Signals after exec

[Ziya Aral]

In article <986 at ncr-sd.SanDiego.NCR.COM> greg at ncr-sd.SanDiego.NCR.COM (Greg Noel) writes:

>Er, no, it doesn't -- but it does bring us back to the initial topic, which
>was, what happens if you have shared signals between two processes, but
>separate address spaces?  How do the semantics of that work out?

I will have to be forgiven because I don't make it to the net every week and am
not entirly familiar with the history of this discussion. I assume that the
original discussion is implied by the subject "Signals after exec".

The nUNIX kernel does not address the propogation of anything across
execs. It basically specifies that whenever a resource is copied (via fork),
it can instead be shared. As far as forks go, there is no semantic problem. A
conventional fork propogates the signal handler by copying the address space of
the parent, including the signal handler, to the child. The only change that
nUNIX adds is that the memory and/or signal resource of the parent may be
shared rather than copied. All possible combinations are legitimate because the
signal handler, whether shared or private, remains visible after the fork. The
only difference in a shared signal resource is that changes made to it by any
one process which uses it impact all processes which share it... i.e. the table
of signal handlers plus some additional state is made sharable. 

When we implemented shared signal handlers, we discussed whether the signal
event itself should be shared (as in MACH). We opted for the more conservative
approach of only sharing handlers as this is much better defined.

The nUNIX prototype also takes a very conservative view of what constitutes a
"resource". Essentially it defines independent resources as only the 
the six classes of resources currently broken out in the user.h header
(i.e. memory, signals, file descriptors, process stats, protection, and
resource control). While it is clear that other process attributes could be
broken out as independently sharable resources and that additional resources
could be easily added (the direction of our current research), this would not
really impact existing semantics.

The reason shared resources do not impact exec is that exec implies a process
transformation in which only some of the original process state is retained.
In particular, it means that a new memory resource, and thus also a new
signal resource must be created. The retention of existing semantics means that
memory sharing stops at an exec. For what is inherited across an exec, instead
of inheriting the the appropriate values of the exec'ing process, the execee
transparently inherits the link to the resource and whether that resource is
shared or not is largely irrelevent. If additional process attributes were to
be made independently sharable resources (for example, interval timers), the
same would apply. If exec semantics were to be changed to allow the inheritance
of more process state, the same answer would again be valid PROVIDED that such
a change did not fundamentally change UNIX semantics.

The propogation of signal handlers across exec() is an entirely different
issue in that it violates the last point above quite apart from the issues
of shared vs private resources. UNIX semantics define signal handlers as mere
user subroutines of arbitrary complexity and execs as chaining operations.
The contradiction that other posters must have mentioned becomes immediately
obvious. There is no way to reconcile the inheritance of signal handlers
without inheriting the image (shared or not) of the exec'ing process
and that is the exact opposite of what an exec is meant to do. Here it is not
even possible to retain part of the original image because there are no
limits on the dependencies of signal handlers. Since the original image AND
its logic disappears, the signal handlers must disappear with it. While it
could be argued that UNIX's address space and its user-level exception handling
are thus too tightly coupled, other solutions would be less general.

It may be possible to exercise a much more restricted form of control over
the exec'ed child by making the sigmask (currently process private in nUNIX)
and some additional signal state into an independently sharable resource but
I have not really thought about it.


Ziya Aral		aral at multimax.encore.com