diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /third_party/rust/signal-hook-registry | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/rust/signal-hook-registry')
-rw-r--r-- | third_party/rust/signal-hook-registry/.cargo-checksum.json | 1 | ||||
-rw-r--r-- | third_party/rust/signal-hook-registry/Cargo.toml | 40 | ||||
-rw-r--r-- | third_party/rust/signal-hook-registry/LICENSE-APACHE | 201 | ||||
-rw-r--r-- | third_party/rust/signal-hook-registry/LICENSE-MIT | 25 | ||||
-rw-r--r-- | third_party/rust/signal-hook-registry/README.md | 24 | ||||
-rw-r--r-- | third_party/rust/signal-hook-registry/src/half_lock.rs | 232 | ||||
-rw-r--r-- | third_party/rust/signal-hook-registry/src/lib.rs | 789 | ||||
-rw-r--r-- | third_party/rust/signal-hook-registry/tests/unregister_signal.rs | 59 |
8 files changed, 1371 insertions, 0 deletions
diff --git a/third_party/rust/signal-hook-registry/.cargo-checksum.json b/third_party/rust/signal-hook-registry/.cargo-checksum.json new file mode 100644 index 0000000000..f09d3b0069 --- /dev/null +++ b/third_party/rust/signal-hook-registry/.cargo-checksum.json @@ -0,0 +1 @@ +{"files":{"Cargo.toml":"42fe4108f3d88108c7d65d951a56842f47644a8a4e2d6932c34b9a9fae098316","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"503558bfefe66ca15e4e3f7955b3cb0ec87fd52f29bf24b336af7bd00e946d5c","README.md":"56d8abee3efdf82aed1791a81feb60d9db987cedfa9c2e2a6b9451ac94bb88f7","src/half_lock.rs":"548fc2e283ef638a9f90e194d112a11c94205c87004d6da2e65eaa98f7a5a670","src/lib.rs":"1ed9cb19bfcde72036f983e2800ffa10c7ef4df0a0500bc697c49374260f1ac8","tests/unregister_signal.rs":"5baeebbde2bd7e63ae9a1f1e476d33f0bfd368c1edcdab3677de6a62b04f5118"},"package":"d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1"}
\ No newline at end of file diff --git a/third_party/rust/signal-hook-registry/Cargo.toml b/third_party/rust/signal-hook-registry/Cargo.toml new file mode 100644 index 0000000000..064358fbc8 --- /dev/null +++ b/third_party/rust/signal-hook-registry/Cargo.toml @@ -0,0 +1,40 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +name = "signal-hook-registry" +version = "1.4.1" +authors = [ + "Michal 'vorner' Vaner <vorner@vorner.cz>", + "Masaki Hara <ackie.h.gmai@gmail.com>", +] +description = "Backend crate for signal-hook" +documentation = "https://docs.rs/signal-hook-registry" +readme = "README.md" +keywords = [ + "signal", + "unix", + "daemon", +] +license = "Apache-2.0/MIT" +repository = "https://github.com/vorner/signal-hook" + +[dependencies.libc] +version = "~0.2" + +[dev-dependencies.signal-hook] +version = "~0.3" + +[badges.maintenance] +status = "actively-developed" + +[badges.travis-ci] +repository = "vorner/signal-hook" diff --git a/third_party/rust/signal-hook-registry/LICENSE-APACHE b/third_party/rust/signal-hook-registry/LICENSE-APACHE new file mode 100644 index 0000000000..16fe87b06e --- /dev/null +++ b/third_party/rust/signal-hook-registry/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/third_party/rust/signal-hook-registry/LICENSE-MIT b/third_party/rust/signal-hook-registry/LICENSE-MIT new file mode 100644 index 0000000000..ebe0bc91ea --- /dev/null +++ b/third_party/rust/signal-hook-registry/LICENSE-MIT @@ -0,0 +1,25 @@ +Copyright (c) 2017 tokio-jsonrpc developers + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/third_party/rust/signal-hook-registry/README.md b/third_party/rust/signal-hook-registry/README.md new file mode 100644 index 0000000000..eb4773328f --- /dev/null +++ b/third_party/rust/signal-hook-registry/README.md @@ -0,0 +1,24 @@ +# Signal-hook-registry + +[![Travis Build Status](https://api.travis-ci.org/vorner/signal-hook.svg?branch=master)](https://travis-ci.org/vorner/signal-hook) + +This is the backend crate for the +[signal-hook](https://crates.io/crates/signal-hook) crate. The general direct use of +this crate is discouraged. See the +[documentation](https://docs.rs/signal-hook-registry) for further details. + +## License + +Licensed under either of + + * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0) + * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally +submitted for inclusion in the work by you, as defined in the Apache-2.0 +license, shall be dual licensed as above, without any additional terms +or conditions. diff --git a/third_party/rust/signal-hook-registry/src/half_lock.rs b/third_party/rust/signal-hook-registry/src/half_lock.rs new file mode 100644 index 0000000000..61d858cf4f --- /dev/null +++ b/third_party/rust/signal-hook-registry/src/half_lock.rs @@ -0,0 +1,232 @@ +//! The half-lock structure +//! +//! We need a way to protect the structure with configured hooks ‒ a signal may happen in arbitrary +//! thread and needs to read them while another thread might be manipulating the structure. +//! +//! Under ordinary circumstances we would be happy to just use `Mutex<HashMap<c_int, _>>`. However, +//! as we use it in the signal handler, we are severely limited in what we can or can't use. So we +//! choose to implement kind of spin-look thing with atomics. +//! +//! In the reader it is always simply locked and then unlocked, making sure it doesn't disappear +//! while in use. +//! +//! The writer has a separate mutex (that prevents other writers; this is used outside of the +//! signal handler), makes a copy of the data and swaps an atomic pointer to the data structure. +//! But it waits until everything is unlocked (no signal handler has the old data) for dropping the +//! old instance. There's a generation trick to make sure that new signal locks another instance. +//! +//! The downside is, this is an active spin lock at the writer end. However, we assume than: +//! +//! * Signals are one time setup before we actually have threads. We just need to make *sure* we +//! are safe even if this is not true. +//! * Signals are rare, happening at the same time as the write even rarer. +//! * Signals are short, as there is mostly nothing allowed inside them anyway. +//! * Our tool box is severely limited. +//! +//! Therefore this is hopefully reasonable trade-off. +//! +//! # Atomic orderings +//! +//! The whole code uses SeqCst conservatively. Atomics are not used because of performance here and +//! are the minor price around signals anyway. But the comments state which orderings should be +//! enough in practice in case someone wants to get inspired (but do make your own check through +//! them anyway). + +use std::isize; +use std::marker::PhantomData; +use std::ops::Deref; +use std::sync::atomic::{self, AtomicPtr, AtomicUsize, Ordering}; +use std::sync::{Mutex, MutexGuard, PoisonError}; +use std::thread; + +use libc; + +const YIELD_EVERY: usize = 16; +const MAX_GUARDS: usize = (isize::MAX) as usize; + +pub(crate) struct ReadGuard<'a, T: 'a> { + data: &'a T, + lock: &'a AtomicUsize, +} + +impl<'a, T> Deref for ReadGuard<'a, T> { + type Target = T; + fn deref(&self) -> &T { + self.data + } +} + +impl<'a, T> Drop for ReadGuard<'a, T> { + fn drop(&mut self) { + // We effectively unlock; Release would be enough. + self.lock.fetch_sub(1, Ordering::SeqCst); + } +} + +pub(crate) struct WriteGuard<'a, T: 'a> { + _guard: MutexGuard<'a, ()>, + lock: &'a HalfLock<T>, + data: &'a T, +} + +impl<'a, T> WriteGuard<'a, T> { + pub(crate) fn store(&mut self, val: T) { + // Move to the heap and convert to raw pointer for AtomicPtr. + let new = Box::into_raw(Box::new(val)); + + self.data = unsafe { &*new }; + + // We can just put the new value in here safely, we worry only about dropping the old one. + // Release might (?) be enough, to "upload" the data. + let old = self.lock.data.swap(new, Ordering::SeqCst); + + // Now we make sure there's no reader having the old data. + self.lock.write_barrier(); + + drop(unsafe { Box::from_raw(old) }); + } +} + +impl<'a, T> Deref for WriteGuard<'a, T> { + type Target = T; + fn deref(&self) -> &T { + // Protected by that mutex + self.data + } +} + +pub(crate) struct HalfLock<T> { + // We conceptually contain an instance of T + _t: PhantomData<T>, + // The actual data as a pointer. + data: AtomicPtr<T>, + // The generation of the data. Influences which slot of the lock counter we use. + generation: AtomicUsize, + // How many active locks are there? + lock: [AtomicUsize; 2], + // Mutex for the writers; only one writer. + write_mutex: Mutex<()>, +} + +impl<T> HalfLock<T> { + pub(crate) fn new(data: T) -> Self { + // Move to the heap so we can safely point there. Then convert to raw pointer as AtomicPtr + // operates on raw pointers. The AtomicPtr effectively acts like Box for us semantically. + let ptr = Box::into_raw(Box::new(data)); + Self { + _t: PhantomData, + data: AtomicPtr::new(ptr), + generation: AtomicUsize::new(0), + lock: [AtomicUsize::new(0), AtomicUsize::new(0)], + write_mutex: Mutex::new(()), + } + } + + pub(crate) fn read(&self) -> ReadGuard<T> { + // Relaxed should be enough; we only pick one or the other slot and the writer observes + // that both were 0 at some time. So the actual value doesn't really matter for safety, + // only the changing improves the performance. + let gen = self.generation.load(Ordering::SeqCst); + let lock = &self.lock[gen % 2]; + // Effectively locking something, acquire should be enough. + let guard_cnt = lock.fetch_add(1, Ordering::SeqCst); + + // This is to prevent overflowing the counter in some degenerate cases, which could lead to + // UB (freeing data while still in use). However, as this data structure is used only + // internally and it's not possible to leak the guard and the guard itself takes some + // memory, it should be really impossible to trigger this case. Still, we include it from + // abundance of caution. + // + // This technically is not fully correct as enough threads being in between here and the + // abort below could still overflow it and it could get freed for some *other* thread, but + // that would mean having too many active threads to fit into RAM too and is even more + // absurd corner case than the above. + if guard_cnt > MAX_GUARDS { + unsafe { libc::abort() }; + } + + // Acquire should be enough; we need to "download" the data, paired with the swap on the + // same pointer. + let data = self.data.load(Ordering::SeqCst); + // Safe: + // * It did point to valid data when put in. + // * Protected by lock, so still valid. + let data = unsafe { &*data }; + + ReadGuard { data, lock } + } + + fn update_seen(&self, seen_zero: &mut [bool; 2]) { + for (seen, slot) in seen_zero.iter_mut().zip(&self.lock) { + *seen = *seen || slot.load(Ordering::SeqCst) == 0; + } + } + + fn write_barrier(&self) { + // Do a first check of seeing zeroes before we switch the generation. At least one of them + // should be zero by now, due to having drained the generation before leaving the previous + // writer. + let mut seen_zero = [false; 2]; + self.update_seen(&mut seen_zero); + // By switching the generation to the other slot, we make sure the currently active starts + // draining while the other will start filling up. + self.generation.fetch_add(1, Ordering::SeqCst); // Overflow is fine. + + let mut iter = 0usize; + while !seen_zero.iter().all(|s| *s) { + iter = iter.wrapping_add(1); + + // Be somewhat less aggressive while looping, switch to the other threads if possible. + if cfg!(not(miri)) { + if iter % YIELD_EVERY == 0 { + thread::yield_now(); + } else { + // Replaced by hint::spin_loop, but we want to support older compiler + #[allow(deprecated)] + atomic::spin_loop_hint(); + } + } + + self.update_seen(&mut seen_zero); + } + } + + pub(crate) fn write(&self) -> WriteGuard<T> { + // While it's possible the user code panics, our code in store doesn't and the data gets + // swapped atomically. So if it panics, nothing gets changed, therefore poisons are of no + // interest here. + let guard = self + .write_mutex + .lock() + .unwrap_or_else(PoisonError::into_inner); + + // Relaxed should be enough, as we are under the same mutex that was used to get the data + // in. + let data = self.data.load(Ordering::SeqCst); + // Safe: + // * Stored as valid data + // * Only this method, protected by mutex, can change the pointer, so it didn't go away. + let data = unsafe { &*data }; + + WriteGuard { + data, + _guard: guard, + lock: self, + } + } +} + +impl<T> Drop for HalfLock<T> { + fn drop(&mut self) { + // During drop we are sure there are no other borrows of the data so we are free to just + // drop it. Also, the drop impl won't be called in practice in our case, as it is used + // solely as a global variable, but we provide it for completeness and tests anyway. + // + // unsafe: the pointer in there is always valid, we just take the last instance out. + unsafe { + // Acquire should be enough. + let data = Box::from_raw(self.data.load(Ordering::SeqCst)); + drop(data); + } + } +} diff --git a/third_party/rust/signal-hook-registry/src/lib.rs b/third_party/rust/signal-hook-registry/src/lib.rs new file mode 100644 index 0000000000..e488906e64 --- /dev/null +++ b/third_party/rust/signal-hook-registry/src/lib.rs @@ -0,0 +1,789 @@ +#![doc(test(attr(deny(warnings))))] +#![warn(missing_docs)] +#![allow(unknown_lints, renamed_and_remove_lints, bare_trait_objects)] + +//! Backend of the [signal-hook] crate. +//! +//! The [signal-hook] crate tries to provide an API to the unix signals, which are a global +//! resource. Therefore, it is desirable an application contains just one version of the crate +//! which manages this global resource. But that makes it impossible to make breaking changes in +//! the API. +//! +//! Therefore, this crate provides very minimal and low level API to the signals that is unlikely +//! to have to change, while there may be multiple versions of the [signal-hook] that all use this +//! low-level API to provide different versions of the high level APIs. +//! +//! It is also possible some other crates might want to build a completely different API. This +//! split allows these crates to still reuse the same low-level routines in this crate instead of +//! going to the (much more dangerous) unix calls. +//! +//! # What this crate provides +//! +//! The only thing this crate does is multiplexing the signals. An application or library can add +//! or remove callbacks and have multiple callbacks for the same signal. +//! +//! It handles dispatching the callbacks and managing them in a way that uses only the +//! [async-signal-safe] functions inside the signal handler. Note that the callbacks are still run +//! inside the signal handler, so it is up to the caller to ensure they are also +//! [async-signal-safe]. +//! +//! # What this is for +//! +//! This is a building block for other libraries creating reasonable abstractions on top of +//! signals. The [signal-hook] is the generally preferred way if you need to handle signals in your +//! application and provides several safe patterns of doing so. +//! +//! # Rust version compatibility +//! +//! Currently builds on 1.26.0 an newer and this is very unlikely to change. However, tests +//! require dependencies that don't build there, so tests need newer Rust version (they are run on +//! stable). +//! +//! # Portability +//! +//! This crate includes a limited support for Windows, based on `signal`/`raise` in the CRT. +//! There are differences in both API and behavior: +//! +//! - Due to lack of `siginfo_t`, we don't provide `register_sigaction` or `register_unchecked`. +//! - Due to lack of signal blocking, there's a race condition. +//! After the call to `signal`, there's a moment where we miss a signal. +//! That means when you register a handler, there may be a signal which invokes +//! neither the default handler or the handler you register. +//! - Handlers registered by `signal` in Windows are cleared on first signal. +//! To match behavior in other platforms, we re-register the handler each time the handler is +//! called, but there's a moment where we miss a handler. +//! That means when you receive two signals in a row, there may be a signal which invokes +//! the default handler, nevertheless you certainly have registered the handler. +//! +//! [signal-hook]: https://docs.rs/signal-hook +//! [async-signal-safe]: http://www.man7.org/linux/man-pages/man7/signal-safety.7.html + +extern crate libc; + +mod half_lock; + +use std::collections::hash_map::Entry; +use std::collections::{BTreeMap, HashMap}; +use std::io::Error; +use std::mem; +#[cfg(not(windows))] +use std::ptr; +// Once::new is now a const-fn. But it is not stable in all the rustc versions we want to support +// yet. +#[allow(deprecated)] +use std::sync::ONCE_INIT; +use std::sync::{Arc, Once}; + +#[cfg(not(windows))] +use libc::{c_int, c_void, sigaction, siginfo_t}; +#[cfg(windows)] +use libc::{c_int, sighandler_t}; + +#[cfg(not(windows))] +use libc::{SIGFPE, SIGILL, SIGKILL, SIGSEGV, SIGSTOP}; +#[cfg(windows)] +use libc::{SIGFPE, SIGILL, SIGSEGV}; + +use half_lock::HalfLock; + +// These constants are not defined in the current version of libc, but it actually +// exists in Windows CRT. +#[cfg(windows)] +const SIG_DFL: sighandler_t = 0; +#[cfg(windows)] +const SIG_IGN: sighandler_t = 1; +#[cfg(windows)] +const SIG_GET: sighandler_t = 2; +#[cfg(windows)] +const SIG_ERR: sighandler_t = !0; + +// To simplify implementation. Not to be exposed. +#[cfg(windows)] +#[allow(non_camel_case_types)] +struct siginfo_t; + +// # Internal workings +// +// This uses a form of RCU. There's an atomic pointer to the current action descriptors (in the +// form of IndependentArcSwap, to be able to track what, if any, signal handlers still use the +// version). A signal handler takes a copy of the pointer and calls all the relevant actions. +// +// Modifications to that are protected by a mutex, to avoid juggling multiple signal handlers at +// once (eg. not calling sigaction concurrently). This should not be a problem, because modifying +// the signal actions should be initialization only anyway. To avoid all allocations and also +// deallocations inside the signal handler, after replacing the pointer, the modification routine +// needs to busy-wait for the reference count on the old pointer to drop to 1 and take ownership ‒ +// that way the one deallocating is the modification routine, outside of the signal handler. + +#[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd, Hash)] +struct ActionId(u128); + +/// An ID of registered action. +/// +/// This is returned by all the registration routines and can be used to remove the action later on +/// with a call to [`unregister`]. +#[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd, Hash)] +pub struct SigId { + signal: c_int, + action: ActionId, +} + +// This should be dyn Fn(...), but we want to support Rust 1.26.0 and that one doesn't allow dyn +// yet. +#[allow(unknown_lints, bare_trait_objects)] +type Action = Fn(&siginfo_t) + Send + Sync; + +#[derive(Clone)] +struct Slot { + prev: Prev, + // We use BTreeMap here, because we want to run the actions in the order they were inserted. + // This works, because the ActionIds are assigned in an increasing order. + actions: BTreeMap<ActionId, Arc<Action>>, +} + +impl Slot { + #[cfg(windows)] + fn new(signal: libc::c_int) -> Result<Self, Error> { + let old = unsafe { libc::signal(signal, handler as sighandler_t) }; + if old == SIG_ERR { + return Err(Error::last_os_error()); + } + Ok(Slot { + prev: Prev { signal, info: old }, + actions: BTreeMap::new(), + }) + } + + #[cfg(not(windows))] + fn new(signal: libc::c_int) -> Result<Self, Error> { + // C data structure, expected to be zeroed out. + let mut new: libc::sigaction = unsafe { mem::zeroed() }; + #[cfg(not(target_os = "aix"))] + { new.sa_sigaction = handler as usize; } + #[cfg(target_os = "aix")] + { new.sa_union.__su_sigaction = handler; } + // Android is broken and uses different int types than the rest (and different depending on + // the pointer width). This converts the flags to the proper type no matter what it is on + // the given platform. + let flags = libc::SA_RESTART; + #[allow(unused_assignments)] + let mut siginfo = flags; + siginfo = libc::SA_SIGINFO as _; + let flags = flags | siginfo; + new.sa_flags = flags as _; + // C data structure, expected to be zeroed out. + let mut old: libc::sigaction = unsafe { mem::zeroed() }; + // FFI ‒ pointers are valid, it doesn't take ownership. + if unsafe { libc::sigaction(signal, &new, &mut old) } != 0 { + return Err(Error::last_os_error()); + } + Ok(Slot { + prev: Prev { signal, info: old }, + actions: BTreeMap::new(), + }) + } +} + +#[derive(Clone)] +struct SignalData { + signals: HashMap<c_int, Slot>, + next_id: u128, +} + +#[derive(Clone)] +struct Prev { + signal: c_int, + #[cfg(windows)] + info: sighandler_t, + #[cfg(not(windows))] + info: sigaction, +} + +impl Prev { + #[cfg(windows)] + fn detect(signal: c_int) -> Result<Self, Error> { + let old = unsafe { libc::signal(signal, SIG_GET) }; + if old == SIG_ERR { + return Err(Error::last_os_error()); + } + Ok(Prev { signal, info: old }) + } + + #[cfg(not(windows))] + fn detect(signal: c_int) -> Result<Self, Error> { + // C data structure, expected to be zeroed out. + let mut old: libc::sigaction = unsafe { mem::zeroed() }; + // FFI ‒ pointers are valid, it doesn't take ownership. + if unsafe { libc::sigaction(signal, ptr::null(), &mut old) } != 0 { + return Err(Error::last_os_error()); + } + + Ok(Prev { signal, info: old }) + } + + #[cfg(windows)] + fn execute(&self, sig: c_int) { + let fptr = self.info; + if fptr != 0 && fptr != SIG_DFL && fptr != SIG_IGN { + // FFI ‒ calling the original signal handler. + unsafe { + let action = mem::transmute::<usize, extern "C" fn(c_int)>(fptr); + action(sig); + } + } + } + + #[cfg(not(windows))] + unsafe fn execute(&self, sig: c_int, info: *mut siginfo_t, data: *mut c_void) { + #[cfg(not(target_os = "aix"))] + let fptr = self.info.sa_sigaction; + #[cfg(target_os = "aix")] + let fptr = self.info.sa_union.__su_sigaction as usize; + if fptr != 0 && fptr != libc::SIG_DFL && fptr != libc::SIG_IGN { + // Android is broken and uses different int types than the rest (and different + // depending on the pointer width). This converts the flags to the proper type no + // matter what it is on the given platform. + // + // The trick is to create the same-typed variable as the sa_flags first and then + // set it to the proper value (does Rust have a way to copy a type in a different + // way?) + #[allow(unused_assignments)] + let mut siginfo = self.info.sa_flags; + siginfo = libc::SA_SIGINFO as _; + if self.info.sa_flags & siginfo == 0 { + let action = mem::transmute::<usize, extern "C" fn(c_int)>(fptr); + action(sig); + } else { + type SigAction = extern "C" fn(c_int, *mut siginfo_t, *mut c_void); + let action = mem::transmute::<usize, SigAction>(fptr); + action(sig, info, data); + } + } + } +} + +/// Lazy-initiated data structure with our global variables. +/// +/// Used inside a structure to cut down on boilerplate code to lazy-initialize stuff. We don't dare +/// use anything fancy like lazy-static or once-cell, since we are not sure they are +/// async-signal-safe in their access. Our code uses the [Once], but only on the write end outside +/// of signal handler. The handler assumes it has already been initialized. +struct GlobalData { + /// The data structure describing what needs to be run for each signal. + data: HalfLock<SignalData>, + + /// A fallback to fight/minimize a race condition during signal initialization. + /// + /// See the comment inside [`register_unchecked_impl`]. + race_fallback: HalfLock<Option<Prev>>, +} + +static mut GLOBAL_DATA: Option<GlobalData> = None; +#[allow(deprecated)] +static GLOBAL_INIT: Once = ONCE_INIT; + +impl GlobalData { + fn get() -> &'static Self { + unsafe { GLOBAL_DATA.as_ref().unwrap() } + } + fn ensure() -> &'static Self { + GLOBAL_INIT.call_once(|| unsafe { + GLOBAL_DATA = Some(GlobalData { + data: HalfLock::new(SignalData { + signals: HashMap::new(), + next_id: 1, + }), + race_fallback: HalfLock::new(None), + }); + }); + Self::get() + } +} + +#[cfg(windows)] +extern "C" fn handler(sig: c_int) { + if sig != SIGFPE { + // Windows CRT `signal` resets handler every time, unless for SIGFPE. + // Reregister the handler to retain maximal compatibility. + // Problems: + // - It's racy. But this is inevitably racy in Windows. + // - Interacts poorly with handlers outside signal-hook-registry. + let old = unsafe { libc::signal(sig, handler as sighandler_t) }; + if old == SIG_ERR { + // MSDN doesn't describe which errors might occur, + // but we can tell from the Linux manpage that + // EINVAL (invalid signal number) is mostly the only case. + // Therefore, this branch must not occur. + // In any case we can do nothing useful in the signal handler, + // so we're going to abort silently. + unsafe { + libc::abort(); + } + } + } + + let globals = GlobalData::get(); + let fallback = globals.race_fallback.read(); + let sigdata = globals.data.read(); + + if let Some(ref slot) = sigdata.signals.get(&sig) { + slot.prev.execute(sig); + + for action in slot.actions.values() { + action(&siginfo_t); + } + } else if let Some(prev) = fallback.as_ref() { + // In case we get called but don't have the slot for this signal set up yet, we are under + // the race condition. We may have the old signal handler stored in the fallback + // temporarily. + if sig == prev.signal { + prev.execute(sig); + } + // else -> probably should not happen, but races with other threads are possible so + // better safe + } +} + +#[cfg(not(windows))] +extern "C" fn handler(sig: c_int, info: *mut siginfo_t, data: *mut c_void) { + let globals = GlobalData::get(); + let fallback = globals.race_fallback.read(); + let sigdata = globals.data.read(); + + if let Some(slot) = sigdata.signals.get(&sig) { + unsafe { slot.prev.execute(sig, info, data) }; + + let info = unsafe { info.as_ref() }; + let info = info.unwrap_or_else(|| { + // The info being null seems to be illegal according to POSIX, but has been observed on + // some probably broken platform. We can't do anything about that, that is just broken, + // but we are not allowed to panic in a signal handler, so we are left only with simply + // aborting. We try to write a message what happens, but using the libc stuff + // (`eprintln` is not guaranteed to be async-signal-safe). + unsafe { + const MSG: &[u8] = + b"Platform broken, got NULL as siginfo to signal handler. Aborting"; + libc::write(2, MSG.as_ptr() as *const _, MSG.len()); + libc::abort(); + } + }); + + for action in slot.actions.values() { + action(info); + } + } else if let Some(prev) = fallback.as_ref() { + // In case we get called but don't have the slot for this signal set up yet, we are under + // the race condition. We may have the old signal handler stored in the fallback + // temporarily. + if prev.signal == sig { + unsafe { prev.execute(sig, info, data) }; + } + // else -> probably should not happen, but races with other threads are possible so + // better safe + } +} + +/// List of forbidden signals. +/// +/// Some signals are impossible to replace according to POSIX and some are so special that this +/// library refuses to handle them (eg. SIGSEGV). The routines panic in case registering one of +/// these signals is attempted. +/// +/// See [`register`]. +pub const FORBIDDEN: &[c_int] = FORBIDDEN_IMPL; + +#[cfg(windows)] +const FORBIDDEN_IMPL: &[c_int] = &[SIGILL, SIGFPE, SIGSEGV]; +#[cfg(not(windows))] +const FORBIDDEN_IMPL: &[c_int] = &[SIGKILL, SIGSTOP, SIGILL, SIGFPE, SIGSEGV]; + +/// Registers an arbitrary action for the given signal. +/// +/// This makes sure there's a signal handler for the given signal. It then adds the action to the +/// ones called each time the signal is delivered. If multiple actions are set for the same signal, +/// all are called, in the order of registration. +/// +/// If there was a previous signal handler for the given signal, it is chained ‒ it will be called +/// as part of this library's signal handler, before any actions set through this function. +/// +/// On success, the function returns an ID that can be used to remove the action again with +/// [`unregister`]. +/// +/// # Panics +/// +/// If the signal is one of (see [`FORBIDDEN`]): +/// +/// * `SIGKILL` +/// * `SIGSTOP` +/// * `SIGILL` +/// * `SIGFPE` +/// * `SIGSEGV` +/// +/// The first two are not possible to override (and the underlying C functions simply ignore all +/// requests to do so, which smells of possible bugs, or return errors). The rest can be set, but +/// generally needs very special handling to do so correctly (direct manipulation of the +/// application's address space, `longjmp` and similar). Unless you know very well what you're +/// doing, you'll shoot yourself into the foot and this library won't help you with that. +/// +/// # Errors +/// +/// Since the library manipulates signals using the low-level C functions, all these can return +/// errors. Generally, the errors mean something like the specified signal does not exist on the +/// given platform ‒ after a program is debugged and tested on a given OS, it should never return +/// an error. +/// +/// However, if an error *is* returned, there are no guarantees if the given action was registered +/// or not. +/// +/// # Safety +/// +/// This function is unsafe, because the `action` is run inside a signal handler. The set of +/// functions allowed to be called from within is very limited (they are called async-signal-safe +/// functions by POSIX). These specifically do *not* contain mutexes and memory +/// allocation/deallocation. They *do* contain routines to terminate the program, to further +/// manipulate signals (by the low-level functions, not by this library) and to read and write file +/// descriptors. Calling program's own functions consisting only of these is OK, as is manipulating +/// program's variables ‒ however, as the action can be called on any thread that does not have the +/// given signal masked (by default no signal is masked on any thread), and mutexes are a no-go, +/// this is harder than it looks like at first. +/// +/// As panicking from within a signal handler would be a panic across FFI boundary (which is +/// undefined behavior), the passed handler must not panic. +/// +/// If you find these limitations hard to satisfy, choose from the helper functions in the +/// [signal-hook](https://docs.rs/signal-hook) crate ‒ these provide safe interface to use some +/// common signal handling patters. +/// +/// # Race condition +/// +/// Upon registering the first hook for a given signal into this library, there's a short race +/// condition under the following circumstances: +/// +/// * The program already has a signal handler installed for this particular signal (through some +/// other library, possibly). +/// * Concurrently, some other thread installs a different signal handler while it is being +/// installed by this library. +/// * At the same time, the signal is delivered. +/// +/// Under such conditions signal-hook might wrongly "chain" to the older signal handler for a short +/// while (until the registration is fully complete). +/// +/// Note that the exact conditions of the race condition might change in future versions of the +/// library. The recommended way to avoid it is to register signals before starting any additional +/// threads, or at least not to register signals concurrently. +/// +/// Alternatively, make sure all signals are handled through this library. +/// +/// # Performance +/// +/// Even when it is possible to repeatedly install and remove actions during the lifetime of a +/// program, the installation and removal is considered a slow operation and should not be done +/// very often. Also, there's limited (though huge) amount of distinct IDs (they are `u128`). +/// +/// # Examples +/// +/// ```rust +/// extern crate signal_hook_registry; +/// +/// use std::io::Error; +/// use std::process; +/// +/// fn main() -> Result<(), Error> { +/// let signal = unsafe { +/// signal_hook_registry::register(signal_hook::consts::SIGTERM, || process::abort()) +/// }?; +/// // Stuff here... +/// signal_hook_registry::unregister(signal); // Not really necessary. +/// Ok(()) +/// } +/// ``` +pub unsafe fn register<F>(signal: c_int, action: F) -> Result<SigId, Error> +where + F: Fn() + Sync + Send + 'static, +{ + register_sigaction_impl(signal, move |_: &_| action()) +} + +/// Register a signal action. +/// +/// This acts in the same way as [`register`], including the drawbacks, panics and performance +/// characteristics. The only difference is the provided action accepts a [`siginfo_t`] argument, +/// providing information about the received signal. +/// +/// # Safety +/// +/// See the details of [`register`]. +#[cfg(not(windows))] +pub unsafe fn register_sigaction<F>(signal: c_int, action: F) -> Result<SigId, Error> +where + F: Fn(&siginfo_t) + Sync + Send + 'static, +{ + register_sigaction_impl(signal, action) +} + +unsafe fn register_sigaction_impl<F>(signal: c_int, action: F) -> Result<SigId, Error> +where + F: Fn(&siginfo_t) + Sync + Send + 'static, +{ + assert!( + !FORBIDDEN.contains(&signal), + "Attempted to register forbidden signal {}", + signal, + ); + register_unchecked_impl(signal, action) +} + +/// Register a signal action without checking for forbidden signals. +/// +/// This acts in the same way as [`register_unchecked`], including the drawbacks, panics and +/// performance characteristics. The only difference is the provided action doesn't accept a +/// [`siginfo_t`] argument. +/// +/// # Safety +/// +/// See the details of [`register`]. +pub unsafe fn register_signal_unchecked<F>(signal: c_int, action: F) -> Result<SigId, Error> +where + F: Fn() + Sync + Send + 'static, +{ + register_unchecked_impl(signal, move |_: &_| action()) +} + +/// Register a signal action without checking for forbidden signals. +/// +/// This acts the same way as [`register_sigaction`], but without checking for the [`FORBIDDEN`] +/// signals. All the signals passed are registered and it is up to the caller to make some sense of +/// them. +/// +/// Note that you really need to know what you're doing if you change eg. the `SIGSEGV` signal +/// handler. Generally, you don't want to do that. But unlike the other functions here, this +/// function still allows you to do it. +/// +/// # Safety +/// +/// See the details of [`register`]. +#[cfg(not(windows))] +pub unsafe fn register_unchecked<F>(signal: c_int, action: F) -> Result<SigId, Error> +where + F: Fn(&siginfo_t) + Sync + Send + 'static, +{ + register_unchecked_impl(signal, action) +} + +unsafe fn register_unchecked_impl<F>(signal: c_int, action: F) -> Result<SigId, Error> +where + F: Fn(&siginfo_t) + Sync + Send + 'static, +{ + let globals = GlobalData::ensure(); + let action = Arc::from(action); + + let mut lock = globals.data.write(); + + let mut sigdata = SignalData::clone(&lock); + let id = ActionId(sigdata.next_id); + sigdata.next_id += 1; + + match sigdata.signals.entry(signal) { + Entry::Occupied(mut occupied) => { + assert!(occupied.get_mut().actions.insert(id, action).is_none()); + } + Entry::Vacant(place) => { + // While the sigaction/signal exchanges the old one atomically, we are not able to + // atomically store it somewhere a signal handler could read it. That poses a race + // condition where we could lose some signals delivered in between changing it and + // storing it. + // + // Therefore we first store the old one in the fallback storage. The fallback only + // covers the cases where the slot is not yet active and becomes "inert" after that, + // even if not removed (it may get overwritten by some other signal, but for that the + // mutex in globals.data must be unlocked here - and by that time we already stored the + // slot. + // + // And yes, this still leaves a short race condition when some other thread could + // replace the signal handler and we would be calling the outdated one for a short + // time, until we install the slot. + globals + .race_fallback + .write() + .store(Some(Prev::detect(signal)?)); + + let mut slot = Slot::new(signal)?; + slot.actions.insert(id, action); + place.insert(slot); + } + } + + lock.store(sigdata); + + Ok(SigId { signal, action: id }) +} + +/// Removes a previously installed action. +/// +/// This function does nothing if the action was already removed. It returns true if it was removed +/// and false if the action wasn't found. +/// +/// It can unregister all the actions installed by [`register`] as well as the ones from downstream +/// crates (like [`signal-hook`](https://docs.rs/signal-hook)). +/// +/// # Warning +/// +/// This does *not* currently return the default/previous signal handler if the last action for a +/// signal was just unregistered. That means that if you replaced for example `SIGTERM` and then +/// removed the action, the program will effectively ignore `SIGTERM` signals from now on, not +/// terminate on them as is the default action. This is OK if you remove it as part of a shutdown, +/// but it is not recommended to remove termination actions during the normal runtime of +/// application (unless the desired effect is to create something that can be terminated only by +/// SIGKILL). +pub fn unregister(id: SigId) -> bool { + let globals = GlobalData::ensure(); + let mut replace = false; + let mut lock = globals.data.write(); + let mut sigdata = SignalData::clone(&lock); + if let Some(slot) = sigdata.signals.get_mut(&id.signal) { + replace = slot.actions.remove(&id.action).is_some(); + } + if replace { + lock.store(sigdata); + } + replace +} + +// We keep this one here for strict backwards compatibility, but the API is kind of bad. One can +// delete actions that don't belong to them, which is kind of against the whole idea of not +// breaking stuff for others. +#[deprecated( + since = "1.3.0", + note = "Don't use. Can influence unrelated parts of program / unknown actions" +)] +#[doc(hidden)] +pub fn unregister_signal(signal: c_int) -> bool { + let globals = GlobalData::ensure(); + let mut replace = false; + let mut lock = globals.data.write(); + let mut sigdata = SignalData::clone(&lock); + if let Some(slot) = sigdata.signals.get_mut(&signal) { + if !slot.actions.is_empty() { + slot.actions.clear(); + replace = true; + } + } + if replace { + lock.store(sigdata); + } + replace +} + +#[cfg(test)] +mod tests { + use std::sync::atomic::{AtomicUsize, Ordering}; + use std::sync::Arc; + use std::thread; + use std::time::Duration; + + #[cfg(not(windows))] + use libc::{pid_t, SIGUSR1, SIGUSR2}; + + #[cfg(windows)] + use libc::SIGTERM as SIGUSR1; + #[cfg(windows)] + use libc::SIGTERM as SIGUSR2; + + use super::*; + + #[test] + #[should_panic] + fn panic_forbidden() { + let _ = unsafe { register(SIGILL, || ()) }; + } + + /// Registering the forbidden signals is allowed in the _unchecked version. + #[test] + #[allow(clippy::redundant_closure)] // Clippy, you're wrong. Because it changes the return value. + fn forbidden_raw() { + unsafe { register_signal_unchecked(SIGFPE, || std::process::abort()).unwrap() }; + } + + #[test] + fn signal_without_pid() { + let status = Arc::new(AtomicUsize::new(0)); + let action = { + let status = Arc::clone(&status); + move || { + status.store(1, Ordering::Relaxed); + } + }; + unsafe { + register(SIGUSR2, action).unwrap(); + libc::raise(SIGUSR2); + } + for _ in 0..10 { + thread::sleep(Duration::from_millis(100)); + let current = status.load(Ordering::Relaxed); + match current { + // Not yet + 0 => continue, + // Good, we are done with the correct result + _ if current == 1 => return, + _ => panic!("Wrong result value {}", current), + } + } + panic!("Timed out waiting for the signal"); + } + + #[test] + #[cfg(not(windows))] + fn signal_with_pid() { + let status = Arc::new(AtomicUsize::new(0)); + let action = { + let status = Arc::clone(&status); + move |siginfo: &siginfo_t| { + // Hack: currently, libc exposes only the first 3 fields of siginfo_t. The pid + // comes somewhat later on. Therefore, we do a Really Ugly Hack and define our + // own structure (and hope it is correct on all platforms). But hey, this is + // only the tests, so we are going to get away with this. + #[repr(C)] + struct SigInfo { + _fields: [c_int; 3], + #[cfg(all(target_pointer_width = "64", target_os = "linux"))] + _pad: c_int, + pid: pid_t, + } + let s: &SigInfo = unsafe { + (siginfo as *const _ as usize as *const SigInfo) + .as_ref() + .unwrap() + }; + status.store(s.pid as usize, Ordering::Relaxed); + } + }; + let pid; + unsafe { + pid = libc::getpid(); + register_sigaction(SIGUSR2, action).unwrap(); + libc::raise(SIGUSR2); + } + for _ in 0..10 { + thread::sleep(Duration::from_millis(100)); + let current = status.load(Ordering::Relaxed); + match current { + // Not yet (PID == 0 doesn't happen) + 0 => continue, + // Good, we are done with the correct result + _ if current == pid as usize => return, + _ => panic!("Wrong status value {}", current), + } + } + panic!("Timed out waiting for the signal"); + } + + /// Check that registration works as expected and that unregister tells if it did or not. + #[test] + fn register_unregister() { + let signal = unsafe { register(SIGUSR1, || ()).unwrap() }; + // It was there now, so we can unregister + assert!(unregister(signal)); + // The next time unregistering does nothing and tells us so. + assert!(!unregister(signal)); + } +} diff --git a/third_party/rust/signal-hook-registry/tests/unregister_signal.rs b/third_party/rust/signal-hook-registry/tests/unregister_signal.rs new file mode 100644 index 0000000000..6e13c08584 --- /dev/null +++ b/third_party/rust/signal-hook-registry/tests/unregister_signal.rs @@ -0,0 +1,59 @@ +//! Tests for the [unregister_signal] function. +//! +//! As a separate integration level test, so it doesn't clash with other tests on the signals. + +// The unregister_signal itself is deprecated. But we still want to test it, so it's not deprecated +// and broken at the same time. +#![allow(deprecated)] + +extern crate libc; +extern crate signal_hook_registry; + +use std::sync::atomic::{AtomicUsize, Ordering}; +use std::sync::Arc; + +use libc::{SIGINT, SIGTERM}; // We'll use these here because SIGUSR1 is not available on Windows. +use signal_hook_registry::{register, unregister_signal}; + +#[test] +fn register_unregister() { + let called = Arc::new(AtomicUsize::new(0)); + + let hook = { + let called = Arc::clone(&called); + move || { + called.fetch_add(1, Ordering::Relaxed); + } + }; + + unsafe { + register(SIGTERM, hook.clone()).unwrap(); + register(SIGTERM, hook.clone()).unwrap(); + register(SIGINT, hook.clone()).unwrap(); + + libc::raise(SIGTERM); + } + + // The closure is run twice. + assert_eq!(2, called.load(Ordering::Relaxed)); + + assert!(unregister_signal(SIGTERM)); + + unsafe { libc::raise(SIGTERM) }; + // Second one unregisters nothing. + assert!(!unregister_signal(SIGTERM)); + + // After unregistering (both), it is no longer run at all. + assert_eq!(2, called.load(Ordering::Relaxed)); + + // The SIGINT one is not disturbed. + unsafe { libc::raise(SIGINT) }; + assert_eq!(3, called.load(Ordering::Relaxed)); + + // But it's possible to register it again just fine. + unsafe { + register(SIGTERM, hook).unwrap(); + libc::raise(SIGTERM); + } + assert_eq!(4, called.load(Ordering::Relaxed)); +} |