diff options
| author | Paul Eggert | 2012-09-23 01:44:20 -0700 |
|---|---|---|
| committer | Paul Eggert | 2012-09-23 01:44:20 -0700 |
| commit | 4d7e6e51dd4acecff466a28d958c50f34fc130b8 (patch) | |
| tree | 5e340d48fb69f9a40a4304cc94db2006caefe51f /src/ChangeLog | |
| parent | 8f4635e97e1587c4026ec83fc1bd9f8954775915 (diff) | |
| download | emacs-4d7e6e51dd4acecff466a28d958c50f34fc130b8.tar.gz emacs-4d7e6e51dd4acecff466a28d958c50f34fc130b8.zip | |
Simplify and avoid signal-handling races.
* nt/inc/ms-w32.h (emacs_raise): New macro.
* src/alloc.c (die):
* src/sysdep.c (emacs_abort) [HAVE_NTGUI]:
Avoid recursive loop if there's a fatal error in the function itself.
* src/atimer.c (pending_atimers):
* src/blockinput.h: Don't include "atimer.h"; no longer needed.
(interrupt_input_pending): Remove. All uses removed.
pending_signals now counts both atimers and ordinary interrupts.
This is less racy than having three separate pending-signal flags.
(block_input, unblock_input, totally_unblock_input, unblock_input_to)
(input_blocked_p):
Rename from their upper-case counterparts BLOCK_INPUT,
UNBLOCK_INPUT, TOTALLY_UNBLOCK_INPUT, UNBLOCK_INPUT_TO,
INPUT_BLOCKED_P, and turn into functions. All uses changed.
This makes it easier to access volatile variables more accurately.
(BLOCK_INPUT_RESIGNAL): Remove. All uses replaced by unblock_input ().
(input_blocked_p): Prefer this to 'interrupt_input_blocked', as
that's more reliable if the code is buggy and sets
interrupt_input_blocked to a negative value. All uses changed.
* src/atimer.c (deliver_alarm_signal):
Remove. No need to deliver this to the parent; any thread can
handle this signal now. All uses replaced by underlying handler.
* src/atimer.c (turn_on_atimers):
* src/dispnew.c (handle_window_change_signal):
* src/emacs.c (handle_danger_signal):
* src/keyboard.c (kbd_buffer_get_event):
Don't reestablish signal handler; not needed with sigaction.
* src/blockinput.h (UNBLOCK_INPUT_TO, TOTALLY_UNBLOCK_INPUT)
(UNBLOCK_INPUT_TO):
Rework to avoid unnecessary accesses to volatile variables.
(UNBLOCK_INPUT_TO): Now a function.
(totally_unblock_input, unblock_input): New decls.
* src/data.c (handle_arith_signal, deliver_arith_signal): Move to sysdep.c
(init_data): Remove. Necessary stuff now done in init_signal.
* src/emacs.c, src/xdisp.c: Include "atimer.h", since we invoke atimer functions.
* src/emacs.c (handle_fatal_signal, deliver_fatal_signal): Move to sysdep.c.
(fatal_error_code): Remove; no longer needed.
(terminate_due_to_signal): Rename from fatal_error_backtrace, since
it doesn't always backtrace. All uses changed. No need to reset
signal to default, since sigaction and/or die does that for us now.
Use emacs_raise (FOO), not kill (getpid (), FOO).
(main): Check more-accurately whether we're dumping.
Move fatal-error setup to sysdep.c
* src/floatfns.c: Do not include "syssignal.h"; no longer needed.
* src/gtkutil.c (xg_get_file_name, xg_get_font):
Remove no-longer-needed signal-mask manipulation.
* src/keyboard.c, src/process.c (POLL_FOR_INPUT):
Don't depend on USE_ASYNC_EVENTS, a symbol that is never defined.
* src/keyboard.c (read_avail_input): Remove.
All uses replaced by gobble_input.
(Ftop_level): Use TOTALLY_UNBLOCK_INPUT rather than open code.
(kbd_buffer_store_event_hold, gobble_input):
(record_asynch_buffer_change) [USABLE_SIGIO]:
(store_user_signal_events):
No need to mess with signal mask.
(gobble_input): If blocking input and there are terminals, simply
set pending_signals to 1 and return. All hooks changed to not
worry about whether input is blocked.
(process_pending_signals): Clear pending_signals before processing
them, in case a signal comes in while we're processing.
By convention callers now test pending_signals before calling us.
(UNBLOCK_INPUT_TO, unblock_input, totally_unblock_input):
New functions, to support changes to blockinput.h.
(handle_input_available_signal): Now extern.
(reinvoke_input_signal): Remove. All uses replaced by
handle_async_input.
(quit_count): Now volatile, since a signal handler uses it.
(handle_interrupt): Now takes bool IN_SIGNAL_HANDLER as arg. All
callers changed. Block SIGINT only if not already blocked.
Clear sigmask reliably, even if Fsignal returns, which it can.
Omit unnecessary accesses to volatile var.
(quit_throw_to_read_char): No need to restore sigmask.
* src/keyboard.c (gobble_input, handle_user_signal):
* src/process.c (wait_reading_process_output):
Call signal-handling code rather than killing ourselves.
* src/lisp.h: Include <float.h>, for...
(IEEE_FLOATING_POINT): New macro, moved here to avoid duplication.
(pending_signals): Now volatile.
(syms_of_data): Now const if IEEE floating point.
(handle_input_available_signal) [USABLE_SIGIO]:
(terminate_due_to_signal, record_child_status_change): New decls.
* src/process.c (create_process): Avoid disaster if memory is exhausted
while we're processing a vfork, by tightening the critical section
around the vfork.
(send_process_frame, process_sent_to, handle_pipe_signal)
(deliver_pipe_signal): Remove. No longer needed, as Emacs now
ignores SIGPIPE.
(send_process): No need for setjmp/longjmp any more, since the
SIGPIPE stuff is now gone. Instead, report an error if errno
is EPIPE.
(record_child_status_change): Now extern. PID and W are now args.
Return void, not bool. All callers changed.
* src/sysdep.c (wait_debugging) [(BSD_SYSTEM || HPUX) && !defined (__GNU__)]:
Remove. All uses removed. This bug should be fixed now in a
different way.
(wait_for_termination_1): Use waitpid rather than sigsuspend,
and record the child status change directly. This avoids the
need to futz with the signal mask.
(process_fatal_action): Move here from emacs.c.
(emacs_sigaction_flags): New function, containing
much of what used to be in emacs_sigaction_init.
(emacs_sigaction_init): Use it. Block nonfatal system signals that are
caught by emacs, to make races less likely.
(deliver_process_signal): Rename from handle_on_main_thread.
All uses changed.
(BACKTRACE_LIMIT_MAX): Now at top level.
(thread_backtrace_buffer, threadback_backtrace_pointers):
New static vars.
(deliver_thread_signal, deliver_fatal_thread_signal):
New functions, for more-accurate delivery of thread-specific signals.
(handle_fatal_signal, deliver_fatal_signal): Move here from emacs.c.
(deliver_arith_signal): Handle in this thread, not
in the main thread, since it's triggered by this thread.
(maybe_fatal_sig): New function.
(init_signals): New arg DUMPING so that we can be more accurate
about whether we're dumping. Caller changed.
Treat thread-specific signals differently from process-general signals.
Block all signals while handling fatal error; that's safer.
xsignal from SIGFPE only on non-IEEE hosts, treating it as fatal
on IEEE hosts.
When batch, ignore SIGHUP, SIGINT, SIGTERM if they were already ignored.
Ignore SIGPIPE unless batch.
(emacs_backtrace): Output backtrace for the appropriate thread,
which is not necessarily the main thread.
* src/syssignal.h: Include <stdbool.h>.
(emacs_raise): New macro.
* src/xterm.c (x_connection_signal): Remove; no longer needed
now that we use sigaction.
(x_connection_closed): No need to mess with sigmask now.
(x_initialize): No need to reset SIGPIPE handler here, since
init_signals does this for us now.
Fixes: debbugs:12471
Diffstat (limited to 'src/ChangeLog')
| -rw-r--r-- | src/ChangeLog | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index ee3befaa9ba..37c1ecf8824 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,3 +1,137 @@ | |||
| 1 | 2012-09-23 Paul Eggert <eggert@cs.ucla.edu> | ||
| 2 | |||
| 3 | Simplify and avoid signal-handling races (Bug#12471). | ||
| 4 | * alloc.c (die): | ||
| 5 | * sysdep.c (emacs_abort) [HAVE_NTGUI]: | ||
| 6 | Avoid recursive loop if there's a fatal error in the function itself. | ||
| 7 | * atimer.c (pending_atimers): | ||
| 8 | * blockinput.h: Don't include "atimer.h"; no longer needed. | ||
| 9 | (interrupt_input_pending): Remove. All uses removed. | ||
| 10 | pending_signals now counts both atimers and ordinary interrupts. | ||
| 11 | This is less racy than having three separate pending-signal flags. | ||
| 12 | (block_input, unblock_input, totally_unblock_input, unblock_input_to) | ||
| 13 | (input_blocked_p): | ||
| 14 | Rename from their upper-case counterparts BLOCK_INPUT, | ||
| 15 | UNBLOCK_INPUT, TOTALLY_UNBLOCK_INPUT, UNBLOCK_INPUT_TO, | ||
| 16 | INPUT_BLOCKED_P, and turn into functions. All uses changed. | ||
| 17 | This makes it easier to access volatile variables more accurately. | ||
| 18 | (BLOCK_INPUT_RESIGNAL): Remove. All uses replaced by unblock_input (). | ||
| 19 | (input_blocked_p): Prefer this to 'interrupt_input_blocked', as | ||
| 20 | that's more reliable if the code is buggy and sets | ||
| 21 | interrupt_input_blocked to a negative value. All uses changed. | ||
| 22 | * atimer.c (deliver_alarm_signal): | ||
| 23 | Remove. No need to deliver this to the parent; any thread can | ||
| 24 | handle this signal now. All uses replaced by underlying handler. | ||
| 25 | * atimer.c (turn_on_atimers): | ||
| 26 | * dispnew.c (handle_window_change_signal): | ||
| 27 | * emacs.c (handle_danger_signal): | ||
| 28 | * keyboard.c (kbd_buffer_get_event): | ||
| 29 | Don't reestablish signal handler; not needed with sigaction. | ||
| 30 | * blockinput.h (UNBLOCK_INPUT_TO, TOTALLY_UNBLOCK_INPUT) | ||
| 31 | (UNBLOCK_INPUT_TO): | ||
| 32 | Rework to avoid unnecessary accesses to volatile variables. | ||
| 33 | (UNBLOCK_INPUT_TO): Now a function. | ||
| 34 | (totally_unblock_input, unblock_input): New decls. | ||
| 35 | * data.c (handle_arith_signal, deliver_arith_signal): Move to sysdep.c | ||
| 36 | (init_data): Remove. Necessary stuff now done in init_signal. | ||
| 37 | * emacs.c, xdisp.c: Include "atimer.h", since we invoke atimer functions. | ||
| 38 | * emacs.c (handle_fatal_signal, deliver_fatal_signal): Move to sysdep.c. | ||
| 39 | (fatal_error_code): Remove; no longer needed. | ||
| 40 | (terminate_due_to_signal): Rename from fatal_error_backtrace, since | ||
| 41 | it doesn't always backtrace. All uses changed. No need to reset | ||
| 42 | signal to default, since sigaction and/or die does that for us now. | ||
| 43 | Use emacs_raise (FOO), not kill (getpid (), FOO). | ||
| 44 | (main): Check more-accurately whether we're dumping. | ||
| 45 | Move fatal-error setup to sysdep.c | ||
| 46 | * floatfns.c: Do not include "syssignal.h"; no longer needed. | ||
| 47 | * gtkutil.c (xg_get_file_name, xg_get_font): | ||
| 48 | Remove no-longer-needed signal-mask manipulation. | ||
| 49 | * keyboard.c, process.c (POLL_FOR_INPUT): | ||
| 50 | Don't depend on USE_ASYNC_EVENTS, a symbol that is never defined. | ||
| 51 | * keyboard.c (read_avail_input): Remove. | ||
| 52 | All uses replaced by gobble_input. | ||
| 53 | (Ftop_level): Use TOTALLY_UNBLOCK_INPUT rather than open code. | ||
| 54 | (kbd_buffer_store_event_hold, gobble_input): | ||
| 55 | (record_asynch_buffer_change) [USABLE_SIGIO]: | ||
| 56 | (store_user_signal_events): | ||
| 57 | No need to mess with signal mask. | ||
| 58 | (gobble_input): If blocking input and there are terminals, simply | ||
| 59 | set pending_signals to 1 and return. All hooks changed to not | ||
| 60 | worry about whether input is blocked. | ||
| 61 | (process_pending_signals): Clear pending_signals before processing | ||
| 62 | them, in case a signal comes in while we're processing. | ||
| 63 | By convention callers now test pending_signals before calling us. | ||
| 64 | (UNBLOCK_INPUT_TO, unblock_input, totally_unblock_input): | ||
| 65 | New functions, to support changes to blockinput.h. | ||
| 66 | (handle_input_available_signal): Now extern. | ||
| 67 | (reinvoke_input_signal): Remove. All uses replaced by | ||
| 68 | handle_async_input. | ||
| 69 | (quit_count): Now volatile, since a signal handler uses it. | ||
| 70 | (handle_interrupt): Now takes bool IN_SIGNAL_HANDLER as arg. All | ||
| 71 | callers changed. Block SIGINT only if not already blocked. | ||
| 72 | Clear sigmask reliably, even if Fsignal returns, which it can. | ||
| 73 | Omit unnecessary accesses to volatile var. | ||
| 74 | (quit_throw_to_read_char): No need to restore sigmask. | ||
| 75 | * keyboard.c (gobble_input, handle_user_signal): | ||
| 76 | * process.c (wait_reading_process_output): | ||
| 77 | Call signal-handling code rather than killing ourselves. | ||
| 78 | * lisp.h: Include <float.h>, for... | ||
| 79 | (IEEE_FLOATING_POINT): New macro, moved here to avoid duplication. | ||
| 80 | (pending_signals): Now volatile. | ||
| 81 | (syms_of_data): Now const if IEEE floating point. | ||
| 82 | (handle_input_available_signal) [USABLE_SIGIO]: | ||
| 83 | (terminate_due_to_signal, record_child_status_change): New decls. | ||
| 84 | * process.c (create_process): Avoid disaster if memory is exhausted | ||
| 85 | while we're processing a vfork, by tightening the critical section | ||
| 86 | around the vfork. | ||
| 87 | (send_process_frame, process_sent_to, handle_pipe_signal) | ||
| 88 | (deliver_pipe_signal): Remove. No longer needed, as Emacs now | ||
| 89 | ignores SIGPIPE. | ||
| 90 | (send_process): No need for setjmp/longjmp any more, since the | ||
| 91 | SIGPIPE stuff is now gone. Instead, report an error if errno | ||
| 92 | is EPIPE. | ||
| 93 | (record_child_status_change): Now extern. PID and W are now args. | ||
| 94 | Return void, not bool. All callers changed. | ||
| 95 | * sysdep.c (wait_debugging) [(BSD_SYSTEM || HPUX) && !defined (__GNU__)]: | ||
| 96 | Remove. All uses removed. This bug should be fixed now in a | ||
| 97 | different way. | ||
| 98 | (wait_for_termination_1): Use waitpid rather than sigsuspend, | ||
| 99 | and record the child status change directly. This avoids the | ||
| 100 | need to futz with the signal mask. | ||
| 101 | (process_fatal_action): Move here from emacs.c. | ||
| 102 | (emacs_sigaction_flags): New function, containing | ||
| 103 | much of what used to be in emacs_sigaction_init. | ||
| 104 | (emacs_sigaction_init): Use it. Block nonfatal system signals that are | ||
| 105 | caught by emacs, to make races less likely. | ||
| 106 | (deliver_process_signal): Rename from handle_on_main_thread. | ||
| 107 | All uses changed. | ||
| 108 | (BACKTRACE_LIMIT_MAX): Now at top level. | ||
| 109 | (thread_backtrace_buffer, threadback_backtrace_pointers): | ||
| 110 | New static vars. | ||
| 111 | (deliver_thread_signal, deliver_fatal_thread_signal): | ||
| 112 | New functions, for more-accurate delivery of thread-specific signals. | ||
| 113 | (handle_fatal_signal, deliver_fatal_signal): Move here from emacs.c. | ||
| 114 | (deliver_arith_signal): Handle in this thread, not | ||
| 115 | in the main thread, since it's triggered by this thread. | ||
| 116 | (maybe_fatal_sig): New function. | ||
| 117 | (init_signals): New arg DUMPING so that we can be more accurate | ||
| 118 | about whether we're dumping. Caller changed. | ||
| 119 | Treat thread-specific signals differently from process-general signals. | ||
| 120 | Block all signals while handling fatal error; that's safer. | ||
| 121 | xsignal from SIGFPE only on non-IEEE hosts, treating it as fatal | ||
| 122 | on IEEE hosts. | ||
| 123 | When batch, ignore SIGHUP, SIGINT, SIGTERM if they were already ignored. | ||
| 124 | Ignore SIGPIPE unless batch. | ||
| 125 | (emacs_backtrace): Output backtrace for the appropriate thread, | ||
| 126 | which is not necessarily the main thread. | ||
| 127 | * syssignal.h: Include <stdbool.h>. | ||
| 128 | (emacs_raise): New macro. | ||
| 129 | * xterm.c (x_connection_signal): Remove; no longer needed | ||
| 130 | now that we use sigaction. | ||
| 131 | (x_connection_closed): No need to mess with sigmask now. | ||
| 132 | (x_initialize): No need to reset SIGPIPE handler here, since | ||
| 133 | init_signals does this for us now. | ||
| 134 | |||
| 1 | 2012-09-23 Jan Djärv <jan.h.d@swipnet.se> | 135 | 2012-09-23 Jan Djärv <jan.h.d@swipnet.se> |
| 2 | 136 | ||
| 3 | * nsterm.m (ns_dumpglyphs_image): dr is a new rect to draw image into, | 137 | * nsterm.m (ns_dumpglyphs_image): dr is a new rect to draw image into, |