On 09/12/2007, <b class="gmail_sendername">Guido van Rossum</b> <<a href="mailto:guido@python.org">guido@python.org</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Dec 8, 2007 3:57 PM, Adam Olsen <<a href="mailto:rhamph@gmail.com">rhamph@gmail.com</a>> wrote:<br>><br>> On Dec 8, 2007 4:28 PM, Guido van Rossum <<a href="mailto:guido@python.org">guido@python.org</a>> wrote:
<br>> ><br>> > On Dec 8, 2007 2:36 PM, Adam Olsen <<a href="mailto:rhamph@gmail.com">rhamph@gmail.com</a>> wrote:<br>> > > On Dec 8, 2007 2:56 PM, <<a href="mailto:glyph@divmod.com">glyph@divmod.com
</a>> wrote:<br>> > > > On 05:20 pm, <a href="mailto:guido@python.org">guido@python.org</a> wrote:<br>> > > > >The best solution I can think of is to add a new API that takes a<br>> > > > >signal and a file descriptor and registers a C-level handler for that
<br>> > > > >signal which writes a byte to the file descriptor. You can then create<br>> > > > >a pipe, connect the signal handler to the write end, and add the read<br>> > > > >end to your list of file descriptors passed to select() or poll(). The
<br>> > > > >handler must be written in C in order to avoid the race condition<br>> > > > >referred to by Glyph (signals arriving after the signal check in the<br>> > > > >VM main loop but before the select()/poll() system call is entered
<br>> > > > >will not be noticed until the select()/poll() call completes).<br>> > > ><br>> > > > This paragraph jogged my memory. I remember this exact solution being<br>> > > > discussed now, a year ago when I was last talking about these issues.
<br>> > > ><br>> > > > There's another benefit to implementing a write-a-byte C signal handler.<br>> > > > Without this feature, it wouldn't make sense to have passed the<br>> > > > SA_RESTART flag to sigaction, because and GUIs written in Python could
<br>> > > > have spent an indefinite amount of time waiting to deliver their signal<br>> > > > to Python code. So, if you had to handle SIGCHLD in Python, for<br>> > > > example, calls like file().write() would suddenly start raising a new
<br>> > > > exception (EINTR). With it, you could avoid a whole class of subtle<br>> > > > error-handling code in Twisted programs.<br>> > ><br>> > > SA_RESTART still isn't useful. The low-level poll call (not write!)
<br>> > > must stop and call back into python. If that doesn't indicate an<br>> > > error you can safely restart your poll call though, and follow it with<br>> > > a (probably non-blocking) write.
<br>> ><br>> > Can't say I understand all of this, but it does reiterate that there<br>> > are more problems with signals than just the issue that Gustavo is<br>> > trying to squash. The possibility of having *any* I/O interrupted is
<br>> > indeed a big worry. Though perhaps this could be alleviated by rigging<br>> > things so that signals get delivered (at the C level) to the main<br>> > thread and the rest of the code runs in a non-main thread?
<br>><br>> That's the approach my threading patch will take, although reversed<br>> (signals are handled by a background thread, leaving the main thread<br>> as the *main* thread.)<br><br>Hm... Does this mean you're *always* creating an extra thread to handle signals?
<br><br>> I share your concern about interrupting whatever random syscalls (not<br>> even limited to I/O!) that a library happens to use.<br>><br>><br>> > > Note that the only reason to use C for a low-level handler here is
<br>> > > give access to sigatomic_t and avoid needing locks. If you ran the<br>> > > signal handler in a background thread (using sigwait to trigger them)<br>> > > you could use a python handler.
<br>> ><br>> > I haven't seen Gustavo's patch yet, but *my* reason for using a C<br>> > handler was different -- it was because writing a byte to a pipe in<br>> > Python would do nothing to fix Gustavo's issue.
<br>> ><br>> > Looking at the man page for sigwait() it could be an alternative<br>> > solution, but I'm not sure how it would actually allow PyGTK to catch<br>> > KeyboardInterrupt.<br>><br>
> My mail at [1] was referring to this. Option 1 involved writing to a<br>> pipe that gets polled while option 2 requires we generate a new signal<br>> targeting the specific thread we want to interrupt.<br>>
<br>> I'd like to propose an interim solution though: pygtk could install<br>> their own SIGINT handler during the gtk mainloop (or all gtk code?),<br>> have it write to a pipe monitored by gtk, and have gtk raise
<br>> KeyboardInterrupt if it gets used. This won't allow custom SIGINT<br>> handlers or any other signal handlers to run promptly, but it should<br>> be good enough for OLPC's use case.<br>><br>><br>
> [1] <a href="http://mail.python.org/pipermail/python-dev/2007-December/075607.html">http://mail.python.org/pipermail/python-dev/2007-December/075607.html</a><br><br>Since OLPC has to use 2.5 they don't really have another choice
<br>besides this or making the timeout (perhaps much) larger -- I'm not<br>going to risk a change as big as anything proposed here for 2.5.2, so<br>nothing will change before 2.6.<br><br>I've got to say that all the cross-referencing and asynchronous
<br>discussion here makes it *very* difficult to wrap my head around the<br>various proposals. It also doesn't help that different participants<br>appear to have different use cases in mind. E.g. do we care about<br>threads started directly from C++ code? (These happen all the time at
<br>Google, but we don't care much about signals.) And what about<br>restarting system calls (like Glyph brought up)?<br><br>I've seen references to bug #1643738 which got a thumbs up from Tim<br>Peters -- Adam, what do you think of that? I know it doesn't address
<br>Gustavo's issue but it seems useful in its own right.</blockquote><div><br>That issue seems orthogonal. Just fixes the current async handling code. See how complicated and error prone the current code is? It's so easy to get race conditions... The pipe solution is much simpler IMHO, less error prone... ;-)
<br><br>But, well, maybe it's just me that thinks it's simpler and no one else. That's life.. :|<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Gustavo, at some point you suggested making changes to Python so that<br>all signals are blocked in all threads except for the main thread. I<br>think I'd be more inclined to give that the green light than the patch<br>
using pipes for all signal handling, as long as we can make sure that<br>this blocking of all signals isn't inherited by fork()'ed children --<br>we had serious problems with that in 2.4 where child processes were
<br>unkillable (except for SIGKILL).</blockquote><div><br>I don't think that solution works after all. We can only block signals for certain threads inside the threads themselves. But we do not control all threads. Some are created by C libraries, and these threads will not have signals blocked by default, and also there is no 'thread creation hook' that we can use.
<br><br>More promising would be pthread_kill solution suggested by loewis. It's not a bad solution, but it does nothing to improve the possible race conditions in signal handling. Also it is not "theoretically" safe to call in signal handlers, as far as I can tell. At least it's not on the list of safe functions to call in async handlers:
<a href="http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html#tag_02_04_03">http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html#tag_02_04_03</a><br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'd also be OK with a patch that<br>leaves the existing signal handling code intact but *adds* a way to<br>have a signal handler written in C that writes one byte to one end of<br>a pipe -- where the pipe is provided by Python code.
</blockquote><div><br>I think this is most balanced approach of all. <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Does any of this make sense still?
<br><br>Anyway, I would still like to discuss this on #python-dev Monday.<br>Adam, in what time zone are you? (I'm PST.) Who else is interested?</blockquote><div><br>I'll try to show up if I have time.<br></div></div>
<br>-- <br>Gustavo J. A. M. Carneiro<br>INESC Porto, Telecommunications and Multimedia Unit<br>"The universe is always one step beyond logic." -- Frank Herbert