On 08/07/2014 12:53 PM, Ken Brown wrote:
> On 8/7/2014 11:30 AM, Eric Blake wrote:
>> On 08/07/2014 05:51 AM, Ken Brown wrote:
>>>
>>> I think I found the problem with NORMAL mutexes.  emacs calls
>>> pthread_atfork after initializing the mutexes, and the resulting
>>> 'prepare' handler locks the mutexes.  (The parent and child handlers
>>> unlock them.)  So when emacs calls fork, the mutexes are locked, and
>>> shortly thereafter the Cygwin DLL calls calloc, leading to a deadlock.
>>> Here's a gdb backtrace showing the sequence of calls:
>>
>> Arguably, that's an upstream bug in emacs.  POSIX has declared
>> pthread_atfork to be fundamentally useless; it is broken by design,
>> because you cannot use it for anything that is not async-signal-safe
>> without risking deadlock.  And (except for sem_post()), NONE of the
>> standardized locking functions are async-signal-safe.
>>
>> http://austingroupbugs.net/view.php?id=858
>>
>> That said, it would still be nice to support this, since even though the
>> theory says it is broken, there are still lots of (broken)
>> programs/libraries still trying to use it.
> 
> So what do you think emacs should do instead of using pthread_atfork? Or
> is it better to just remove it?  I don't know how likely it is that this
> would cause a problem.

The POSIX recommendation is that multithreaded apps limit themselves
solely to async-signal-safe functions in the window between fork and
exec (or to use pthread_spawn instead of fork/exec).  I don't know what
emacs is trying to do in that window, but at this point, it's certainly
worth reporting it upstream.  If you need a pointer to the full list of
async-signal-safe functions:

http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04
and search for "The following table defines a set of functions that
shall be async-signal-safe."

The most common deadlocks when violating async-signal-safety rules look
like this in single-threaded programs:

function calls malloc()
  malloc() grabs a non-recursive mutex
    async signal arrives
      signal handler called
        signal handler calls malloc()
          malloc() can't grab the mutex - deadlock

and this counterpart in multithreaded programs:

thread1 calls malloc()
  malloc() grabs a non-recursive mutex
thread 2 gains control and calls fork()
  because of the fork, thread1 no longer exists to release the lock
  child process calls malloc()
    malloc() tries to grab mutex, but it is locked with no thread to
release it

Switching malloc() to a recursive lock may or may not "solve" the
single-threaded deadlock (in that malloc can now obtain the mutex), but
it is probably NOT what you want to happen (unless malloc is fully
re-entrant, the inner instance will see incomplete data and either be
totally clobbered itself, or else totally clobber the outer instance
when it returns).  So it's GOOD that malloc does NOT use a recursive
mutex by default.

In the multithreaded case, you are flat out hosed. Switching to a
recursive lock does not change the picture - you are still deadlocked
waiting on thread1 to release the lock, but thread1 doesn't exist.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to