Commit Graph

50 Commits

Author SHA1 Message Date
Simon McVittie
e0b6b8037d Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:

    enum { EXITED, SIGNALLED, ... } tag;
    union {
        int exit_status;         /* if EXITED */
        struct {
            int terminating_signal;
            bool core_dumped;
        } terminating_signal;    /* if SIGNALLED */
        ...
    } detail;

Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.

I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".

GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.

Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:

    #if !GLIB_CHECK_VERSION(2, 69, 0)
    #define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
    #endif

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-15 14:33:14 +01:00
Philip Withnall
67a589e505 gsubprocess: Use new source/target FD mapping functionality in g_spawn()
This improves performance by eliminating the use of a
`GSpawnChildSetupFunc` in the common case (since that setup code has now
moved into `g_spawn*()` itself), and enables the use of the fix to avoid
the child error reporting FD being overwritten by target FD mappings,
introduced via `g_spawn_async_with_pipes_and_fds()`.

It reworks how the source/target FD mapping is stored within
`GSubprocessLauncher` to match what `g_spawn*()` uses. The two
approaches are equivalent.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: 
2021-02-16 13:44:00 +00:00
Emmanuel Fleury
ffa6d9d614 Fix signedness warning in gio/gsubprocess.c:initable_init()
gio/gsubprocess.c: In function ‘initable_init’:
gio/gsubprocess.c:587:26: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
  587 |     g_assert (0 < s && s < sizeof self->identifier);
      |                          ^
2021-01-12 19:16:56 +01:00
Emmanuel Fleury
a93a6a5459 Fix missing initializer warning in gio/gsubprocess.c:initable_init()
gio/gsubprocess.c: In function ‘initable_init’:
gio/gsubprocess.c:454:3: error: missing initializer for field ‘child_setup_data’ of ‘ChildData’
  454 |   ChildData child_data = { { -1, -1, -1 }, 0 };
      |   ^~~~~~~~~
2021-01-12 19:16:55 +01:00
Emmanuel Fleury
5515dda6e6 Fix signedness warning in gio/gsubprocess.c:child_setup()
gio/gsubprocess.c: In function ‘child_setup’:
gio/gsubprocess.c:271:56: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘guint’ {aka ‘unsigned int’}
  271 |     if (child_data->fds[i] != -1 && child_data->fds[i] != i)
      |                                                        ^~
2021-01-12 19:16:55 +01:00
Sebastian Dröge
ec9fb90b2b Mark g_subprocess_get_std{in,out,err}_pipe() return value as nullable
Previously it was considered a programming error to call these on
subprocesses created without the correct flags, but for bindings this
distinction is difficult to handle automatically.

Returning NULL instead does not cause any inconsistent behaviour and
simplifies the API.
2020-11-14 17:32:41 +02:00
Alexander Larsson
4cf95e3904 Ensure g_subprocess_communicate_async() never blocks
It turns out that our async write operation implementation is broken
on non-O_NONBLOCK pipes, because the default async write
implementation calls write() after poll() said there were some
space. However, the semantics of pipes is that unless O_NONBLOCK is set
then the write *will* block if the passed in write count is larger than
the available space.

This caused a deadlock in https://gitlab.gnome.org/GNOME/glib/-/issues/2182
due to the loop-back of the app stdout to the parent, but even without such
a deadlock it is a problem that we may block the mainloop at all.

In the particular case of g_subprocess_communicate() we have full
control of the pipes after starting the app, so it is safe to enable
O_NONBLOCK (i.e. we can ensure all the code using the fd after this can handle
non-blocking mode).

This fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2182
2020-08-17 12:57:24 +02:00
Philip Withnall
799caf772b gsubprocess: Add missing (nullable) annotation to get_identifier()
The bottom of the documentation comment for this symbol seems to have
been missing.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-05-31 23:38:58 +01:00
Philip Withnall
1b50643c99 gio: Fix various compiler warnings when compiling with G_DISABLE_ASSERT
Mostly unused variables which are only used in a g_assert() call
otherwise.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: 
2019-03-08 19:46:21 +00:00
Philip Withnall
4795dadde4 gsubprocess: Clear std buf outputs to NULL on failure
Instead of sometimes returning a non-NULL buffer, always return NULL.
However, keep the documentation as explicitly returning undefined values
on failure, so that we can change the behaviour in future if needed.

The return values weren’t defined for failure before, so were
implicitly returning undefined values.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-10-11 11:31:27 +13:00
Marco Trevisan (Treviño)
5cc4cca9c6 subprocess: Fix communicate_cancelled signature
The source callback for a GCancellable should have the cancellable itself
as first argument.
This was not the case, and when this code was hit, we were instead trying
to treat the pointer as a CommunicateState reference and thus wrongly
deferencing it, causing a memory error and a crash.
2018-08-24 06:05:03 +02:00
Philip Withnall
66ab836f5a gsubprocess: Fix a critical calling communicate() with no pipes
If calling g_subprocess_communicate() on a GSubprocess with no
stdout/stderr pipe, a critical warning would be emitted from
g_memory_output_stream_steal_as_bytes(), as it would be called on a NULL
output stream.

Fix that, improve the relevant GIR annotations, and expand the unit
tests to cover it (and various other combinations of flags).

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://bugzilla.gnome.org/show_bug.cgi?id=793331
2018-02-13 16:27:32 +00:00
Christoph Reiter
fed574a0c8 introspection: Add more filename type annotations for strings which can contain filenames
This continues the changes done in https://bugzilla.gnome.org/show_bug.cgi?id=767245

This makes it possible to pass Python path types as process arguments and env vars
in PyGObject and and makes it clear that the values are not strictly utf-8 and need
to be validated/converted first.

https://bugzilla.gnome.org/show_bug.cgi?id=788863
2017-10-26 18:51:51 +02:00
Philip Withnall
8f86d312d8 gio: Fix double-callback on cancellation with GSubprocess
See bug  for a detailed analysis of the situation which can cause
this (in summary, if a g_subprocess_wait_async() call is cancelled on a
GSubprocess which is already known to be dead).

The problem was that the GCancellable callback handler was
unconditionally returning a result for the GTask for
g_subprocess_wait_async(), even if that GTask had already returned a
result and the callback was being invoked after the GTask had been
removed from the pending_waits list.

Fix that by checking whether the GTask is still in the pending_waits
list before returning a result for it.

Thanks to Will Thompson for some very useful unit tests which reproduce
this (which will be pushed in the following commit).

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://bugzilla.gnome.org/show_bug.cgi?id=786456
2017-08-23 11:37:32 +01:00
Philip Withnall
5cddde1fb2 Consistently save errno immediately after the operation setting it
Prevent the situation where errno is set by function A, then function B
is called (which is typically _(), but could be anything else) and it
overwrites errno, then errno is checked by the caller.

errno is a horrific API, and we need to be careful to save its value as
soon as a function call (which might set it) returns. i.e. Follow the
pattern:
  int errsv, ret;
  ret = some_call_which_might_set_errno ();
  errsv = errno;

  if (ret < 0)
    puts (strerror (errsv));

This patch implements that pattern throughout GLib. There might be a few
places in the test code which still use errno directly. They should be
ported as necessary. It doesn’t modify all the call sites like this:
  if (some_call_which_might_set_errno () && errno == ESOMETHING)
since the refactoring involved is probably more harmful than beneficial
there. It does, however, refactor other call sites regardless of whether
they were originally buggy.

https://bugzilla.gnome.org/show_bug.cgi?id=785577
2017-08-03 10:21:13 +01:00
Sébastien Wilmet
3bf4a720c3 gio/: LGPLv2+ -> LGPLv2.1+
Sub-directories inside gio/ already processed in a previous commit:
- fam/
- gdbus-2.0/ (which contains only codegen/)
- gvdb/
- inotify/
- tests/
- win32/
- xdgmime/

Other sub-directories inside gio/:
- completion/: no license headers
- kqueue/: not LGPL, BSD-style license

https://bugzilla.gnome.org/show_bug.cgi?id=776504
2017-05-29 19:53:34 +02:00
Emmanuele Bassi
f952fdf3fc Drop trailing semi-colon from G_DEFINE_ macro
It's unnecessary, and only adds visual noise; we have been fairly
inconsistent in the past, but the semi-colon-less version clearly
dominates in the code base.

https://bugzilla.gnome.org/show_bug.cgi?id=669355
2017-04-10 10:38:31 +01:00
Philip Withnall
4091b2d19e gio: Drop redundant g_source_is_destroyed() calls
These calls cause race warnings from tsan, but are not a thread safety
problem, because we can only ever observe single bit changes: all
modifications to the GSource.flags field are done with a lock held; all
reads are of independent fields, so no intermediate state can ever be
observed. This assumes that a non-atomic read will consistently give us
an old value or a new value.

In any case, these g_source_is_destroyed() calls can happen from any
thread, and the state could be changed from another thread immediately
after the call returns; so the checks are pointless. In addition,
calling g_source_set_ready_time() or g_source_destroy() on a destroyed
source is not a problem.

https://bugzilla.gnome.org/show_bug.cgi?id=778049
2017-03-23 15:00:19 +00:00
Christian Hergert
18a33f72db introspection: use (nullable) or (optional) instead of (allow-none)
If we have an input parameter (or return value) we need to use (nullable).
However, if it is an (inout) or (out) parameter, (optional) is sufficient.

It looks like (nullable) could be used for everything according to the
Annotation documentation, but (optional) is more specific.
2016-11-22 14:14:37 -08:00
Piotr Drąg
10c490cdfe Use Unicode in translatable strings
See https://developer.gnome.org/hig/stable/typography.html

https://bugzilla.gnome.org/show_bug.cgi?id=772221
2016-10-12 21:30:42 +02:00
Philip Withnall
3613b7a366 gio: Add source tags to various GTasks constructed in GLib
This makes them easier to identify when debugging and profiling.

This patch was somewhat less than interesting to write.

https://bugzilla.gnome.org/show_bug.cgi?id=767765
2016-06-29 15:16:52 +01:00
Christoph Reiter
9ec74d20a7 Partly revert "gio: Add filename type annotations"
Revert all annotation changes for environment variables and command line
arguments.

See commit f8189ddf98.
2016-06-07 19:50:03 +02:00
Christoph Reiter
f8189ddf98 gio: Add filename type annotations
https://bugzilla.gnome.org/show_bug.cgi?id=767245
2016-06-04 20:38:42 +02:00
Ryan Lortie
d9de830b65 Convert remaining uses of 'Rename to:'
This was replaced by (rename-to) in 2013 (see bug 676133).

They're also causing gtk-doc trouble, so let's get rid of them.
2015-03-12 16:55:22 -04:00
Ryan Lortie
eff505ed3c docs: more cleanups for GIO 2015-03-12 16:43:02 -04:00
Sébastien Wilmet
b0c7221c55 doc: improve doc of g_subprocess_wait()
When using this API, I wasn't sure what the cancellable does. I think
it's generally desirable to kill the subprocess if the wait operation is
cancelled, since in this case the application is no longer interested by
the subprocess.

https://bugzilla.gnome.org/show_bug.cgi?id=732704
2014-07-03 20:11:46 +02:00
Sébastien Wilmet
82352ab8e7 doc: various improvements
- g_subprocess_launcher_spawn() and spawnv(): there is no other way
  AFAIK to create a GSubprocess from a launcher. So these
  functions are not "convenience helper".

- annotate optional arguments for g_shell_parse_argv().

- other trivial fix

https://bugzilla.gnome.org/show_bug.cgi?id=732357
2014-06-29 17:57:24 +02:00
Matthias Clasen
a484719033 docs: Fix up varargs documentation
gtk-doc expects varargs to be documented in a specific way,
otherwise it complains.
2014-05-31 10:54:02 -04:00
Philip Withnall
e1243d11f0 gsubprocess: Add a missing va_end() call
Coverity issues: , 

https://bugzilla.gnome.org/show_bug.cgi?id=730278
2014-05-20 11:01:37 +01:00
Matthias Clasen
fd8c1a3067 Work around gtk-doc problems
Returns shall never be at the beginning of a line.
2014-03-04 20:20:52 -05:00
Ryan Lortie
9f71965bec gsubprocess: fix communicate() with empty buffers
On the splice for stdout or stderr completing, GSubprocess calls
_slice_finish() to collect the result.

We assume that a zero return value here means failure, but in fact this
function returns a gssize -- the number of bytes transferred, or -1 for
an error.

This causes GSubprocess to mistakenly think that it has an error when it
actually just has an empty buffer (as would be the case when collecting
stderr from a successful command).

Check for -1 instead of FALSE to detect the error.

https://bugzilla.gnome.org/show_bug.cgi?id=724916
2014-03-03 21:26:24 -05:00
Olivier Crête
ed017994c9 subprocess: Init and clear the mutex
Fixes the leak of the GMutexImpl allocated inside the first call to g_mutex_lock()
on an uninitialized GMutex.

https://bugzilla.gnome.org/show_bug.cgi?id=724401
2014-02-16 19:59:44 -05:00
Philip Withnall
24536dd030 gsubprocess: Fix a broken link in the documentation
https://bugzilla.gnome.org/show_bug.cgi?id=724001
2014-02-10 08:22:30 +00:00
Matthias Clasen
3232425785 Docs: replace <literal> by ` 2014-02-06 08:07:16 -05:00
Rico Tzschichholz
cd86c0243c gsubprocess: Add missing transfer annotations to get_*_pipe() 2014-01-22 14:06:10 +01:00
Matthias Clasen
3872049445 Add includes to all gio docs 2014-01-07 22:55:43 -05:00
Colin Walters
10d2a01c9a gsubprocess: Annotate g_subprocess_newv()
So that it can actually be invoked by bindings.
2013-12-01 22:00:27 -05:00
Colin Walters
03bf43e14a gsubprocess: Document g_subprocess_get_identifier() 2013-11-25 18:39:46 -05:00
Philip Withnall
299bcbfa41 gsubprocess: Fix potential strlen(NULL) calls
Also clarify the nullability of stdin_buf arguments in GSubprocess
communication calls.

Found with scan-build.

https://bugzilla.gnome.org/show_bug.cgi?id=715164
2013-11-25 15:46:51 +00:00
Andrew Walton
4382e8b876 CLOEXEC fix for older FreeBSDs and OS X.
Some older POSIX-flavored operating systems may not have adopted
O_CLOEXEC yet.

See https://bugzilla.gnome.org/show_bug.cgi?id=712136.
2013-11-23 11:01:29 -05:00
Stef Walter
1e5e3b64a8 gsubprocess: Fix a number of leaks and a segfault
Fixed a number of leaks in gsubprocess, as well as a segfault
that was hidden by never calling g_subprocess_communicate_state_free().

https://bugzilla.gnome.org/show_bug.cgi?id=711803
2013-11-11 17:41:39 +01:00
Chun-wei Fan
61e8e1cd02 gio/gsubprocess.c: Use g_snprintf()
snprintf() is unfortunately still not universally available, so use
g_snprintf() to ensure the build works on all platforms.

https://bugzilla.gnome.org/show_bug.cgi?id=711049
2013-10-29 22:44:11 +08:00
Colin Walters
13067362d2 gsubprocess: Add documentation about default input directions 2013-10-27 16:02:36 -04:00
Colin Walters
6bb9d17e40 gsubprocess: Fall back to plain F_DUPFD+fcntl for OS X <= Snow Lion
Since it apparently doesn't have F_DUPFD_CLOEXEC.

https://bugzilla.gnome.org/show_bug.cgi?id=710962
2013-10-27 16:02:36 -04:00
Ryan Lortie
358588ed2a GSubprocess win32 fixups
Note: we go out of our way not to pass a child setup function on win32
(even if it does nothing) because we get a g_warning() from gspawn if we
do so.
2013-10-21 15:24:55 -04:00
Matthias Clasen
8520c9cdf4 Add some missing argument docs 2013-10-17 20:37:57 -04:00
Ryan Lortie
542ad4db03 Fixup GSubprocess documentation bits 2013-10-17 15:01:42 -04:00
Colin Walters
9318d5a429 gsubprocess: Add UTF-8 variants of communicate()
Over many years of writing code interacting with subprocesses, a pattern
that comes up a lot is to run a child and get its output as UTF-8, to
put inside a JSON document or render in a GtkTextBuffer, etc.

It's very important to validate at the boundaries, and not say deep
inside Pango.

We could do this a bit more efficiently if done in a streaming fashion,
but realistically this should be OK for now.
2013-10-17 14:32:44 -04:00
Colin Walters
0e1a3ee345 gsubprocess: Fix up communicate
We weren't closing the streams after we were done reading or writing,
which is kind of essential.  The easy way to fix this is to just use
g_output_stream_splice() to a GMemoryOutputStream rather than
hand-rolling it.  This results in a substantial reduction of code
complexity.

A second serious issue is that we were marking the task as complete when
the process exits, but that's racy - there could still be data to read
from stdout.  Fix this by just refcounting outstanding operations.

This code, not surprisingly, looks a lot like the "multi" test.

Next, because processes output binary data, I'd be forced to annotate
the char*/length pairs as (array) (element-type uint8).  But rather than
doing that, it's *far* simpler to just use GBytes.

We need a version of this that actually validates as UTF-8, that will be
in the next patch.
2013-10-17 14:32:44 -04:00
Colin Walters
5b48dc40cc GSubprocess: New class for spawning child processes
There are a number of nice things this class brings:

0) Has a race-free termination API on all platforms (on UNIX, calls to
   kill() and waitpid() are coordinated as not to cause problems).
1) Operates in terms of G{Input,Output}Stream, not file descriptors
2) Standard GIO-style async API for wait() with cancellation
3) Makes some simple cases easy, like synchronously spawning a
   process with an argument list
4) Makes hard cases possible, like asynchronously running a process
   with stdout/stderr merged, output directly to a file path

Much rewriting and code review from Ryan Lortie <desrt@desrt.ca>

https://bugzilla.gnome.org/show_bug.cgi?id=672102
2013-10-17 14:32:44 -04:00