base: wait for children to terminate.

base/process_util_posix.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <signal.h>
 #include <stdlib.h>
 #include <sys/resource.h>
@@ skipping 22 matching lines @@
 #include <crt_externs.h>
 #define environ (*_NSGetEnviron())
 #else
 extern char** environ;
 #endif
 
 namespace base {
 
 namespace {
 
-int WaitpidWithTimeout(ProcessHandle handle, int64 wait_milliseconds,
-                       bool* success) {
+// WaitpidWithTimeout performs a timed waitpid() call. The arguments and return
+// value match waitpid(2).
+pid_t WaitpidWithTimeout(ProcessHandle handle, int* status,
+                         int64 wait_milliseconds) {
   // This POSIX version of this function only guarantees that we wait no less
   // than |wait_milliseconds| for the process to exit.  The child process may
   // exit sometime before the timeout has ended but we may still block for up
   // to 256 milliseconds after the fact.
   //
   // waitpid() has no direct support on POSIX for specifying a timeout, you can
   // either ask it to block indefinitely or return immediately (WNOHANG).
   // When a child process terminates a SIGCHLD signal is sent to the parent.
   // Catching this signal would involve installing a signal handler which may
   // affect other parts of the application and would be difficult to debug.
   //
   // Our strategy is to call waitpid() once up front to check if the process
   // has already exited, otherwise to loop for wait_milliseconds, sleeping for
   // at most 256 milliseconds each time using usleep() and then calling
   // waitpid().  The amount of time we sleep starts out at 1 milliseconds, and
   // we double it every 4 sleep cycles.
   //
   // usleep() is speced to exit if a signal is received for which a handler
   // has been installed.  This means that when a SIGCHLD is sent, it will exit
   // depending on behavior external to this function.
   //
-  // This function is used primarily for unit tests, if we want to use it in
-  // the application itself it would probably be best to examine other routes.
-  int status = -1;
-  pid_t ret_pid = HANDLE_EINTR(waitpid(handle, &status, WNOHANG));
+  // This function is used in unit tests and by DidProcessCrash. See the
+  // comments in DidProcessCrash about its use in Chrome itself.
   static const int64 kMaxSleepInMicroseconds = 1 << 18;  // ~256 milliseconds.
   int64 max_sleep_time_usecs = 1 << 10;  // ~1 milliseconds.
-  int64 double_sleep_time = 0;
+  int double_sleep_time = 0;
+
+  pid_t ret_pid = HANDLE_EINTR(waitpid(handle, status, WNOHANG));
+  if (ret_pid != 0)
+    return ret_pid;
 
   // If the process hasn't exited yet, then sleep and try again.
   Time wakeup_time = Time::Now() +
       TimeDelta::FromMilliseconds(wait_milliseconds);
   while (ret_pid == 0) {
     Time now = Time::Now();
     if (now > wakeup_time)
       break;
     // Guaranteed to be non-negative!
     int64 sleep_time_usecs = (wakeup_time - now).InMicroseconds();
     // Sleep for a bit while we wait for the process to finish.
     if (sleep_time_usecs > max_sleep_time_usecs)
       sleep_time_usecs = max_sleep_time_usecs;
 
     // usleep() will return 0 and set errno to EINTR on receipt of a signal
     // such as SIGCHLD.
     usleep(sleep_time_usecs);
-    ret_pid = HANDLE_EINTR(waitpid(handle, &status, WNOHANG));
+    ret_pid = HANDLE_EINTR(waitpid(handle, status, WNOHANG));
 
     if ((max_sleep_time_usecs < kMaxSleepInMicroseconds) &&
         (double_sleep_time++ % 4 == 0)) {
       max_sleep_time_usecs *= 2;
     }
   }
 
-  if (success)
-    *success = (ret_pid != -1);
-
-  return status;
+  return ret_pid;
 }
 
 void StackDumpSignalHandler(int signal, siginfo_t* info, ucontext_t* context) {
   LOG(ERROR) << "Received signal " << signal;
   debug::StackTrace().PrintBacktrace();
 
   // TODO(shess): Port to Linux.
 #if defined(OS_MACOSX)
   // TODO(shess): Port to 64-bit.
 #if ARCH_CPU_32_BITS
@@ skipping 512 matching lines @@
 
   return success;
 }
 
 void RaiseProcessToHighPriority() {
   // On POSIX, we don't actually do anything here.  We could try to nice() or
   // setpriority() or sched_getscheduler, but these all require extra rights.
 }
 
 bool DidProcessCrash(bool* child_exited, ProcessHandle handle) {
+  // We call DidProcessCrash when we see an EOF from a socket to that child.
+  // Sadly, the kernel is raceable: it will close a dead process's file
+  // descriptors before marking the process as dead. Therefore it's possible to
+  // see the EOF and still have a subsequent waitpid() return zero. (Had I
+  // known that from the beginning, child processing would have been designed
+  // differently.)
+  //
+  // Everything higher up copes with the case where waitpid fails, but we might
+  // lose some crash notifications. In order to minimise this we waitpid() in a
+  // loop with a timeout to try and catch the exit code. In the typical case,
+  // we should only be blocking for microseconds here.
+  //
+  // It's possible for a bad child to close its socket without exiting. Because
+  // we don't want to hang the browser in this case we have a timeout.
   int status;
-  const pid_t result = HANDLE_EINTR(waitpid(handle, &status, WNOHANG));
-  if (result == -1) {
-    PLOG(ERROR) << "waitpid(" << handle << ")";
+  pid_t pid = WaitpidWithTimeout(handle, &status, 250 /* milliseconds */);
+
+  if (pid == 0) {
+    // We waited for the full timeout and the child still isn't dead.
+    LOG(ERROR) << "We janked because we expected child "
+               << handle << " to have exited.";
     if (child_exited)
       *child_exited = false;
     return false;
-  } else if (result == 0) {
-    // the child hasn't exited yet.
-    if (child_exited)
-      *child_exited = false;
-    return false;
   }
 
   if (child_exited)
     *child_exited = true;
 
   if (WIFSIGNALED(status)) {
     switch (WTERMSIG(status)) {
       case SIGSEGV:
       case SIGILL:
       case SIGABRT:
@@ skipping 22 matching lines @@
     return true;
   }
 
   // If it didn't exit cleanly, it must have been signaled.
   DCHECK(WIFSIGNALED(status));
   return false;
 }
 
 bool WaitForExitCodeWithTimeout(ProcessHandle handle, int* exit_code,
                                 int64 timeout_milliseconds) {
-  bool waitpid_success = false;
-  int status = WaitpidWithTimeout(handle, timeout_milliseconds,
-                                  &waitpid_success);
-  if (status == -1)
-    return false;
-  if (!waitpid_success)
+  int status;
+  pid_t pid = WaitpidWithTimeout(handle, &status, timeout_milliseconds);
+
+  if (pid <= 0)
     return false;
   if (!WIFEXITED(status))
     return false;
   if (WIFSIGNALED(status)) {
     *exit_code = -1;
     return true;
   }
   *exit_code = WEXITSTATUS(status);
   return true;
 }
 
 bool WaitForSingleProcess(ProcessHandle handle, int64 wait_milliseconds) {
-  bool waitpid_success;
   int status;
-  if (wait_milliseconds == base::kNoTimeout)
-    waitpid_success = (HANDLE_EINTR(waitpid(handle, &status, 0)) != -1);
-  else
-    status = WaitpidWithTimeout(handle, wait_milliseconds, &waitpid_success);
-  if (status != -1) {
-    DCHECK(waitpid_success);
-    return WIFEXITED(status);
+  pid_t pid;
+  if (wait_milliseconds == base::kNoTimeout) {
+    pid = (HANDLE_EINTR(waitpid(handle, &status, 0)) == handle);
   } else {
+    pid = WaitpidWithTimeout(handle, &status, wait_milliseconds);
+  }
+
+  if (pid <= 0)
     return false;
+
+  return WIFEXITED(status);
+}
+
+bool CrashAwareSleep(ProcessHandle handle, int64 wait_milliseconds) {
+  int status;
+  pid_t pid = WaitpidWithTimeout(handle, &status, wait_milliseconds);
+  if (pid < 0) {
+    // If waitpid failed then the process probably didn't exist prior to the
+    // call.
+    return true;
+  } else if (pid == 0) {
+    return false;
+  } else {
+    return !(WIFEXITED(status) || WIFSIGNALED(status));
   }
 }
 
-bool CrashAwareSleep(ProcessHandle handle, int64 wait_milliseconds) {
-  bool waitpid_success;
-  int status = WaitpidWithTimeout(handle, wait_milliseconds, &waitpid_success);
-  if (status != -1) {
-    DCHECK(waitpid_success);
-    return !(WIFEXITED(status) || WIFSIGNALED(status));
-  } else {
-    // If waitpid returned with an error, then the process doesn't exist
-    // (which most probably means it didn't exist before our call).
-    return waitpid_success;
-  }
-}
-
 int64 TimeValToMicroseconds(const struct timeval& tv) {
   static const int kMicrosecondsPerSecond = 1000000;
   int64 ret = tv.tv_sec;  // Avoid (int * int) integer overflow.
   ret *= kMicrosecondsPerSecond;
   ret += tv.tv_usec;
   return ret;
 }
 
 // Executes the application specified by |cl| and wait for it to exit. Stores
 // the output (stdout) in |output|. If |do_search_path| is set, it searches the
@@ skipping 148 matching lines @@
                       const ProcessFilter* filter) {
   bool exited_cleanly =
       WaitForProcessesToExit(executable_name, wait_milliseconds,
                              filter);
   if (!exited_cleanly)
     KillProcesses(executable_name, exit_code, filter);
   return exited_cleanly;
 }
 
 }  // namespace base