about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--manual/signal.texi137
2 files changed, 141 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 5a72530ac4..70dd3cfae1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2014-02-01  Alexandre Oliva <aoliva@redhat.com>
+
+	* manual/signal.texi: Document MTASC-safety properties.
+
 2014-01-31  Alexandre Oliva <aoliva@redhat.com>
 
 	* manual/setjmp.texi: Document MTASC-safety properties.
diff --git a/manual/signal.texi b/manual/signal.texi
index adcda37520..1a3239141f 100644
--- a/manual/signal.texi
+++ b/manual/signal.texi
@@ -889,6 +889,29 @@ may come from a signal handler in the same process.
 @comment string.h
 @comment GNU
 @deftypefun {char *} strsignal (int @var{signum})
+@safety{@prelim{}@mtunsafe{@mtasurace{:strsignal} @mtslocale{}}@asunsafe{@asuinit{} @ascuintl{} @asucorrupt{} @ascuheap{}}@acunsafe{@acuinit{} @acucorrupt{} @acsmem{}}}
+@c strsignal @mtasurace:strsignal @mtslocale @asuinit @ascuintl @asucorrupt @ascuheap @acucorrupt @acsmem
+@c   uses a static buffer if tsd key creation fails
+@c  [once] init
+@c   libc_key_create ok
+@c    pthread_key_create ok
+@c     KEY_UNUSED ok
+@c     KEY_USABLE ok
+@c  getbuffer @asucorrupt @ascuheap @acsmem
+@c   libc_getspecific ok
+@c    pthread_getspecific ok
+@c   malloc dup @ascuheap @acsmem
+@c   libc_setspecific @asucorrupt @ascuheap @acucorrupt @acsmem
+@c    pthread_setspecific @asucorrupt @ascuheap @acucorrupt @acsmem
+@c      a level2 block may be allocated by a signal handler after
+@c      another call already made a decision to allocate it, thus losing
+@c      the allocated value.  the seq number is updated before the
+@c      value, which might cause an earlier-generation value to seem
+@c      current if setspecific is cancelled or interrupted by a signal
+@c     KEY_UNUSED ok
+@c     calloc dup @ascuheap @acsmem
+@c  snprintf dup @mtslocale @ascuheap @acsmem
+@c  _ @ascuintl
 This function returns a pointer to a statically-allocated string
 containing a message describing the signal @var{signum}.  You
 should not modify the contents of this string; and, since it can be
@@ -903,6 +926,12 @@ This function is a GNU extension, declared in the header file
 @comment signal.h
 @comment BSD
 @deftypefun void psignal (int @var{signum}, const char *@var{message})
+@safety{@prelim{}@mtsafe{@mtslocale{}}@asunsafe{@asucorrupt{} @ascuintl{} @ascuheap{}}@acunsafe{@aculock{} @acucorrupt{} @acsmem{}}}
+@c psignal @mtslocale @asucorrupt @ascuintl @ascuheap @aculock @acucorrupt @acsmem
+@c  _ @ascuintl
+@c  fxprintf @asucorrupt @aculock @acucorrupt
+@c  asprintf @mtslocale @ascuheap @acsmem
+@c  free dup @ascuheap @acsmem
 This function prints a message describing the signal @var{signum} to the
 standard error output stream @code{stderr}; see @ref{Standard Streams}.
 
@@ -972,6 +1001,12 @@ The name @code{sighandler_t} for this data type is a GNU extension.
 @comment signal.h
 @comment ISO
 @deftypefun sighandler_t signal (int @var{signum}, sighandler_t @var{action})
+@safety{@prelim{}@mtsafe{@mtssigintr{}}@assafe{}@acsafe{}}
+@c signal ok
+@c  sigemptyset dup ok
+@c  sigaddset dup ok
+@c  sigismember dup ok
+@c  sigaction dup ok
 The @code{signal} function establishes @var{action} as the action for
 the signal @var{signum}.
 
@@ -1094,6 +1129,10 @@ example because these are designed to provide information for debugging
 @comment signal.h
 @comment GNU
 @deftypefun sighandler_t sysv_signal (int @var{signum}, sighandler_t @var{action})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+@c sysv_signal ok
+@c  sigemptyset dup ok
+@c  sigaction dup ok
 The @code{sysv_signal} implements the behavior of the standard
 @code{signal} function as found on SVID systems.  The difference to BSD
 systems is that the handler is deinstalled after a delivery of a signal.
@@ -1106,6 +1145,8 @@ preferred method.
 @comment signal.h
 @comment SVID
 @deftypefun sighandler_t ssignal (int @var{signum}, sighandler_t @var{action})
+@safety{@prelim{}@mtsafe{@mtssigintr{}}@assafe{}@acsafe{}}
+@c Aliases signal and bsd_signal.
 The @code{ssignal} function does the same thing as @code{signal}; it is
 provided only for compatibility with SVID.
 @end deftypefun
@@ -1172,6 +1213,7 @@ the signal.  These are described in more detail in @ref{Flags for Sigaction}.
 @comment signal.h
 @comment POSIX.1
 @deftypefun int sigaction (int @var{signum}, const struct sigaction *restrict @var{action}, struct sigaction *restrict @var{old-action})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
 The @var{action} argument is used to set up a new action for the signal
 @var{signum}, while the @var{old-action} argument is used to return
 information about the action previously associated with this symbol.
@@ -2168,6 +2210,14 @@ function is declared in @file{signal.h}.
 @comment signal.h
 @comment ISO
 @deftypefun int raise (int @var{signum})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+@c raise ok
+@c [posix]
+@c  getpid dup ok
+@c  kill dup ok
+@c [linux]
+@c  syscall(gettid) ok
+@c  syscall(tgkill) ok
 The @code{raise} function sends the signal @var{signum} to the calling
 process.  It returns zero if successful and a nonzero value if it fails.
 About the only reason for failure would be if the value of @var{signum}
@@ -2177,6 +2227,8 @@ is invalid.
 @comment signal.h
 @comment SVID
 @deftypefun int gsignal (int @var{signum})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+@c Aliases raise.
 The @code{gsignal} function does the same thing as @code{raise}; it is
 provided only for compatibility with SVID.
 @end deftypefun
@@ -2269,6 +2321,11 @@ The @code{kill} function is declared in @file{signal.h}.
 @comment signal.h
 @comment POSIX.1
 @deftypefun int kill (pid_t @var{pid}, int @var{signum})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+@c The hurd implementation is not a critical section, so it's not
+@c immediately obvious that, in case of cancellation, it won't leak
+@c ports or the memory allocated by proc_getpgrppids when pid <= 0.
+@c Since none of these make it AC-Unsafe, I'm leaving them out.
 The @code{kill} function sends the signal @var{signum} to the process
 or process group specified by @var{pid}.  Besides the signals listed in
 @ref{Standard Signals}, @var{signum} can also have a value of zero to
@@ -2325,6 +2382,8 @@ The @var{pid} argument does not refer to an existing process or group.
 @comment signal.h
 @comment BSD
 @deftypefun int killpg (int @var{pgid}, int @var{signum})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+@c Calls kill with -pgid.
 This is similar to @code{kill}, but sends signal @var{signum} to the
 process group @var{pgid}.  This function is provided for compatibility
 with BSD; using @code{kill} to do this is more portable.
@@ -2497,6 +2556,8 @@ about.)
 @comment signal.h
 @comment POSIX.1
 @deftypefun int sigemptyset (sigset_t *@var{set})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+@c Just memsets all of set to zero.
 This function initializes the signal set @var{set} to exclude all of the
 defined signals.  It always returns @code{0}.
 @end deftypefun
@@ -2504,6 +2565,7 @@ defined signals.  It always returns @code{0}.
 @comment signal.h
 @comment POSIX.1
 @deftypefun int sigfillset (sigset_t *@var{set})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
 This function initializes the signal set @var{set} to include
 all of the defined signals.  Again, the return value is @code{0}.
 @end deftypefun
@@ -2511,6 +2573,7 @@ all of the defined signals.  Again, the return value is @code{0}.
 @comment signal.h
 @comment POSIX.1
 @deftypefun int sigaddset (sigset_t *@var{set}, int @var{signum})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
 This function adds the signal @var{signum} to the signal set @var{set}.
 All @code{sigaddset} does is modify @var{set}; it does not block or
 unblock any signals.
@@ -2527,6 +2590,7 @@ The @var{signum} argument doesn't specify a valid signal.
 @comment signal.h
 @comment POSIX.1
 @deftypefun int sigdelset (sigset_t *@var{set}, int @var{signum})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
 This function removes the signal @var{signum} from the signal set
 @var{set}.  All @code{sigdelset} does is modify @var{set}; it does not
 block or unblock any signals.  The return value and error conditions are
@@ -2538,6 +2602,7 @@ Finally, there is a function to test what signals are in a signal set:
 @comment signal.h
 @comment POSIX.1
 @deftypefun int sigismember (const sigset_t *@var{set}, int @var{signum})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
 The @code{sigismember} function tests whether the signal @var{signum} is
 a member of the signal set @var{set}.  It returns @code{1} if the signal
 is in the set, @code{0} if not, and @code{-1} if there is an error.
@@ -2576,6 +2641,10 @@ Instead, use @code{pthread_sigmask}.
 @comment signal.h
 @comment POSIX.1
 @deftypefun int sigprocmask (int @var{how}, const sigset_t *restrict @var{set}, sigset_t *restrict @var{oldset})
+@safety{@prelim{}@mtunsafe{@mtasurace{:sigprocmask/bsd(SIG_UNBLOCK)}}@asunsafe{@asulock{/hurd}}@acunsafe{@aculock{/hurd}}}
+@c This takes the hurd_self_sigstate-returned object's lock on HURD.  On
+@c BSD, SIG_UNBLOCK is emulated with two sigblock calls, which
+@c introduces a race window.
 The @code{sigprocmask} function is used to examine or change the calling
 process's signal mask.  The @var{how} argument determines how the signal
 mask is changed, and must be one of the following values:
@@ -2759,6 +2828,10 @@ You can find out which signals are pending at any time by calling
 @comment signal.h
 @comment POSIX.1
 @deftypefun int sigpending (sigset_t *@var{set})
+@safety{@prelim{}@mtsafe{}@asunsafe{@asulock{/hurd}}@acunsafe{@aculock{/hurd}}}
+@c Direct rt_sigpending syscall on most systems.  On hurd, calls
+@c hurd_self_sigstate, it copies the sigstate's pending while holding
+@c its lock.
 The @code{sigpending} function stores information about pending signals
 in @var{set}.  If there is a pending signal that is blocked from
 delivery, then that signal is a member of the returned set.  (You can
@@ -2922,6 +2995,17 @@ you use it.
 @comment unistd.h
 @comment POSIX.1
 @deftypefun int pause (void)
+@safety{@prelim{}@mtunsafe{@mtasurace{:sigprocmask/!bsd!linux}}@asunsafe{@asulock{/hurd}}@acunsafe{@aculock{/hurd}}}
+@c  The signal mask read by sigprocmask may be overridden by another
+@c  thread or by a signal handler before we call sigsuspend.  Is this a
+@c  safety issue?  Probably not.
+@c pause @mtasurace:sigprocmask/!bsd!linux @asulock/hurd @aculock/hurd
+@c [ports/linux/generic]
+@c  syscall_pause ok
+@c [posix]
+@c  sigemptyset dup ok
+@c  sigprocmask(SIG_BLOCK) dup @asulock/hurd @aculock/hurd [no @mtasurace:sigprocmask/bsd(SIG_UNBLOCK)]
+@c  sigsuspend dup @mtasurace:sigprocmask/!bsd!linux @asulock/hurd @aculock/hurd
 The @code{pause} function suspends program execution until a signal
 arrives whose action is either to execute a handler function, or to
 terminate the process.
@@ -3017,6 +3101,18 @@ signals be handled by their handlers.
 @comment signal.h
 @comment POSIX.1
 @deftypefun int sigsuspend (const sigset_t *@var{set})
+@safety{@prelim{}@mtunsafe{@mtasurace{:sigprocmask/!bsd!linux}}@asunsafe{@asulock{/hurd}}@acunsafe{@aculock{/hurd}}}
+@c sigsuspend @mtasurace:sigprocmask/!bsd!linux @asulock/hurd @aculock/hurd
+@c [posix] @mtasurace:sigprocmask/!bsd!linux
+@c   saving and restoring the procmask is racy
+@c  sigprocmask(SIG_SETMASK) dup @asulock/hurd @aculock/hurd [no @mtasurace:sigprocmask/bsd(SIG_UNBLOCK)]
+@c  pause @asulock/hurd @aculock/hurd
+@c [bsd]
+@c  sigismember dup ok
+@c  sigmask dup ok
+@c  sigpause dup ok [no @mtasurace:sigprocmask/!bsd!linux @asulock/hurd @aculock/hurd]
+@c [linux]
+@c  do_sigsuspend ok
 This function replaces the process's signal mask with @var{set} and then
 suspends the process until a signal is delivered whose action is either
 to terminate the process or invoke a signal handling function.  In other
@@ -3150,6 +3246,9 @@ delivered on the normal user stack.
 @comment signal.h
 @comment XPG
 @deftypefun int sigaltstack (const stack_t *restrict @var{stack}, stack_t *restrict @var{oldstack})
+@safety{@prelim{}@mtsafe{}@asunsafe{@asulock{/hurd}}@acunsafe{@aculock{/hurd}}}
+@c Syscall on Linux and BSD; the HURD implementation takes a lock on
+@c the hurd_self_sigstate-returned struct.
 The @code{sigaltstack} function specifies an alternate stack for use
 during signal handling.  When a signal is received by the process and
 its action indicates that the signal stack is used, the system arranges
@@ -3196,6 +3295,8 @@ This field is true if the process is currently using this stack.
 @comment signal.h
 @comment BSD
 @deftypefun int sigstack (struct sigstack *@var{stack}, struct sigstack *@var{oldstack})
+@safety{@prelim{}@mtsafe{}@asunsafe{@asulock{/hurd}}@acunsafe{@aculock{/hurd}}}
+@c Lossy and dangerous (no size limit) wrapper for sigaltstack.
 The @code{sigstack} function specifies an alternate stack for use during
 signal handling.  When a signal is received by the process and its
 action indicates that the signal stack is used, the system arranges a
@@ -3301,6 +3402,13 @@ structure, it means to reset the action for the signal back to
 @comment signal.h
 @comment BSD
 @deftypefun int sigvec (int @var{signum}, const struct sigvec *@var{action}, struct sigvec *@var{old-action})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+@c This is mostly a safe wrapper for sigaction.  The exception are
+@c systems that lack SA_RESETHAND, in which a signal handler wrapper is
+@c used that calls sigaction to reset the handler before calling the
+@c user-supplied handler; it's unlikely that this emulation is used
+@c anywhere, for user-supplied flags and mask don't seem to be used
+@c the way one would expect.
 This function is the equivalent of @code{sigaction} (@pxref{Advanced Signal
 Handling}); it installs the action @var{action} for the signal @var{signum},
 returning information about the previous action in effect for that signal
@@ -3310,6 +3418,14 @@ in @var{old-action}.
 @comment signal.h
 @comment BSD
 @deftypefun int siginterrupt (int @var{signum}, int @var{failflag})
+@safety{@prelim{}@mtunsafe{@mtasuconst{:@mtssigintr{}}}@asunsafe{}@acunsafe{@acucorrupt{}}}
+@c This calls sigaction twice, once to get the current sigaction for the
+@c specified signal, another to apply the flags change.  This could
+@c override the effects of a concurrent sigaction call.  It also
+@c modifies without any guards the global _sigintr variable, that
+@c bsd_signal reads from, and it may leave _sigintr modified without
+@c overriding the active handler if cancelled between the two
+@c operations.
 This function specifies which approach to use when certain primitives
 are interrupted by handling signal @var{signum}.  If @var{failflag} is
 false, signal @var{signum} restarts primitives.  If @var{failflag} is
@@ -3323,6 +3439,8 @@ code @code{EINTR}.  @xref{Interrupted Primitives}.
 @comment signal.h
 @comment BSD
 @deftypefn Macro int sigmask (int @var{signum})
+@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
+@c This just shifts signum.
 This macro returns a signal mask that has the bit for signal @var{signum}
 set.  You can bitwise-OR the results of several calls to @code{sigmask}
 together to specify more than one signal.  For example,
@@ -3339,6 +3457,11 @@ specifies a mask that includes all the job-control stop signals.
 @comment signal.h
 @comment BSD
 @deftypefun int sigblock (int @var{mask})
+@safety{@prelim{}@mtsafe{}@asunsafe{@asulock{/hurd}}@acunsafe{@aculock{/hurd}}}
+@c On most POSIX systems, this is a wrapper for sigprocmask(SIG_BLOCK).
+@c The exception are BSD systems other than 4.4, where it is a syscall.
+@c sigblock @asulock/hurd @aculock/hurd
+@c  sigprocmask(SIG_BLOCK) dup @asulock/hurd @aculock/hurd [no @mtasurace:sigprocmask/bsd(SIG_UNBLOCK)]
 This function is equivalent to @code{sigprocmask} (@pxref{Process Signal
 Mask}) with a @var{how} argument of @code{SIG_BLOCK}: it adds the
 signals specified by @var{mask} to the calling process's set of blocked
@@ -3348,6 +3471,11 @@ signals.  The return value is the previous set of blocked signals.
 @comment signal.h
 @comment BSD
 @deftypefun int sigsetmask (int @var{mask})
+@safety{@prelim{}@mtsafe{}@asunsafe{@asulock{/hurd}}@acunsafe{@aculock{/hurd}}}
+@c On most POSIX systems, this is a wrapper for sigprocmask(SIG_SETMASK).
+@c The exception are BSD systems other than 4.4, where it is a syscall.
+@c sigsetmask @asulock/hurd @aculock/hurd
+@c  sigprocmask(SIG_SETMASK) dup @asulock/hurd @aculock/hurd [no @mtasurace:sigprocmask/bsd(SIG_UNBLOCK)]
 This function equivalent to @code{sigprocmask} (@pxref{Process
 Signal Mask}) with a @var{how} argument of @code{SIG_SETMASK}: it sets
 the calling process's signal mask to @var{mask}.  The return value is
@@ -3357,6 +3485,15 @@ the previous set of blocked signals.
 @comment signal.h
 @comment BSD
 @deftypefun int sigpause (int @var{mask})
+@safety{@prelim{}@mtunsafe{@mtasurace{:sigprocmask/!bsd!linux}}@asunsafe{@asulock{/hurd}}@acunsafe{@aculock{/hurd}}}
+@c sigpause @mtasurace:sigprocmask/!bsd!linux @asulock/hurd @aculock/hurd
+@c [posix]
+@c  __sigpause @mtasurace:sigprocmask/!bsd!linux @asulock/hurd @aculock/hurd
+@c   do_sigpause @mtasurace:sigprocmask/!bsd!linux @asulock/hurd @aculock/hurd
+@c    sigprocmask(0) dup @asulock/hurd @aculock/hurd [no @mtasurace:sigprocmask/bsd(SIG_UNBLOCK)]
+@c    sigdelset dup ok
+@c    sigset_set_old_mask dup ok
+@c    sigsuspend dup @mtasurace:sigprocmask/!bsd!linux @asulock/hurd @aculock/hurd
 This function is the equivalent of @code{sigsuspend} (@pxref{Waiting
 for a Signal}):  it sets the calling process's signal mask to @var{mask},
 and waits for a signal to arrive.  On return the previous set of blocked