Austin Group Defect Tracker

Aardvark Mark IV


Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0000615 [1003.1(2008)/Issue 7] System Interfaces Editorial Enhancement Request 2012-09-26 02:32 2019-06-10 08:55
Reporter dalias View Status public  
Assigned To ajosey
Priority normal Resolution Accepted As Marked  
Status Closed  
Name Rich Felker
Organization musl libc
User Reference
Section XSH 2.4.3 Signal Actions
Page Number 489
Line Number 16756
Interp Status Approved
Final Accepted Text See Note: 0002254
Summary 0000615: pthread_setcancelstate should be async-signal-safe
Description In order to write a signal handler for an asynchronous signal which can run safely in a cancellable thread, pthread_setcancelstate must be used to disable cancellation for the duration of the signal handler. This is because acting on cancellation at a cancellation point that occurs during a signal handler is, from the perspective of the asynchronously interrupted code, asynchronous cancellation.

Consider for example the case where the main flow of execution of the thread is in malloc at the time a signal arrives, and the signal handler calls an async-signal-safe function which is also a cancellation point (such as open/close).
Desired Action Add pthread_setcancelstate to the list of async-signal-safe functions, with notes to the effect that if a signal handler invokes cancellation points and may be invoked in a thread that is the target of cancellation, the application shall ensure either that the signal handler cannot interrupt any function which is not async-cancel-safe, or that pthread_setcancelstate is used to prevent cancellation from being acted upon in the signal handler.

If this is not acceptable, then application usage notes should be added to the effect that cancellable threads shall avoid executing signal handlers which could invoke cancellation points, either by blocking all signals in the thread or by assuring that no signal handler which invokes cancellation points has been installed.
Tags tc2-2008
Attached Files

- Relationships
related to 0000622Closedajosey Disallow loophole for asynchronous cancellation of any function 
parent of 0000841Closedajosey pthread_setcancelstate should be async-signal-safe 

-  Notes
(0001623)
msbrown (manager)
2013-05-23 15:11

Mark: AIX appears to be async-signal-safe.

Andrew reports Apple: not async-signal-safe, but not pthreads conforming so may not be relevant.
(0001628)
jim_pugsley (manager)
2013-05-30 14:24

pthread_setcancelstate is async-signal-safe in Solaris.
(0002249)
geoffclare (manager)
2014-05-22 16:14

For the record we also had this response from HP on 2013-06-07:

The routine pthread_setcancelstate() is *not* async-signal-safe on HPUX
(0002250)
rhansen (manager)
2014-05-23 04:15

NetBSD's pthread_setcancelstate() is not async-signal-safe:
http://mail-index.netbsd.org/tech-userlevel/2014/05/23/msg008558.html [^]
(0002254)
Don Cragun (manager)
2014-05-29 16:24
edited on: 2014-05-29 16:34

Interpretation response
------------------------
The standard states that when a thread's cancelability state is PTHREAD_CANCEL_DEFERRED, cancellation requests are held pending until a cancellation point is reached, and conforming implementations must conform to this. However, concerns have been raised about this which are being referred to the sponsor (some cancellation points may be reached in an asynchronous signal handler because some cancellation points are in async-signal-safe functions).

Rationale:
-------------
In order to write a signal handler for an asynchronous signal which can run safely in a cancellable thread, pthread_setcancelstate() must be used to disable cancellation for the duration of any calls that the signal handler makes which are cancellation points. However, the standard does not currently permit strictly conforming applications to do this since pthread_setcancelstate() is not required to be async-signal-safe.

Notes to the Editor (not part of this interpretation):
-------------------------------------------------------
At page 489 line 16756 (XSH 2.4.3 Signal Actions), change:
All functions not in the above table are considered to be unsafe with respect to signals.

to:
Any function not in the above table may be unsafe with respect to signals. Implementations may make other interfaces async-signal-safe.


At page 1695 line 54349 (XSH pthread_setcancelstate() future directions), change:
None.

to:
The pthread_setcancelstate() function may be added to the table of async-signal-safe functions in section 2.4.3 on page 489.


(0002290)
ajosey (manager)
2014-06-27 11:09

Interpretation proposed June 27 2014
(0002330)
ajosey (manager)
2014-08-05 13:17

Interpretation approved 5 August 2014

- Issue History
Date Modified Username Field Change
2012-09-26 02:32 dalias New Issue
2012-09-26 02:32 dalias Status New => Under Review
2012-09-26 02:32 dalias Assigned To => ajosey
2012-09-26 02:32 dalias Name => Rich Felker
2012-09-26 02:32 dalias Organization => musl libc
2012-09-26 02:32 dalias Section => XSH 2.4.3 Signal Actions
2012-09-26 02:32 dalias Page Number => unknown
2012-09-26 02:32 dalias Line Number => unknown
2013-04-25 16:19 Don Cragun Relationship added related to 0000622
2013-05-23 15:11 msbrown Note Added: 0001623
2013-05-30 14:24 jim_pugsley Note Added: 0001628
2014-05-22 16:14 geoffclare Note Added: 0002249
2014-05-23 04:15 rhansen Note Added: 0002250
2014-05-29 16:24 Don Cragun Interp Status => ---
2014-05-29 16:24 Don Cragun Note Added: 0002254
2014-05-29 16:24 Don Cragun Status Under Review => Interpretation Required
2014-05-29 16:24 Don Cragun Resolution Open => Accepted As Marked
2014-05-29 16:25 nick Issue cloned 0000841
2014-05-29 16:25 nick Relationship added parent of 0000841
2014-05-29 16:26 Don Cragun Page Number unknown => 489
2014-05-29 16:26 Don Cragun Line Number unknown => 16756
2014-05-29 16:26 Don Cragun Interp Status --- => Pending
2014-05-29 16:26 Don Cragun Final Accepted Text => See Note: 0002254
2014-05-29 16:27 geoffclare Tag Attached: tc2-2008
2014-05-29 16:34 Don Cragun Note Edited: 0002254
2014-06-27 11:09 ajosey Interp Status Pending => Proposed
2014-06-27 11:09 ajosey Note Added: 0002290
2014-08-05 13:17 ajosey Interp Status Proposed => Approved
2014-08-05 13:17 ajosey Note Added: 0002330
2019-06-10 08:55 agadmin Status Interpretation Required => Closed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker