Re: Thread-, Signal- and Cancellation-safety documentation

[Alexandre Oliva <aoliva at redhat dot com>]

On May 31, 2013, Florian Weimer <fweimer@redhat.com> wrote:

> There's no fgetxattrat, so it is tempting to emulate the missing
> opportunity to specify AT_SYMLINK_NOFOLLOW using chdir and
> lgetxattr. If you do this in library code, it is not thread-safe at
> all, even though you only use functions which are defined as
> thread-safe.

I'm not sure it doesn't qualify as thread safe, but it's definitely
something that ought to be noted in the documentation, just like (in my
local tree) nftw has a note about its calls to chdir() if you call it
with FTW_CHDIR.

I don't see any support from the relevant standards to label either of
them as not thread safe.  I do, however, agree that there's another
relevant safety property there; shall we call it cwd-unsafe?

>> Sure, if two threads call it concurrently, you can't predict which one
>> ends up as the cwd for the process, but that's just as impredictable as
>> the result when two threads call write concurrently, or rename
>> concurrently from or to the same pathname.  But you wouldn't say
>> multi-threaded programs shouldn't call write or rename, would you?

> That's because the immediate caller can ensure that it has exclusive
> access to the resource (or determine that the race is benign),

Huh?  How could anyone ensure it has exclusive access to a filename
that's about to be renamed, or overwritten by a rename?  That's not even
something that could be guaranteed even involving all the threads of a
process: other processes could mess with the files!

-- 
Alexandre Oliva, freedom fighter    http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/   FSF Latin America board member
Free Software Evangelist      Red Hat Brazil Compiler Engineer