and if the collection times of the collection period do not reach the maximum collection times, the second thread collects the file handle leakage information.
14. The file handle leak analysis method of claim 13, further comprising:
and if the collection times of the collection period reach the maximum collection times, the second thread or the first thread sets the collection enabling identifier as collection forbidding.
15. The file handle leak analysis method of claim 11, further comprising:
the first thread determines a length of time that the leak level lasts;
and if the duration of the leakage grade reaches the preset duration corresponding to the leakage grade, the first thread sets the acquisition enabling identifier as forbidden acquisition until the leakage grade is improved.
16. The file handle leak analysis method of claim 12, wherein the collection policy is configured to: the higher the leakage grade, the longer the acquisition period and/or the shorter the acquisition period interval, and/or the higher the leakage grade, the larger the maximum acquisition times of the acquisition period.
17. The file handle leakage analysis method of claim 9, wherein after sending the file handle leakage information that has not been cleared after the cache reaches the preset duration to the server, the method further comprises:
and marking the sent file handle leakage information as sent or clearing the file handle leakage information from a cache.
18. A file handle leak analysis apparatus, comprising:
the processing device comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a plurality of file handle leakage information of a process in a preset time period, the file handle leakage information comprises a call stack for creating file handle operation and a leakage level corresponding to the file handle leakage information, and at least part of the file handle leakage information corresponds to a file handle which reaches a preset time length after being created and is not closed;
the aggregation module is used for performing aggregation classification on the call stacks contained in the leakage information of the file handles to obtain one or more call paths and a first frequency of occurrence of each call path;
means for determining a second number of occurrences of at least a portion of the call paths at each leakage level;
the file handle leakage analysis device is used for:
determining a time difference value between a time stamp of file handle operation and the starting time of the preset time period in each file handle leakage information corresponding to the calling path; determining the median of the time difference value corresponding to the file handle leakage information corresponding to the calling path; determining the deviation degree of the time difference value of the file handle leakage information corresponding to the calling path relative to the median;
determining a root cause index of the calling path according to the deviation degree, the first times and the second times of the calling path, wherein the root cause index indicates the possibility that the calling path is a cause causing the leakage of the file handle, the higher the leakage level is, the higher the contribution of the second time corresponding to the leakage level to the root cause index is, and the deviation degree is positively correlated with the root cause index.
19. A file handle monitoring system, comprising:
the file handle leak analysis apparatus according to claim 18;
file handle monitoring devices, including:
the first determining module is used for periodically determining the number of file handles of a process;
the second determining module is used for determining a leakage level corresponding to the number of the file handles, wherein the leakage level is one of at least two preset leakage levels;
the acquisition module is used for acquiring file handle leakage information according to the acquisition strategies associated with the leakage levels, wherein the acquisition strategies associated with each leakage level are different, and the file handle leakage information comprises a call stack for creating file handle operation;
and the sending module is used for sending the file handle leakage information corresponding to the file handle which reaches the preset time length and is not closed to the server after being created.
20. An electronic device, comprising:
a processor; and
a memory for storing a program, wherein the program is stored in the memory,
wherein the program comprises instructions which, when executed by the processor, cause the processor to carry out the method according to any one of claims 1-17.
21. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-17.
CN202210187756.6A 2022-02-28 2022-02-28 File handle monitoring and leakage analysis method and device and electronic equipment Active CN114546703B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202310063692.3A CN116126577B (en) 2022-02-28 2022-02-28 File handle monitoring and leakage analysis method and device and electronic equipment
CN202210187756.6A CN114546703B (en) 2022-02-28 2022-02-28 File handle monitoring and leakage analysis method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210187756.6A CN114546703B (en) 2022-02-28 2022-02-28 File handle monitoring and leakage analysis method and device and electronic equipment

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202310063692.3A Division CN116126577B (en) 2022-02-28 2022-02-28 File handle monitoring and leakage analysis method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN114546703A CN114546703A (en) 2022-05-27
CN114546703B true CN114546703B (en) 2023-02-03

Family

ID=81678539

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202310063692.3A Active CN116126577B (en) 2022-02-28 2022-02-28 File handle monitoring and leakage analysis method and device and electronic equipment
CN202210187756.6A Active CN114546703B (en) 2022-02-28 2022-02-28 File handle monitoring and leakage analysis method and device and electronic equipment

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202310063692.3A Active CN116126577B (en) 2022-02-28 2022-02-28 File handle monitoring and leakage analysis method and device and electronic equipment

Country Status (1)

Country Link
CN (2) CN116126577B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110837465A (en) * 2019-10-15 2020-02-25 珠海金山网络游戏科技有限公司 Android-based handle leakage detection method and system
CN111258847A (en) * 2020-01-13 2020-06-09 北京字节跳动网络技术有限公司 File handle monitoring and analyzing method, device, medium and equipment
US11063601B1 (en) * 2020-04-20 2021-07-13 Netapp, Inc. File system format for persistent memory
CN113157477A (en) * 2021-04-14 2021-07-23 北京字节跳动网络技术有限公司 Memory leak attribution method and device, electronic equipment and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107179950B (en) * 2017-06-29 2020-10-27 努比亚技术有限公司 Application process processing method, mobile terminal and computer readable storage medium
CN107360317B (en) * 2017-06-29 2020-12-01 湖南胜云光电科技有限公司 Application program resource leakage detection method, mobile terminal and storage medium
CN112749142B (en) * 2019-10-31 2023-09-01 上海哔哩哔哩科技有限公司 Handle management method and system
US11221881B2 (en) * 2019-12-31 2022-01-11 Microsoft Technology Licensing, Llc Computer resource leak detection
CN112732640B (en) * 2020-12-28 2023-07-25 杭州迪普科技股份有限公司 Method and device for detecting leakage of file descriptor
CN112732560B (en) * 2020-12-31 2023-10-27 杭州迪普科技股份有限公司 Method and device for detecting leakage risk of file descriptor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110837465A (en) * 2019-10-15 2020-02-25 珠海金山网络游戏科技有限公司 Android-based handle leakage detection method and system
CN111258847A (en) * 2020-01-13 2020-06-09 北京字节跳动网络技术有限公司 File handle monitoring and analyzing method, device, medium and equipment
US11063601B1 (en) * 2020-04-20 2021-07-13 Netapp, Inc. File system format for persistent memory
CN113157477A (en) * 2021-04-14 2021-07-23 北京字节跳动网络技术有限公司 Memory leak attribution method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN116126577B (en) 2024-03-12
CN114546703A (en) 2022-05-27
CN116126577A (en) 2023-05-16

Similar Documents

Publication Publication Date Title
CN107566358B (en) Risk early warning prompting method, device, medium and equipment
CN107222426B (en) Flow control method, device and system
US20210081539A1 (en) Inferring security incidents from observational data
CN106685894B (en) Risk identification method, device and system
EP4083823A2 (en) Method and apparatus for determining risk level of instance on cloud server and electronic device
CN107204875A (en) Data reporting links monitoring method, device, electronic equipment and storage medium
CN108183884B (en) Network attack determination method and device
CN114546703B (en) File handle monitoring and leakage analysis method and device and electronic equipment
CN108108618B (en) Application interface detection method and device for counterfeiting attack
CN106506553B (en) A kind of Internet protocol IP filter method and system
CN110489969B (en) System and electronic equipment for disposing mine excavation viruses of host based on SOAR
CN113891325B (en) Network switching method and system based on multi-access edge calculation
CN113676531B (en) E-commerce flow peak clipping method and device, electronic equipment and readable storage medium
CN106572083A (en) Log processing method and system
US9374474B1 (en) System, method, and computer program for detecting duplicated telecommunications events in a consumer telecommunications network
CN107957942B (en) SQL script fault repairing method and terminal thereof
CN114036511A (en) Method and device for detecting script cheating on terminal based on privacy protection
CN112839075A (en) Data transmission method applied to acquisition equipment and related device
CN113055930B (en) Data processing method, communication device, server, and storage medium
CN117040912B (en) Network security operation and maintenance management method and system based on data analysis
CN112100678B (en) Data processing method and device based on privacy protection and server
CN110493240B (en) Website tampering detection method and device, storage medium and electronic device
CN117135163A (en) Download speed limiting method, device, electronic equipment and storage medium
CN116108931A (en) Security event prediction method, device, terminal and computer readable storage medium
CN114760117A (en) Data acquisition method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant