Skip to content

fix: split inproc handler thread #1446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 30 commits into
base: master
Choose a base branch
from
Draft

fix: split inproc handler thread #1446

wants to merge 30 commits into from

Conversation

@supervacuus
Copy link
Collaborator

@supervacuus supervacuus commented Nov 10, 2025
edited
Loading

This is a more elaborate and long-term fix to getsentry/sentry-java#4830 compared to #1444.

It also finishes the work done here: #1088
And fixes the issues raised here: #1353
and here: #906

So, while the driver for this PR is a downstream issue that exposes the signal-unsafety of some parts in the current inproc implementation with an actual bug, it addresses a much broader range of concerns that regularly affect inproc users on all platforms.

On a high level, it introduces a separate handler thread for inproc, which the signal-handler (or UEF on Windows) wakes after it exchanges crash context data.

The idea is that we minimize signal handler/UEF to do the least amount of syscall stuff (or at least the subset documented in the signal-safety man-page, while the handler thread can execute functions outside that range (with limitations, since thread sync and heap allocations are still problematic). This allows us to reuse stdio functionality like formatters, without running squarely into UB territory or having to rewrite all utilities to async-signal safe versions like in #1444.

There are a few considerable changes to mention:

  • since we run the event construction in a separate handler thread, the use of backtrace() or any unwinder that runs from the "current" instruction address is entirely useless (ignoring the fact that backtrace() was always signal-unsafe to begin with which itself was the source of crashes, hangs or just empty stack traces).
  • this means we require a "user context"-based stack walker in inproc, which we already partially acknowledged in Using libunwind for mac, since backtrace do not expect thread context… #1088 and fix: support musl on Linux #1233.
  • on Linux, this PR requires libunwind (the nognu implementation, not the llvm one, which is a pure C++ exception unwinder), which is a breaking change (at least in the sense that users now require an additional dependency at build and runtime). This means that the "general" Linux usage is now the same as with the musl libc environments.
  • on macOS, we provide a user context stack-walker based on frame pointer records for arm64 and x86-64, and use the system-provided libunwind for the default stack-trace from a call-site. It turned out that the system-provided libunwind wasn't safe enough to use in the context of the signal handler (either led to hangs or had issues with escaping the trampoline). This means users can now use inproc on macOS again (if their code is compiled without omitting frame-pointers, which by default is always the case on macOS).

open TODO:

  • Decide on having the change
  • provide a module-level description of the new mechanism in inproc
  • finish the x86-64 stackwalker for macOS (and clean up the code)
  • Update documentation
    • Advanced usage might be outdated wrt to signal handling of inproc
    • Remove mentions of inproc not working on macOS
    • Clarify the new libunwind dependency on Linux
  • Figure out if we need the libbacktrace fallback at all and how to handle it.

#skip-changelog (for now)

@supervacuus
fix: split inproc with a handler thread
01eb6e1
@supervacuus
prevent warning on write() return value
7eb3ca8
@supervacuus
get rid of unsused dispatch parameter
0cff127
@supervacuus
and another unused return value for write()
1265007
@supervacuus
fix trivial windows compile def issues to run tests locally
b57995c
@supervacuus
make tests a bit less brittle
5a11ea2
@supervacuus
ensure that find_cp_path isn't built on windows.
b83fc37
@supervacuus
clean up backends
ea527ca 
* use `std::nothrow` `new` consistently to keep exception-free semantics for allocation
* rename static crashpad_handler to have no module-public prefix
* use `nullptr` for arguments where we previously used 0 to clarify that those are pointers
* eliminate the `memset()` of the `crashpad_state_t` initialization since it now contains non-trivially constructable fields (`std::atomic`) and replace it with `new` and an empty value initializer.
@supervacuus
eliminate local handler strategy declaration in signal handler
c78f425
@supervacuus
turn off painful warning noise
116c4a5
@supervacuus
add libunwind to the CI dependencies
b4747c7
@supervacuus
ensure we build the example with PIE disabled when doing a static bui…
d21c180 
…ld, since libraries like libunwind.a might be packaged without PIC.
@supervacuus
extend handler crash to windows
b0822d3
@supervacuus
further clean of inproc
8b93cca
@supervacuus
review and fix/remove remaining TODOs from branch changes
c4f662a
@supervacuus
eliminate multichar warning in crashpad backend when using GCC
84b3a7a
@supervacuus
ensure libunwind in benchmark and codeql workflows
ef7b03b
@supervacuus
fix Linux ARM64 build (warning in libunwind)
6ae25c3
@supervacuus
provide an x86_64 ucontext stackwalker for macOS
a0195db
@supervacuus
bump lower-end GCC to 10.5.0
8a63e64
@supervacuus
remove obsolete ASAN patch from CI
c1fd0a8
@supervacuus
ensure lower-end GCC also finds libunwind
7c97dbb
@supervacuus
disable LTO for the example too
524d8b4
@supervacuus
use clang diagnostics only for __clang__
1c378c3
@supervacuus
install 32-bit libunwind package for 32-bit Linux CI test config
4912a82
@supervacuus
fix weird linker asymmetry
0c24c4f
@supervacuus
provide empty path-suffix so that CMake can find libunwind on platfor…
70dd979 
…ms with architecture prefixes (32-bit Linux)
@supervacuus
remove can_lock mechanism from the handler block API
4449859
@supervacuus
use PRIx64 without ull cast in sentry__value_new_addr()
4ce7940
@supervacuus
fix off-by-one bug when returning the trace length after walking the …
8954928 
…stack

also ensure to get the first frame
harmonize libunwind usage
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@supervacuus