SMx | National commercial encryption algorithm SMx | SMS library

There's too much for me to put this in a comment, so I will summarize here. Maybe it will help you, or someone else. I should also mention this is for RHEL EC2 instances behind a corporate proxy (not Arch Linux), but I still feel like it may help. I had to do the following to get puppeteer working. This is straight from my docs, but I had to hand-jam the contents because my docs are on an intranet.

I had to install all of these libraries manually. I also don't know what the Arch Linux equivalents are. Some are duplicates from your question, but I don't think they all are:
pango libXcomposite libXcursor libXdamage libXext libXi libXtst cups-libs libXScrnSaver libXrandr GConf2 alsa-lib atk gtk3 ipa-gothic-fonts xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils xorg-x11-fonts-cyrillic xorg-x11-fonts-Type1 xorg-x11-fonts-misc liberation-mono-fonts liberation-narrow-fonts liberation-narrow-fonts liberation-sans-fonts liberation-serif-fonts glib2

If Arch Linux uses SELinux, you may also have to run this:
setsebool -P unconfirmed_chrome_sandbox_transition 0

It is also worth adding dumpio: true to your options to debug. Should give you a more detailed output from puppeteer, instead of the generic error. As I mentioned in my comment. I have this option ignoreDefaultArgs: ['--disable-extensions']. I can't tell you why because I don't remember. I think it is related to this issue, but also could be related to my corporate proxy.

TL;DR: unfortunate combination of backward compatibility and ABI compatibility issues makes std::mutex bad until the next ABI break. OTOH, std::shared_mutex is good.

A decent implementation of std::mutex would try to use an atomic operation to acquire the lock, if busy, possibly would try spinning in a read loop (with some pause on x86), and ultimately will resort to OS wait.

There are a couple of ways to implement such std::mutex:

1. Directly delegate to corresponding OS APIs that do all of above.
2. Do spinning and atomic thing on its own, call OS APIs only for OS wait.

Sure, the first way is easier to implement, more friendly to debug, more robust. So it appears to be the way to go. The candidate APIs are:

• CRITICAL_SECTION APIs. A recursive mutex, that is lacking static initializer and needs explicit destruction
• SRWLOCK. A non-recursive shared mutex that has static initializer and doesn't need explicit destruction
• WaitOnAddress. An API to wait on particular variable to be changed, similar to Linux futex.

These primitives have OS version requirements:

• CRITICAL_SECTION existed since I think Windows 95, though TryEnterCriticalSection was not present in Windows 9x, but the ability to use CRITICAL_SECTION with CONDITION_VARIABLE was added since Windows Vista, with CONDITION_VARIABLE itself.
• SRWLOCK exists since Windows Vista, but TryAcquireSRWLockExclusive exists since Windows 7, so it can only directly implement std::mutex starting in Windows 7.
• WaitOnAddress was added since Windows 8.

By the time when std::mutex was added, Windows XP support by Visual Studio C++ library was needed, so it was implemented using doing things on its own. In fact, std::mutex and other sync stuff was delegated to ConCRT (Concurrency Runtime)

For Visual Studio 2015, the implementation was switched to use the best available mechanism, that is SRWLOCK starting in Windows 7, and CRITICAL_SECTION stating in Windows Vista. ConCRT turned out to be not the best mechanism, but it still was used for Windows XP and 2003. The polymorphism was implemented by making placement new of classes with virtual functions into a buffer provided by std::mutex and other primitives.

Note that this implementation breaks the requirement for std::mutex to be constexpr, because of runtime detection, placement new, and inability of pre-Window 7 implementation to have only static initializer.

As time passed support of Windows XP was finally dropped in VS 2019, and support of Windows Vista was dropped in VS 2022, the change is made to avoid ConCRT usage, the change is planned to avoid even runtime detection of SRWLOCK (disclosure: I've contributed these PRs). Still due to ABI compatibility for VS 2015 though VS 2022 it is not possible to simplify std::mutex implementation to avoid all this putting classes with virtual functions.

What is more sad, though SRWLOCK has static initializer, the said compatibility prevents from having constexpr mutex: we have to placement new the implementation there. It is not possible to avoid placement new, and make an implementation to construct right inside std::mutex, because std::mutex has to be standard layout class (see Why is std::mutex a standard-layout class?).

So the size overhead comes from the size of ConCRT mutex.

And the runtime overhead comes from the chain of call:

• library function call to get to the standard library implementation
• virtual function call to get to SRWLOCK-based implementation
• finally Windows API call.

Virtual function call is more expensive than usually due to standard library DLLs being built with /guard:cf.

Some part of the runtime overhead is due to std::mutex fills in ownership count and locked thread. Even though this information is not required for SRWLOCK. It is due to shared internal structure with recursive_mutex. The extra information may be helpful for debugging, but it does take time to fill it in.

std::shared_mutex was designed to support only systems starting Windows 7. So it uses SRWLOCK directly.

The size of std::shared_mutex is the size of SRWLOCK. SRWLOCK has the same size as a pointer (though internally it is not a pointer).

It still involves some avoidable overhead: it calls C++ runtime library, just to call Windows API, instead of calling Windows API directly. This looks fixable with the next ABI, though.

std::shared_mutex constructor could be constexpr, as SRWLOCK does not need dynamic initializer, but the standard prohibits voluntary adding constexpr to the standard classes.

Downloading stuff from a storage bucket requires authenticating your client. You can't just point an HTTPS client to a storage bucket URL and merrily download. You need to generate a OAuth2 token first, then include it in a header of your request:

https://cloud.google.com/storage/docs/downloading-objects#rest-download-object

-march native means -march $MY_HARDWARE. We have no idea what hardware you have. For you, that would be -march=skylake-avx512 (SkyLake SP) The results could be reproduced by specifying your hardware architecture explicitly.

It's quite possible that the errors will decrease with more modern instructions, specifically Fused-Multiply-and-Add (FMA). This is the operation a*b+c, but rounded once instead of twice. That saves one rounding error.

Intel Xeon E5-2620 is Sandy Bridge CPU which officially supports AVX and not AVX2.

DPDK 20.11 meson build, ninja -C build will generate code with AVX instructions and not AVX2. But (Based on the live debug) PKTGEN forces the compiler to add AVX2 to be inserted, thus causing illegal instruction.

Solution: edit meson.build in line 22

from

On "mainstream" CPUs like Skylake-X and IceLake, it's only worth using 512-bit vectors at all if you use them consistently for a lot of your program's run-time, not just for an occasional memcpy. See SIMD instructions lowering CPU frequency for the details: you don't want occasional calls to memcpy to hold your CPU frequency down to a lower max turbo.

Using AVX-512 features with 256-bit vectors (AVX-512VL) can be worth it for some things, e.g. if masking is nice, or if you use YMM16..31 to avoid VZEROUPPER.

I'd guess that glibc would only resolve memcpy to __memcpy_avx512_no_vzeroupper on systems like Knight's Landing (KNL) Xeon Phi, where the CPU is designed around AVX-512, and there's no downside to using 512-bit ZMM vectors. There's no need for vzeroupper even after using ymm0..15 on KNL. In fact vzeroupper is very slow on KNL, and definitely something to avoid, hence putting no_vzeroupper in the function name.

https://code.woboq.org/userspace/glibc/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S.html is the source for that version. It uses ZMM vectors, including ZMM0..15, so if used on a Skylake/IceLake CPU it should use vzeroupper. This version looks designed for KNL.

There would be some tiny benefit to having an AVX-512VL version that used ymm16..31 to avoid vzeroupper (to speed 32 .. 64 byte copies), without ever using ZMM registers.

And it would make sense for __memcpy_avx512_no_vzeroupper to only use ZMM16..31 so avoiding vzeroupper isn't a problem on mainstream CPUs; then it would be a usable option in code that already made heavy use of AVX-512 (and thus was already paying the CPU-frequency cost.)

stackoverflow only provides the server cert, and the intermediate ca cert. not the root ca cert.

openssl cafile only works if the full chain (to a self signed root ca) can by verified,

so you either have to trust the ROOT CA your self by downloading it, or use some kind of pki so you have all the global trusted root CAs.

on Debian GNU / Linux based machines you can install the ca-certificates package, sudo apt-get install ca-certificates

or you can use the cacert from mozilla https://curl.haxx.se/docs/caextract.html

DPDK API rte_ipv4_frag_reassemble_packet returns NULL in 2 ocassion

1. an error occurred
2. not all fragments of the packet are collected yet

Based on the code and logs shared it looks like you are

1. sending the last fragment multiple times.
2. setting time out as cur_tsc

Note:

• the easiest way to test your packet is run it against ip_reassembly example and cross check the variance.
• if (mo == NULL) it only means not sufficient fragments are received.

[edit-1] Hence I request to model your code as dpdk example ip_reassembly since assuming rte_ipv4_frag_reassemble_packet returning NULL is not always a failure.

[edit-2] cleaning up the code and adding missing libraries I am able to get this working with right set of fragment packets

I manage to find a solution.

In my case, the virtual machines are managed by PROXMOX. I had to add the following line in the VM configuration file: