Re: [WORKAROUND] Re^4: Setting signal handlers considered unsafe?

Isn't that a rather serious bug in perl (famous last words)? Looking at the code there is no place where a handler capable of dying is possibly called outside eval.

Could a signal get caught while perl was inside the eval block, a Perl-level handler stored somewhere and its execution resumed after the current opcode "exit eval block" finished? But at the ending brace of the eval block the handler should have already been reset.

The problem is that "at the ending brace of the eval block" the handler is not reset.

For that to be the case, it would be necessary to localise the $SIG{ALRM}. But as has been discovered, the serious bug is that the localisation temporarily sets the DEFAULT -- which is horrible.

Anyway, reverting to the empirical approach: to show that the handler set in the eval block remains set after the handler dies and terminates the eval, I modified your test as shown below. The results I got are:

+++ parent entering wrap_sigs loop
$SIG{ALRM}=outr_alrm enter wrap_alrm
$SIG{ALRM}=outr_alrm exit  wrap_alrm (0) $outr=0; $rcvd=0; $dies=0; $wrap=0
$SIG{ALRM}=outr_alrm after sleep         $outr=0; $rcvd=0; $dies=0; $wrap=0
$SIG{ALRM}=outr_alrm enter wrap_alrm
$SIG{ALRM}=outr_alrm exit  wrap_alrm (0) $outr=0; $rcvd=0; $dies=0; $wrap=0
$SIG{ALRM}=outr_alrm after sleep         $outr=0; $rcvd=0; $dies=0; $wrap=0
$SIG{ALRM}=outr_alrm enter wrap_alrm
$SIG{ALRM}=outr_alrm exit  wrap_alrm (0) $outr=0; $rcvd=0; $dies=0; $wrap=0
+++ child starting signal storm
$SIG{ALRM}=outr_alrm after sleep         $outr=1; $rcvd=0; $dies=0; $wrap=0
$SIG{ALRM}=outr_alrm enter wrap_alrm
$SIG{ALRM}=wrap_alrm exit  wrap_alrm (1) $outr=1; $rcvd=1; $dies=1; $wrap=0
$SIG{ALRM}=wrap_alrm after sleep         $outr=1; $rcvd=2; $dies=1; $wrap=1
$SIG{ALRM}=wrap_alrm enter wrap_alrm
$SIG{ALRM}=wrap_alrm exit  wrap_alrm (1) $outr=1; $rcvd=3; $dies=2; $wrap=1
$SIG{ALRM}=wrap_alrm after sleep         $outr=1; $rcvd=4; $dies=2; $wrap=2
$SIG{ALRM}=wrap_alrm enter wrap_alrm
$SIG{ALRM}=wrap_alrm exit  wrap_alrm (1) $outr=1; $rcvd=5; $dies=3; $wrap=2
$SIG{ALRM}=wrap_alrm after sleep         $outr=1; $rcvd=6; $dies=3; $wrap=3
$SIG{ALRM}=wrap_alrm enter wrap_alrm
$SIG{ALRM}=wrap_alrm exit  wrap_alrm (1) $outr=1; $rcvd=7; $dies=4; $wrap=3
$SIG{ALRM}=wrap_alrm after sleep         $outr=1; $rcvd=8; $dies=4; $wrap=4

this shows:

to start with the ALRM is set to the "outr_alrm" subroutine, which simply counts up the $outr counter.
before the child process starts sending ALRMs the eval in the "wrap_alrm" subroutine sets it's own ALRM signal handler, sleeps for a bit, and the restores the "outr_alrm" handler. The output above shows that before and after the call to "wrap_alrm", $SIG{ALRM} is set to the "outr_alrm".
when the child process starts sendin ALRMs it first catches the parent sleeping outside the "wrap_alrm" subroutine -- so we see the $outr signal counter steps by one.
then the parent process loops round and enters "wrap alrm", and in the eval sets its own handler. This promptly collects a signal, which counts up $rcvd and since it is in the eval, counts up $dies and dies. This terminates the eval, which skips the restoration of the "outr_alrm" handler.
so, on exit from "wrap_alrm" when its handler has died, we can see that its handler is still in place.
so, the sleep that follows is interrupted by a further ALRM, which while outside the eval counts up $wrap (and does not die).
and the process continues, with the "wrap_alrm" handler in place...

I hope this is reasonably clear !

use strict; use warnings ;

$| = 1 ;

my $outr = 0 ;  # count of ALRMs seen by "outer" handler
my $rcvd = 0 ;    # count of ALRMs seen by "wrap_alrm" handler
my $wrap = 0 ;  # count of ALRMs seen by "wrap_alrm" handler *outside*
+ eval
my $dies = 0 ;  # count of ALRMs seen by "wrap_alrm" signal  *inside* 
+ eval
my $eval = 0 ;  # Flag set while in eval {} in "wrap_alrm"

my %handlers = () ;

sub wrap_alrm {
  my $died = $dies ;
  $eval = 1 ;    # NB: there is a race here
  eval {
    my $old = $SIG{ALRM} || 'DEFAULT' ;

    $SIG{ALRM} = sub {
      $rcvd++ ;
      if ($eval) { $dies++ ; die ("SIG ALRM $rcvd\n") ; }
            else { $wrap++ ;                            } ; 
    } ;

    $handlers{$SIG{ALRM}} = 'wrap_alrm' ;

    sleep 1 ;

    $SIG{ALRM} = $old ;
  } ;
  $eval = 0 ;    # And a race here, too
  return $dies - $died ;
}

my $pid = fork;
if ($pid) {
  $SIG{ALRM} = sub { $outr++ ; } ;
  $handlers{$SIG{ALRM}} = 'outr_alrm' ;
  my $timeout = time + 10 ;
  print "+++ parent entering wrap_sigs loop\n" ;
  while (time < $timeout) {
    print "\$SIG{ALRM}=", $handlers{$SIG{ALRM}}, " enter wrap_alrm\n" 
+;
    my $died = wrap_alrm() ;
    print "\$SIG{ALRM}=", $handlers{$SIG{ALRM}}, " exit  wrap_alrm ($d
+ied) ",
                       "\$outr=$outr; \$rcvd=$rcvd; \$dies=$dies; \$wr
+ap=$wrap\n" ;
    sleep 1 ;
    print "\$SIG{ALRM}=", $handlers{$SIG{ALRM}}, " after sleep        
+ ",
                       "\$outr=$outr; \$rcvd=$rcvd; \$dies=$dies; \$wr
+ap=$wrap\n" ;
  } ;
  print "parent survived, killing child\n" ;
  kill TERM => $pid ;
}
else {
  sleep 6 ;
  print "+++ child starting signal storm\n" ;
  my $timeout = time + 2 ;
  while(time < $timeout) { kill ALRM => getppid ; } ;
} ;
[download]

Comment on Re: [WORKAROUND] Re^4: Setting signal handlers considered unsafe? Select or Download Code