May 18, 2012 Re: [D-runtime] A mechanism to kill threads | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Alex Rønne Petersen | Hi Alex,
I still think that you don't really understand the constraint that your code has to follow to be able to call kill safely.
I had said that you basically can use only signal safe functions after calling kill.
Sean and Brad pointed out already some possible pitfalls: holding resources (locks,...) allocating gc memory,... but to avoid constraining the subsequent program to be able to use only signal safe functions, the thread must *not* be executing any signal unsafe function.
A signal unsafe function might be using resources within the kernel,
and those resource will also never be released.
Even if you are sure that your thread is not using any resource that
you care about later, unless you restrict yourself to signal safe
functions you cannot know what resources might be used by the kernel.
As a real life example aquiring or even releaseing! a lock is non
signal safe, and indeed on OSX to optimize the usage of "fat" locks,
the os tries to spinlock and uses a fat lock from a common pool only
when required.
When releasing the lock the fat lock might go back to the pool.
Now the pool obviously needs to be guarded, and it uses a spinlock for
it.
Now imagine you suspend or kill a thread while the spinlock to the
common pool of fat locks is being held in the kernel...
Any subsequent lock/unlock on *any* lock that requires access to the
common pool will block.
OSX is perfectly standard compliant in doing that optimization, because
indeed those functions are not signal safe.
This is not theoretical, I actually had this probelm, and is now fixed
in druntime (at least my fixes to the tango runtime were included in
druntime).
A consequence of this is that in general it is *not* ok to kill a thread that is idle and holds a lock (likely what you thought of your thread in a know state).
As said the only thread that could be safely killed is a thread that has
no resources you care abount and might remain uncollected, and executes
no signal unsafe functions.
Are there suche cases? yes indeed a purely computational thread that
allocates nothing might well fall into that category.
I am not sure your "managed code" thread does.
Normally probably you had better to fork and have a separate *process*
to kill, or accept that you have cooperative killing wich might take
some time (depending how often the thread checks if it should stop.
ciao
Fawzi
_______________________________________________
D-runtime mailing list
D-runtime@puremagic.com
http://lists.puremagic.com/mailman/listinfo/d-runtime
| |||
Permalink
ReplyMay 18, 2012 Re: [D-runtime] A mechanism to kill threads | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Fawzi Mohamed | On 05/18/12 14:46, Fawzi Mohamed wrote: > Now imagine you suspend or kill a thread while the spinlock to the common pool of fat locks is being held in the kernel... If a thread can be killed while in kernel mode and all kernel-acquired resources aren't freed, then it's a kernel bug. Period. If some /userspace/ system library does that kind of "optimizations", that's a bit different, but still at least means a proper safe API is missing. He could setup a timer to periodically check for a 'kill-me' flag, but that probably means relying on the user-code to not actively fight against it (i don't know if it's an issue; as "VM" was mentioned maybe it isn't) and if signals are allowed to interrupt the critical regions then that alone won't be enough. artur _______________________________________________ D-runtime mailing list D-runtime@puremagic.com http://lists.puremagic.com/mailman/listinfo/d-runtime | |||
May 18, 2012 Re: [D-runtime] A mechanism to kill threads | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Artur Skawina | On Fri, 18 May 2012 15:49:30 +0200 Artur Skawina <art.08.09@gmail.com> wrote: > On 05/18/12 14:46, Fawzi Mohamed wrote: > > Now imagine you suspend or kill a thread while the spinlock to the common pool of fat locks is being held in the kernel... > > If a thread can be killed while in kernel mode and all kernel-acquired resources aren't freed, then it's a kernel bug. Period. If some /userspace/ system library does that kind of "optimizations", that's a bit different, but still at least means a proper safe API is missing. I tend to agree in the case of the example I did (and I had the problem with suspending, not sure what will happen if one kills it). But I am not sure there is any standard agreed guarantee when killing threads in non signal safe functions. Collection of some resources is guanteed only for process killing. _______________________________________________ D-runtime mailing list D-runtime@puremagic.com http://lists.puremagic.com/mailman/listinfo/d-runtime | |||
August 23, 2012 Re: [D-runtime] A mechanism to kill threads | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Alex Rønne Petersen | I realize this thread is very old, but I'm just catching up with my stale email. Not sure whether anything happened with this, but I would suggest that you simply avoid using D threads whatsoever. I'd even write the VM in C. Otherwise, you risk hidden D features that you have no control over that might use the GC. Like simply using an array literal. In my experience, it's always been possible (and better) to write a cooperative way to kill a thread. Then again, I haven't ever written a VM... -Steve On May 16, 2012, at 8:55 PM, Alex Rønne Petersen wrote: > One interesting question in designing a kill function is: Do we want to guarantee that it runs all the thread shutdown routines (see the shutdown code in thread_entryPoint)? I'm thinking that guaranteeing this is basically impossible, so I'm leaning towards no. The most I can see would be realistic is to remove the thread from the global thread list if enqueueing the termination request (pthread_cancel on POSIX, TerminateThread on Windows) succeeded. > > If we don't guarantee this, how much resource leakage are we looking at? > > Regards, > Alex > > On Wed, May 16, 2012 at 7:04 PM, Alex Rønne Petersen <xtzgzorex@gmail.com> wrote: >> Hi, >> >> In my virtual machine, I need to be able to kill daemon threads on shutdown. The problem is that VM shutdown is *not* tightly coupled to druntime shutdown; multiple VM instances can run in a process at any given time, and can be started/stopped whenever. It doesn't appear like there is any functionality in core.thread to achieve this. >> >> Is there any reason we don't have a Thread.kill() function? >> >> Regards, >> Alex > _______________________________________________ > D-runtime mailing list > D-runtime@puremagic.com > http://lists.puremagic.com/mailman/listinfo/d-runtime _______________________________________________ D-runtime mailing list D-runtime@puremagic.com http://lists.puremagic.com/mailman/listinfo/d-runtime | |||
Copyright © 1999-2021 by the D Language Foundation