Remove deadlocks by making the scheduler signal handler signal-safe #94
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
machshev
approved these changes
Feb 11, 2026
Collaborator
machshev
left a comment
machshev
left a comment
There was a problem hiding this comment.
Good spot! Thanks for fixing this @AlexJones0
See relevant comments - we can get deadlocks with logging and threading primitives rarely which causes the process to hang around 5% of the time on a SIGINT/SIGTERM, but we also want to be able to have the signal interrupt our poll wait/sleep without busy waiting (for performance), which means we also cannot use time.sleep (an early signal will not interrupt this, and a pre-check leads to ToC-ToU races), nor signal.sigtimedwait (registers its own handlers to handle signals inside the wait, but misses signals outside). This leaves us with one clear solution - use an OS pipe and define a selector on the read file descriptor, and have the signal handler set a flag with the signal number and write to the write file descriptor. By querying the flag we always know if we have handled a signal in our main loop, and by using a fd we reliably skip the wait on a signal, where the wait is blocking (i.e. not a busy wait). The signal handler is then minimal and async-signal-safe, just setting a flag and writing to the pipe. The relevant logging logic is moved to be dispatched by the main loop instead. Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
With the scheduler signal handler fixed to by async-signal-safe, this test should now not be flaky and can be expected to consistently pass. Running pytest -k test_signal --count 100 -n auto gives 600/600 passes locally. Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
AlexJones0
force-pushed
the
signal_safe_fix
branch
from
e245e31 to
4208e8f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We can get deadlocks rarely due to logging and threading primitives in the scheduler's signal handler, which cause the process to hang sometimes on a SIGINT/SIGTERM. We also want to be able to have the signal interrupt our poll wait/sleep without busy waiting (for performance), which means we also cannot use
time.sleep(as an early signal will not interrupt this, and a pre-check could lead to TOC/TOU races), nor can we usesignal.sigtimedwait(which registers its own handlers to handle signals inside the wait, but misses signals outside).This leaves us with one workable solution - use an OS pipe and define a selector on the read file descriptor, and have the signal handler set a flag with the signal number and write to the write file descriptor. By querying the flag we always know if we have handled a signal in our main loop, and by using a fd we reliably skip the wait on a signal, where the wait is blocking (i.e. not a busy wait). The signal handler is then minimal and async-signal-safe, just setting a flag and writing to the pipe. The relevant logging logic is moved to be dispatched by the main loop instead.
Edit: The diff is unfortunately not very nice - it might be easier to view with your Git tooling of preference, or just compare the old and new code side-by-side.
This can be tested by running e.g.
pytest -k test_signal --count 100 -n auto:17 xfailed, 586 xpassed in 30.84s600 xpassed in 29.82s