Eric Blake wrote:
> + /* POSIX states that sigprocmask and signal are both
> + async-signal-safe.
Going through the list of async-signal-safe functions, gnulib overrides
quite a few. I propose to add comments so that this is remembered in future
modifications of the functions.
OK to apply the attached comments, Jim?
There are problems with the mkdir(), rmdir(), rename() substitutes.
The rmdir() substitute could be removed; it is most probably not needed any
more nowadays. For mkdir() and rename(), a workaround would be to assume a
file name of length PATH_MAX at most. But this would be a pessimization of
the current code (for the normal case that the function is called from the
main program, not from a signal handler).
Is there a portable way to detect whether the program is currently executing
a signal handler?
Bruno
--- lib/chown.c.orig 2008-06-22 21:17:45.000000000 +0200
+++ lib/chown.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,7 +1,7 @@
/* provide consistent interface to chown for systems that don't interpret
an ID of -1 as meaning `don't change the corresponding ID'.
- Copyright (C) 1997, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+ Copyright (C) 1997, 2004-2008 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -43,6 +43,11 @@
`don't change the corresponding ID'.
- chown doesn't dereference symlinks. */
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'. */
+
int
rpl_chown (const char *file, uid_t uid, gid_t gid)
{
--- lib/dup2.c.orig 2008-06-22 21:17:45.000000000 +0200
+++ lib/dup2.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,6 +1,6 @@
/* Duplicate an open file descriptor to a specified file descriptor.
- Copyright (C) 1999, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+ Copyright (C) 1999, 2004-2008 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -43,6 +43,11 @@
}
#endif
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'. */
+
int
dup2 (int fd, int desired_fd)
{
--- lib/getgroups.c.orig 2008-06-22 21:17:45.000000000 +0200
+++ lib/getgroups.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,6 +1,6 @@
/* provide consistent interface to getgroups for systems that don't allow N==0
- Copyright (C) 1996, 1999, 2003, 2006, 2007 Free Software Foundation, Inc.
+ Copyright (C) 1996, 1999, 2003, 2006-2008 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -31,6 +31,14 @@
process. This function handles that special case and lets the system-
provided function handle all others. */
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'.
+ But we cannot achieve this goal here, because we would have to preallocate
+ an array of (sysconf (_POSIX_NGROUPS_MAX) + 1) GETGROUPS_T elements, but
+ this number is not a constant (and NGROUPS_MAX + 1 may not be enough). */
+
int
rpl_getgroups (int n, GETGROUPS_T *group)
{
--- lib/lseek.c.orig 2008-06-22 21:17:45.000000000 +0200
+++ lib/lseek.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,5 +1,5 @@
/* An lseek() function that detects pipes.
- Copyright (C) 2007 Free Software Foundation, Inc.
+ Copyright (C) 2007-2008 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -31,6 +31,11 @@
#undef lseek
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'. */
+
off_t
rpl_lseek (int fd, off_t offset, int whence)
{
--- lib/lstat.c.orig 2008-06-22 21:17:45.000000000 +0200
+++ lib/lstat.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,7 +1,6 @@
/* Work around a bug of lstat on some systems
- Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free
- Software Foundation, Inc.
+ Copyright (C) 1997-1999, 2000-2006, 2008 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -43,6 +42,11 @@
If the referent is a non-directory, then set errno to ENOTDIR
and return -1. Otherwise, return stat's result. */
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'. */
+
int
rpl_lstat (const char *file, struct stat *sbuf)
{
--- lib/mkdir.c.orig 2008-06-22 21:17:45.000000000 +0200
+++ lib/mkdir.c 2008-06-22 21:17:21.000000000 +0200
@@ -44,6 +44,13 @@
/* This function is required at least for NetBSD 1.5.2. */
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'.
+ But if we want to achieve this goal here, we need to limit strlen (DIR)
+ to PATH_MAX. */
+
int
rpl_mkdir (char const *dir, mode_t mode)
{
--- lib/open.c.orig 2008-06-22 21:17:46.000000000 +0200
+++ lib/open.c 2008-06-22 21:17:21.000000000 +0200
@@ -30,6 +30,11 @@
# include <sys/types.h>
# include <sys/stat.h>
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'. */
+
int
open (const char *filename, int flags, ...)
# undef open
--- lib/poll.c.orig 2008-06-22 21:17:46.000000000 +0200
+++ lib/poll.c 2008-06-22 21:17:21.000000000 +0200
@@ -48,6 +48,11 @@
#define MSG_PEEK 0
#endif
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'. */
+
int
poll (pfd, nfd, timeout)
struct pollfd *pfd;
--- lib/rename.c.orig 2008-06-22 21:17:46.000000000 +0200
+++ lib/rename.c 2008-06-22 21:17:21.000000000 +0200
@@ -2,7 +2,7 @@
file has a trailing slash. The rename functions of SunOS 4.1.1_U1 and
mips-dec-ultrix4.4 have this bug.
- Copyright (C) 2001, 2002, 2003, 2005, 2006 Free Software Foundation, Inc.
+ Copyright (C) 2001-2003, 2005-2006, 2008 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -32,6 +32,13 @@
/* Rename the file SRC to DST, removing any trailing
slashes from SRC. Needed for SunOS 4.1.1_U1. */
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'.
+ But if we want to achieve this goal here, we need to limit strlen (SRC)
+ to PATH_MAX. */
+
int
rpl_rename (char const *src, char const *dst)
{
--- lib/rmdir.c.orig 2008-06-22 21:17:46.000000000 +0200
+++ lib/rmdir.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,7 +1,7 @@
/* BSD compatible remove directory function for System V
- Copyright (C) 1988, 1990, 1999, 2003, 2004, 2005, 2006 Free
- Software Foundation, Inc.
+ Copyright (C) 1988, 1990, 1999, 2003-2006, 2008 Free Software Foundation,
+ Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -27,6 +27,13 @@
/* Remove directory DIR.
Return 0 if successful, -1 if not. */
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'.
+ But if we want to achieve this goal here, we have to choose a different
+ implementation. */
+
int
rmdir (char const *dir)
{
--- lib/sigaction.c.orig 2008-06-22 21:17:46.000000000 +0200
+++ lib/sigaction.c 2008-06-22 21:17:21.000000000 +0200
@@ -115,6 +115,12 @@
signal SIG. If not NULL, ACT describes the new behavior. If not
NULL, OACT is set to the prior behavior. Return 0 on success, or
set errno and return -1 on failure. */
+
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'. */
+
int
sigaction (int sig, const struct sigaction *restrict act,
struct sigaction *restrict oact)
--- lib/sigprocmask.c.orig 2008-06-22 21:17:46.000000000 +0200
+++ lib/sigprocmask.c 2008-06-22 21:17:21.000000000 +0200
@@ -45,6 +45,13 @@
# define SIGSTOP (-1)
#endif
+/* Note: The functions sigismember, sigemptyset, sigaddset, sigdelset,
+ sigfillset, sigpending, sigprocmask, signal are declared async-signal-safe
+ by POSIX <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Their implementations therefore must not use malloc(), and all statically
+ allocated variables that they access must be marked 'volatile'.
+ But we cannot achieve this goal for sigprocmask and signal. */
+
int
sigismember (const sigset_t *set, int sig)
{
--- lib/sleep.c.orig 2008-06-22 21:17:46.000000000 +0200
+++ lib/sleep.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,5 +1,5 @@
/* Pausing execution of the current thread.
- Copyright (C) 2007 Free Software Foundation, Inc.
+ Copyright (C) 2007-2008 Free Software Foundation, Inc.
Written by Bruno Haible <[EMAIL PROTECTED]>, 2007.
This program is free software: you can redistribute it and/or modify
@@ -25,6 +25,11 @@
# define WIN32_LEAN_AND_MEAN /* avoid including junk */
# include <windows.h>
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'. */
+
unsigned int
sleep (unsigned int seconds)
{
--- lib/utime.c.orig 2008-06-22 21:17:46.000000000 +0200
+++ lib/utime.c 2008-06-22 21:17:21.000000000 +0200
@@ -1,4 +1,4 @@
-/* Copyright (C) 1998, 2001, 2002, 2003, 2004, 2006 Free Software
+/* Copyright (C) 1998, 2001, 2002, 2003, 2004, 2006, 2008 Free Software
Foundation, Inc.
This program is free software: you can redistribute it and/or modify it
@@ -98,6 +98,11 @@
#endif
}
+/* Note: This function is declared async-signal-safe by POSIX
+ <http://www.opengroup.org/susv3/functions/xsh_chap02_04.html>.
+ Its implementation therefore must not use malloc(), and all statically
+ allocated variables that it accesses must be marked 'volatile'. */
+
int
rpl_utime (const char *file, const struct utimbuf *times)
{
