bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: async-signal-safe functions


From: Bruno Haible
Subject: Re: async-signal-safe functions
Date: Sun, 22 Jun 2008 21:24:38 +0200
User-agent: KMail/1.5.4

Eric Blake wrote:
> +         /* POSIX states that sigprocmask and signal are both
> +            async-signal-safe.

Going through the list of async-signal-safe functions, gnulib overrides
quite a few. I propose to add comments so that this is remembered in future
modifications of the functions.

OK to apply the attached comments, Jim?

There are problems with the mkdir(), rmdir(), rename() substitutes.
The rmdir() substitute could be removed; it is most probably not needed any
more nowadays. For mkdir() and rename(), a workaround would be to assume a
file name of length PATH_MAX at most. But this would be a pessimization of
the current code (for the normal case that the function is called from the
main program, not from a signal handler).

Is there a portable way to detect whether the program is currently executing
a signal handler?

Bruno


--- lib/chown.c.orig    2008-06-22 21:17:45.000000000 +0200
+++ lib/chown.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,7 +1,7 @@
 /* provide consistent interface to chown for systems that don't interpret
    an ID of -1 as meaning `don't change the corresponding ID'.
 
-   Copyright (C) 1997, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+   Copyright (C) 1997, 2004-2008 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -43,6 +43,11 @@
    `don't change the corresponding ID'.
    - chown doesn't dereference symlinks.  */
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.  */
+
 int
 rpl_chown (const char *file, uid_t uid, gid_t gid)
 {
--- lib/dup2.c.orig     2008-06-22 21:17:45.000000000 +0200
+++ lib/dup2.c  2008-06-22 21:17:21.000000000 +0200
@@ -1,6 +1,6 @@
 /* Duplicate an open file descriptor to a specified file descriptor.
 
-   Copyright (C) 1999, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2004-2008 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -43,6 +43,11 @@
 }
 #endif
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.  */
+
 int
 dup2 (int fd, int desired_fd)
 {
--- lib/getgroups.c.orig        2008-06-22 21:17:45.000000000 +0200
+++ lib/getgroups.c     2008-06-22 21:17:21.000000000 +0200
@@ -1,6 +1,6 @@
 /* provide consistent interface to getgroups for systems that don't allow N==0
 
-   Copyright (C) 1996, 1999, 2003, 2006, 2007 Free Software Foundation, Inc.
+   Copyright (C) 1996, 1999, 2003, 2006-2008 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -31,6 +31,14 @@
    process.  This function handles that special case and lets the system-
    provided function handle all others. */
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.
+   But we cannot achieve this goal here, because we would have to preallocate
+   an array of (sysconf (_POSIX_NGROUPS_MAX) + 1) GETGROUPS_T elements, but
+   this number is not a constant (and NGROUPS_MAX + 1 may not be enough).  */
+
 int
 rpl_getgroups (int n, GETGROUPS_T *group)
 {
--- lib/lseek.c.orig    2008-06-22 21:17:45.000000000 +0200
+++ lib/lseek.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,5 +1,5 @@
 /* An lseek() function that detects pipes.
-   Copyright (C) 2007 Free Software Foundation, Inc.
+   Copyright (C) 2007-2008 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -31,6 +31,11 @@
 
 #undef lseek
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.  */
+
 off_t
 rpl_lseek (int fd, off_t offset, int whence)
 {
--- lib/lstat.c.orig    2008-06-22 21:17:45.000000000 +0200
+++ lib/lstat.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,7 +1,6 @@
 /* Work around a bug of lstat on some systems
 
-   Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 
Free
-   Software Foundation, Inc.
+   Copyright (C) 1997-1999, 2000-2006, 2008 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -43,6 +42,11 @@
    If the referent is a non-directory, then set errno to ENOTDIR
    and return -1.  Otherwise, return stat's result.  */
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.  */
+
 int
 rpl_lstat (const char *file, struct stat *sbuf)
 {
--- lib/mkdir.c.orig    2008-06-22 21:17:45.000000000 +0200
+++ lib/mkdir.c 2008-06-22 21:17:21.000000000 +0200
@@ -44,6 +44,13 @@
 
 /* This function is required at least for NetBSD 1.5.2.  */
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.
+   But if we want to achieve this goal here, we need to limit strlen (DIR)
+   to PATH_MAX.  */
+
 int
 rpl_mkdir (char const *dir, mode_t mode)
 {
--- lib/open.c.orig     2008-06-22 21:17:46.000000000 +0200
+++ lib/open.c  2008-06-22 21:17:21.000000000 +0200
@@ -30,6 +30,11 @@
 # include <sys/types.h>
 # include <sys/stat.h>
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.  */
+
 int
 open (const char *filename, int flags, ...)
 # undef open
--- lib/poll.c.orig     2008-06-22 21:17:46.000000000 +0200
+++ lib/poll.c  2008-06-22 21:17:21.000000000 +0200
@@ -48,6 +48,11 @@
 #define MSG_PEEK 0
 #endif
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.  */
+
 int
 poll (pfd, nfd, timeout)
      struct pollfd *pfd;
--- lib/rename.c.orig   2008-06-22 21:17:46.000000000 +0200
+++ lib/rename.c        2008-06-22 21:17:21.000000000 +0200
@@ -2,7 +2,7 @@
    file has a trailing slash.  The rename functions of SunOS 4.1.1_U1 and
    mips-dec-ultrix4.4 have this bug.
 
-   Copyright (C) 2001, 2002, 2003, 2005, 2006 Free Software Foundation, Inc.
+   Copyright (C) 2001-2003, 2005-2006, 2008 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -32,6 +32,13 @@
 /* Rename the file SRC to DST, removing any trailing
    slashes from SRC.  Needed for SunOS 4.1.1_U1.  */
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.
+   But if we want to achieve this goal here, we need to limit strlen (SRC)
+   to PATH_MAX.  */
+
 int
 rpl_rename (char const *src, char const *dst)
 {
--- lib/rmdir.c.orig    2008-06-22 21:17:46.000000000 +0200
+++ lib/rmdir.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,7 +1,7 @@
 /* BSD compatible remove directory function for System V
 
-   Copyright (C) 1988, 1990, 1999, 2003, 2004, 2005, 2006 Free
-   Software Foundation, Inc.
+   Copyright (C) 1988, 1990, 1999, 2003-2006, 2008 Free Software Foundation,
+   Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -27,6 +27,13 @@
 /* Remove directory DIR.
    Return 0 if successful, -1 if not.  */
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.
+   But if we want to achieve this goal here, we have to choose a different
+   implementation.  */
+
 int
 rmdir (char const *dir)
 {
--- lib/sigaction.c.orig        2008-06-22 21:17:46.000000000 +0200
+++ lib/sigaction.c     2008-06-22 21:17:21.000000000 +0200
@@ -115,6 +115,12 @@
    signal SIG.  If not NULL, ACT describes the new behavior.  If not
    NULL, OACT is set to the prior behavior.  Return 0 on success, or
    set errno and return -1 on failure.  */
+
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.  */
+
 int
 sigaction (int sig, const struct sigaction *restrict act,
            struct sigaction *restrict oact)
--- lib/sigprocmask.c.orig      2008-06-22 21:17:46.000000000 +0200
+++ lib/sigprocmask.c   2008-06-22 21:17:21.000000000 +0200
@@ -45,6 +45,13 @@
 # define SIGSTOP (-1)
 #endif
 
+/* Note: The functions sigismember, sigemptyset, sigaddset, sigdelset,
+   sigfillset, sigpending, sigprocmask, signal are declared async-signal-safe
+   by POSIX <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Their implementations therefore must not use malloc(), and all statically
+   allocated variables that they access must be marked 'volatile'.
+   But we cannot achieve this goal for sigprocmask and signal.  */
+
 int
 sigismember (const sigset_t *set, int sig)
 {
--- lib/sleep.c.orig    2008-06-22 21:17:46.000000000 +0200
+++ lib/sleep.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,5 +1,5 @@
 /* Pausing execution of the current thread.
-   Copyright (C) 2007 Free Software Foundation, Inc.
+   Copyright (C) 2007-2008 Free Software Foundation, Inc.
    Written by Bruno Haible <address@hidden>, 2007.
 
    This program is free software: you can redistribute it and/or modify
@@ -25,6 +25,11 @@
 # define WIN32_LEAN_AND_MEAN  /* avoid including junk */
 # include <windows.h>
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.  */
+
 unsigned int
 sleep (unsigned int seconds)
 {
--- lib/utime.c.orig    2008-06-22 21:17:46.000000000 +0200
+++ lib/utime.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,4 +1,4 @@
-/* Copyright (C) 1998, 2001, 2002, 2003, 2004, 2006 Free Software
+/* Copyright (C) 1998, 2001, 2002, 2003, 2004, 2006, 2008 Free Software
    Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify it
@@ -98,6 +98,11 @@
 #endif
 }
 
+/* Note: This function is declared async-signal-safe by POSIX
+   <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+   Its implementation therefore must not use malloc(), and all statically
+   allocated variables that it accesses must be marked 'volatile'.  */
+
 int
 rpl_utime (const char *file, const struct utimbuf *times)
 {





reply via email to

[Prev in Thread] Current Thread [Next in Thread]