Author scott.dial
Recipients amaury.forgeotdarc, davidfraser, dmalcolm, haypo, joshbressers, pitrou, scott.dial
Date 2010-12-20.06:55:01
SpamBayes Score 4.27517e-10
Marked as misclassified No
Message-id <1292828107.97.0.400321178124.issue8863@psf.upfronthosting.co.za>
In-reply-to
Content
FYI, in v10,

+#define NFAULT_SIGNALS (sizeof(fault_signals) / sizeof(fault_signals[0]))
+static fault_handler_t fault_handlers[4];

, should use "NFAULT_SIGNALS" instead of "4".

However, this bit of code bothers me a lot:

+    const int fd = 2; /* should be fileno(stderr) */

To assume that fd=2 is the write place to be writing bytes is assuming quite a bit about the state of the application. It is not unusual at all to close 0,1,2 when writing daemons, which frees them up to be assigned to *anything*. For all you know, fd=2 currently is a network socket that you will be throwing gibberish at, or worse it could be a block device that you are writing gibberish on.

The closest discussion I could find on this subject was on the libstdc++ mailing-list with regard to their verbose termination code:

http://gcc.gnu.org/ml/gcc-patches/2004-02/msg02388.html

AFAICT, their conclusion was that the only reasonable solution was to write to the stderr FILE since it was the only thing that is guaranteed to make sense always (even though it may fail). Their situation is different in that they are handling a C++ exception, so they don't have to stick to async-safe functions, but absent that extra difficulty, I believe the reasoning is the same.

The analogous situation exists in Python, in that sys.stderr(*) represents where the application programmer expects "stderr" writing to go. I think you need to arrange to know what the fd number for that object is or this patch is unacceptable in the vein of "wrote garbage to my harddrive and destroyed my data" sort.

I'm not sure there is a safe way to know what the fileno for "sys.stderr" is because it can be anything, including an object whose fileno changes over time. However, I think it would be fair to support only built-in io types that are obviously safe, since you could cache the fileno() value at assignment to use in your fault handler.

(*) Or perhaps __stderr__ if stderr is None or an unsupported type?
History
Date User Action Args
2010-12-20 06:55:08scott.dialsetrecipients: + scott.dial, amaury.forgeotdarc, davidfraser, pitrou, haypo, dmalcolm, joshbressers
2010-12-20 06:55:07scott.dialsetmessageid: <1292828107.97.0.400321178124.issue8863@psf.upfronthosting.co.za>
2010-12-20 06:55:02scott.diallinkissue8863 messages
2010-12-20 06:55:01scott.dialcreate