Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> platform-neutral language functions like "open/read/write/close/ioctl/dup/dup2"

These are all syscall wrappers. They are present in libc but they are going to be very boring stubs that merely call into the kernel. (Also I don't think you can call them platform neutral or language functions as they are POSIX rather than being from the C standard...)

The more "implementation-heavy" parts of a libc... Things like stdio, string calls, malloc, ...



Those stubs have to correctly handle POSIX thread cancellation, which is "exciting" in the worst possible way.

Some of them also have to translate between the userspace version of particular argument types and the kernel version, which don't always line up.


pthread cancellation was a terrible idea when it was added, and it's even worse today. It's an API that provides no actual value (you can implement it yourself via signals), is a giant minefield if you care about not leaking or deadlocking, and infects the entirety of libc with pointless checks for functionality that no one in their right mind should use.


> pthread cancellation was a terrible idea when it was added, and it's even worse today

> you can implement it yourself via signals

It appears, that you are contradicting yourself. Either it is "bad idea" or it is easy to correctly implement by oneself, not both.

musl has well though-out implementation of pthread cancellation, so it is clearly doable, even if glibc developers have failed at it.


The problem with pthread cancellation is that it is fundamentally broken when used on a thread that can ever acquire resources (opening an fd, taking a mutex, mallocing a buffer, etc.). If it were just "call pthread_testcancel to figure out if you were cancelled", that would be fine, but no, you either get blown up immediately, or you get blown up at arbitrary function call boundaries (that don't really make any sense; e.g. why is strerror_r allowed to be a cancellation point?)

It's easy to correctly implement the parts that aren't just adding a call to pthread_testcancel to every single syscall wrapper, just reserve an RT signal and do your thread teardown when you receive it, using pthread_sigmask to implement enable/disable. It's just that it's just a terrible idea.


strerror[_r]() is allowed to be cancellation point, because it's implementation may involve calls to read() which is required to be cancellation point.


> It's an API that provides no actual value (you can implement it yourself via signals)

> is a giant minefield if you care about not leaking or deadlocking

Aren't these two in opposition?


No. pthread_cancel implemented completely correctly is inherently a giant minefield. (Details in a reply to a sibling post)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: