<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 2815: quick_exit can deadlock</title>
<meta property="og:title" content="Issue 2815: quick_exit can deadlock">
<meta property="og:description" content="C++ library issue. Status: New">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue2815.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#New">New</a> status.</em></p>
<h3 id="2815"><a href="lwg-active.html#2815">2815</a>. <code>quick_exit</code> can deadlock</h3>
<p><b>Section:</b> 17.5 <a href="https://wg21.link/support.start.term">[support.start.term]</a> <b>Status:</b> <a href="lwg-active.html#New">New</a>
 <b>Submitter:</b> Jean-Fran&ccedil;ois Bastien <b>Opened:</b> 2016-11-07 <b>Last modified:</b> 2020-09-06</p>
<p><b>Priority: </b>3
</p>
<p><b>View other</b> <a href="lwg-index-open.html#support.start.term">active issues</a> in [support.start.term].</p>
<p><b>View all other</b> <a href="lwg-index.html#support.start.term">issues</a> in [support.start.term].</p>
<p><b>View all issues with</b> <a href="lwg-status.html#New">New</a> status.</p>
<p><b>Discussion:</b></p>
<p>
While SG1 was processing NB comments CA1 and LATE2 regarding <a href="https://wg21.link/p0270r1">P0270R1</a>, 
we decided to remove the proposed guarantee that <code>quick_exit</code> be made signal safe.
<p/>
Our reasoning is that functions registered with <code>at_quick_exit</code> aren't forbidden from calling 
<code>quick_exit</code>, but <code>quick_exit</code> implementations likely acquire some form of a lock before 
processing all registered functions (because a note forbids the implementation from introducing data races).
<p/>
The following code can therefore deadlock:
</p>
<blockquote><pre>
#include &lt;cstdlib&gt;

int main() 
{
  std::at_quick_exit([] () { std::quick_exit(0); });
  std::quick_exit(1);
  return 0;
}
</pre></blockquote>
<p>
The same applies if a function registered in <code>at_quick_exit</code> handles a signal, and that signal calls 
<code>quick_exit</code>. SG1 believes that both issues (same thread deadlock, and signal deadlock) can be resolved 
in the same manner. Either:
</p>
<ol>
<li>Specify that calling <code>quick_exit</code> while servicing <code>quick_exit</code> is undefined; or</li>
<li>Specifying that calling <code>quick_exit</code> while servicing <code>quick_exit</code> is defined to not deadlock, 
and instead calls <code>_Exit</code> without calling further registered functions.</li>
</ol>
<p>
Option 2. seems preferable, and can be implemented along the lines of:
</p>
<blockquote><pre>
#include &lt;array&gt;
#include &lt;atomic&gt;
#include &lt;cstddef&gt;

namespace {

  typedef void (*func)();
  
  std::array&lt;func, 32&gt; quick_exit_functions;
  
  const auto* quick_exit_functions_ptr = &amp;quick_exit_functions;
  
  std::atomic_flag lock = ATOMIC_FLAG_INIT;
  
  struct scope 
  {
    scope() { while (lock.test_and_set(std::memory_order_acquire)) ; }
    ~scope() { lock.clear(std::memory_order_release); }
  };
  
}

namespace std {

  extern "C" void quick_exit(int status) noexcept
  {
    decltype(quick_exit_functions_ptr) f;
    {
      scope s;
      f = quick_exit_functions_ptr;
      quick_exit_functions_ptr = nullptr;
    }
    if (f) {
      size_t pos = f-&gt;size();
      while (pos &gt; 0)
        (*f)[--pos]();
    }
    _Exit(status);
  }
  
  extern "C++" int at_quick_exit(func f) noexcept
  {
    scope s;
    if (!quick_exit_functions_ptr || quick_exit_functions.size() == quick_exit_functions.max_size())
      return -1;
    quick_exit_functions[quick_exit_functions.size()] = f;
    return 0;
  }

}
</pre></blockquote>
<p>
Ideally, the resolution would also add back the wording which SG1 dropped from <a href="https://wg21.link/p0270r1">P0270R1</a>:
</p>
<blockquote><p>Add at new element to the end of 17.5 <a href="https://wg21.link/support.start.term">[support.start.term]</a> p13 (<code>quick_exit()</code>):</p>
<blockquote>
<p>
<ins><i>Remarks:</i> The function <code>quick_exit()</code> is signal-safe (17.14.4 <a href="https://wg21.link/csignal.syn">[csignal.syn]</a>). [<i>Note:</i> It might 
still be unsafe to call <code>quick_exit()</code> from a handler, because the functions registered with <code>at_quick_exit()</code> 
might not be signal-safe. &mdash; <i>end note</i>]</ins>
</p>
</blockquote>
</blockquote>

<p><i>[Issues Telecon 16-Dec-2016]</i></p>

<p>Priority 3</p>


<p id="res-2815"><b>Proposed resolution:</b></p>
<p>This wording is relative to <a href="https://wg21.link/n4606">N4606</a>.</p>

<ol>
<li>
<p>Add at new element to the end of 17.5 <a href="https://wg21.link/support.start.term">[support.start.term]</a> p13 (<code>quick_exit()</code>):</p>

<blockquote>
<pre>
[[noreturn]] void quick_exit(int status) noexcept;
</pre>
<blockquote>
<p>
-13- <i>Effects:</i> Functions registered by calls to <code>at_quick_exit</code> are called in the reverse order of their
registration, except that a function shall be called after any previously registered functions that had
already been called at the time it was registered. Objects shall not be destroyed as a result of calling
<code>quick_exit</code>. If control leaves a registered function called by <code>quick_exit</code> because the function does not
provide a handler for a thrown exception, <code>std::terminate()</code> shall be called. [<i>Note:</i> <code>at_quick_exit</code>
may call a registered function from a different thread than the one that registered it, so registered
functions should not rely on the identity of objects with thread storage duration. &mdash; <i>end note</i>] After
calling registered functions, <code>quick_exit</code> shall call <code>_Exit(status)</code>. [<i>Note:</i> The standard file 
buffers are not flushed. See: ISO C 7.22.4.5. &mdash; <i>end note</i>]
<p/>
<ins>-?- <i>Remarks:</i> The function <code>quick_exit()</code> is signal-safe (17.14.4 <a href="https://wg21.link/csignal.syn">[csignal.syn]</a>). [<i>Note:</i> 
It might still be unsafe to call <code>quick_exit()</code> from a handler, because the functions registered with 
<code>at_quick_exit()</code> might not be signal-safe. &mdash; <i>end note</i>]</ins>
</p>
</blockquote>
</blockquote>
</li>

</ol>






</body>
</html>
