Re: doc: Document the stack-trace and abort-debug modules

Thu, 18 Jul 2024 13:41:46 -0700 

Paul Eggert wrote:
> > The stack-trace and abort-debug modules are now in a state where they
> > can be documented. Done as follows:
> 
> Thanks. Are these modules safe to use in signal handlers?

No, they aren't.

Find attached the log of 'ltrace gltestst/test-stack-trace'. While
libbacktrace carefully avoids malloc(), it calls fprintf or __fprintf_chk,
which is not async-signal-safe.

Also, in a signal handler, the stack trace is truncated: it starts at
the point where the kernel invoked the signal handler.

> I suspect that 
> Emacs would need that, in order to use them. Either way, it should be 
> documented.

Most code in Gnulib is not async-signal-safe. We can't document all that.

Multithread-safety restrictions is something we should document, though.
Multithreading has been the preferred approach over async signal handlers,
that are notoriously terrible to get right, for the last 20 years.

> Similarly, in POSIX an 'abort ()' call is async-signal-safe; is that 
> still true if the abort-debug module is used? This should be documented.

Good point. Done as follows:


2024-07-18  Bruno Haible  <br...@clisp.org>

        abort-debug: Document better.
        Suggested by Paul Eggert in
        <https://lists.gnu.org/archive/html/bug-gnulib/2024-07/msg00154.html>.
        * lib/stdlib.in.h (abort): Add comment.
        * doc/stack-trace.texi: Document what to do in signal handlers.

diff --git a/doc/stack-trace.texi b/doc/stack-trace.texi
index e7fc453d88..1b266c0cbd 100644
--- a/doc/stack-trace.texi
+++ b/doc/stack-trace.texi
@@ -65,3 +65,9 @@
 Thus, @code{abort ()} remains the idiom of choice
 for signaling a fatal situation that requires developer attention:
 it is useful both in debugging environments and production code.
+
+Note:
+While the original @code{abort} function is safe to call in signal handlers,
+the overridden @code{abort} function is not.
+In signal handlers, you will need to call the original @code{abort} function,
+by doing @code{#undef abort} first.
diff --git a/lib/stdlib.in.h b/lib/stdlib.in.h
index 7c6daa58b8..d86b3ad53c 100644
--- a/lib/stdlib.in.h
+++ b/lib/stdlib.in.h
@@ -241,6 +241,9 @@ _GL_WARN_ON_USE (_Exit, "_Exit is unportable - "
 
 
 #if @GNULIB_ABORT_DEBUG@
+/* Terminates the current process with signal SIGABRT.
+   Note: While the original abort() function is safe to call in signal 
handlers,
+   the overridden abort() function is not.  */
 # if @REPLACE_ABORT@
 #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
 #   undef abort

Attachment: ltrace.log.gz
Description: application/gzip

Reply via email to