Sigalrm support

[devietti]

Here's my prototype of alarm support. There are two issues that I know of:

• I wasn't sure how to kill the tracee cleanly when we need to (this is why the alarm-nohandler test is failing)
• I seem to be reading tracee memory incorrectly.

These are also called out via commit comments.

[devietti]

@gatoWololo This is the main description of how alarm support works.

[devietti]

@gatoWololo This is where I know the tracee should get torn down (SIGALRM with default handler terminates the tracee). Sending this SIGKILL causes dettrace to throw an exception later on:

terminate called after throwing an instance of 'std::runtime_error'
  what():  Ptrace failed with error: No such process

There is probably some canonical way to shut down the tracee I don't know.

[gatoWololo]

When the tracer dies, the tracee is automatically killed, so I just exit from dettrace. That will kill everything though, which might be too much?

[devietti]

Yeah, I think we want to just kill this tracee. E.g., I saw an alarm call from configure, (I think) testing for the presence/behavior of the system call. Not sure what kind of signal handler it had, though, but if it had a simple alarm call without a handler, some subprocess of configure should terminate without tearing down the whole dettrace job.

That said, if it's hard to cleanly kill just one tracee then I don't think it's worth adding just for this corner case of alarm, which may not even arise in practice.

[devietti]

Another thought: maybe injecting an exit into the tracee is the right approach here? The tracee won't exit for the right reason, which is maybe an issue, but probably not.

[devietti]

I added this exit-injection in 288757d

[devietti]

@gatoWololo Here's where I'm having some trouble reading tracee memory. The sa.sa_flags field seems to sometimes have a garbage value of -1 (all 1's), when it should only have a few bits set. strace sees the field correctly, so there's something I'm doing wrong. Maybe the ptracer::readFromTracee() call is incorrect?

[gatoWololo]

@devietti
I had a couple of questions. I'm confused about the need to check for the signal handler, and only inject the signal and pause in some cases. Why don't we just send the signal and pause every time?

Similarly, if the semantics of an alarm with no signal handler dictate the program should be killed, why don't we just let the alarm through and have the OS kill the tracee?

Based on this output:

[3]INTER [Pid 1] Intercepted pause
[4]INFO    pause pre-hook
[4]INFO    tracee has a custom SIGALRM handler, sending SIGALRM to pid 13412
[4]INFO    pause value before post-hook: -514
[4]INFO    pause post-hook
[4]INFO    pause returned -514
[4]INFO    pause returned with value: 0
[3]INTER [1] Tracer: Received signal: 14. Forwading signal to tracee.

It looks like we're not actually using the pause() to inject the alarm? Instead the pause fails with 514 and we just inject the alarm afterwards? Which I'm not sure is getting delivered deterministically?

[devietti]

I'll respond to your questions below. In general, I may have been too consumed by corner cases :-/. I'm not sure if these actually come up, but once I was in the midst of things it seemed easiest to add the extra functionality now instead of having to return to this later on.

Why don't we just send the signal and pause every time?

Because if the SIGALRM is ignored, then alarm should be a NOP, so I'm not sending the signal (and therefore not using a pause either). Without a real signal being sent, there's no risk of some random subsequent system call getting interrupted.

Similarly, if the semantics of an alarm with no signal handler dictate the program should be killed, why don't we just let the alarm through and have the OS kill the tracee?

We could, but I want to make sure the tracee exits at a deterministic point.

It looks like we're not actually using the pause() to inject the alarm? Instead the pause fails with 514 and we just inject the alarm afterwards? Which I'm not sure is getting delivered deterministically?

I don't fully understand the pause returning -514 (ERESTARTNOHAND). It does that whether there is a SIGALRM handler or not (both the alarm-handler and alarm-nohandler tests). So I'm assuming this is "ok". The SIGALRM does seem to be arriving deterministically, per the alarm-handler test. If there are other/better ways to test determinism that would be good to add, though.

[gatoWololo]

If there are other/better ways to test determinism that would be good to add, though.
Right, it's interesting that's difficult to test if it's actually working but if you see it working deterministically, we will assume it's correct.

We can come back to it someday post-deadline.

Because if the SIGALRM is ignored, then alarm should be a NOP
Huh, I figured the program would get stuck forever: Since it would mask it's own alarm and never return.

Sounds good.