Shut down gracefully if parent exits (#830)

* shut down gracefully if parent exits

* only use on linux

* Move monitoring into `sys/unix/linux` to abstract around the OS details (#831)

---------

Co-authored-by: Davis Vaughan <[email protected]>

Author: jmcphers

.vscode/launch.json

@@ -12,6 +12,9 @@
             "osx": {
                 "program": "ark"
             },
+            "linux": {
+                "program": "ark"
+            },
             "windows": {
                 "program": "ark.exe"
             },

crates/ark/src/start.rs

@@ -118,6 +118,12 @@ pub fn start_kernel(
         panic!("Couldn't connect to frontend: {err:?}");
     }
 
+    // Start parent process monitoring for graceful shutdown if applicable. Currently we
+    // only do this for Linux since it uses `prctl()`.
+    if let Err(err) = crate::sys::parent_monitor::start_parent_monitoring(r_request_tx.clone()) {
+        log::error!("Failed to start parent process monitoring: {err}");
+    }
+
     // Start R
     crate::interface::RMain::start(
         r_args,

crates/ark/src/sys/unix.rs

@@ -11,3 +11,13 @@ pub mod interface;
 pub mod path;
 pub mod signals;
 pub mod traps;
+
+cfg_if::cfg_if! {
+    if #[cfg(target_os = "linux")] {
+        mod linux;
+        pub use self::linux::*;
+    } else if #[cfg(target_os = "macos")] {
+        mod macos;
+        pub use self::macos::*;
+    }
+}

crates/ark/src/sys/unix/linux.rs

@@ -0,0 +1,8 @@
+/*
+ * linux.rs
+ *
+ * Copyright (C) 2025 Posit Software, PBC. All rights reserved.
+ *
+ */
+
+pub mod parent_monitor;

crates/ark/src/sys/unix/linux/parent_monitor.rs

@@ -0,0 +1,108 @@
+//
+// parent_monitor.rs
+//
+// Copyright (C) 2025 Posit Software, PBC. All rights reserved.
+//
+
+//! Parent process monitoring for graceful shutdown on Linux.
+//!
+//! This module implements Linux-specific functionality to monitor the parent process
+//! and trigger graceful shutdown of the kernel when the parent exits.
+
+use std::sync::atomic::AtomicBool;
+use std::sync::atomic::Ordering;
+use std::thread;
+use std::time::Duration;
+
+use crossbeam::channel::Sender;
+use nix::sys::signal::SigHandler;
+use nix::sys::signal::Signal;
+use nix::sys::signal::{self};
+use stdext::spawn;
+
+use crate::request::RRequest;
+
+/// Flag to track if parent monitoring is active
+static PARENT_MONITORING_ACTIVE: AtomicBool = AtomicBool::new(false);
+
+/// Start monitoring the parent process for exit.
+///
+/// On Linux, this uses `prctl(PR_SET_PDEATHSIG)` to set up a signal that will be
+/// delivered when the parent process exits. When this signal is received, a graceful
+/// shutdown request is sent to the R execution thread.
+///
+/// # Arguments
+/// * `r_request_tx` - Channel to send shutdown requests to the R execution thread
+///
+pub fn start_parent_monitoring(r_request_tx: Sender<RRequest>) -> anyhow::Result<()> {
+    // Check if already active to avoid multiple monitors
+    if PARENT_MONITORING_ACTIVE.swap(true, Ordering::SeqCst) {
+        log::warn!("Parent process monitoring is already active");
+        return Ok(());
+    }
+
+    log::info!("Starting parent process monitoring");
+
+    // Set up SIGUSR1 to be delivered when parent dies
+    const PR_SET_PDEATHSIG: libc::c_int = 1;
+    const SIGUSR1: libc::c_int = 10;
+
+    let result = unsafe { libc::prctl(PR_SET_PDEATHSIG, SIGUSR1, 0, 0, 0) };
+    if result != 0 {
+        PARENT_MONITORING_ACTIVE.store(false, Ordering::SeqCst);
+        let errno = unsafe { *libc::__errno_location() };
+        return Err(anyhow::anyhow!(
+            "Failed to set parent death signal: errno {errno}"
+        ));
+    }
+
+    // Spawn a thread to monitor for the signal and handle shutdown
+    spawn!("parent-monitor", move || {
+        monitor_parent_death_signal(r_request_tx);
+    });
+
+    log::info!("Parent process monitoring started successfully");
+    Ok(())
+}
+
+fn monitor_parent_death_signal(r_request_tx: Sender<RRequest>) {
+    // Use a static flag to signal when SIGUSR1 is received
+    static SIGUSR1_RECEIVED: AtomicBool = AtomicBool::new(false);
+
+    // Signal handler that just sets a flag
+    extern "C" fn sigusr1_handler(_: libc::c_int) {
+        SIGUSR1_RECEIVED.store(true, Ordering::SeqCst);
+    }
+
+    // Install signal handler for SIGUSR1
+    unsafe {
+        if let Err(err) = signal::signal(Signal::SIGUSR1, SigHandler::Handler(sigusr1_handler)) {
+            log::error!("Failed to install SIGUSR1 handler: {err}");
+            return;
+        }
+    }
+
+    log::trace!("Parent death signal monitoring thread started");
+
+    // Poll for the signal flag
+    loop {
+        if SIGUSR1_RECEIVED.load(Ordering::SeqCst) {
+            log::info!("Parent process has exited, initiating graceful shutdown");
+
+            // Send shutdown request to R execution thread (false = final shutdown, not restart)
+            if let Err(err) = r_request_tx.send(RRequest::Shutdown(false)) {
+                log::error!("Failed to send shutdown request, exiting: {err}");
+                // If we can't send the shutdown request, force exit as fallback
+                std::process::exit(1);
+            }
+            break;
+        }
+
+        // Sleep for 5s to avoid busy-waiting; the goal is to ensure Ark doesn't
+        // hang around forever after the parent exits, no need for
+        // high-frequency checks
+        thread::sleep(Duration::from_millis(5000));
+    }
+
+    log::trace!("Parent death signal monitoring thread exiting");
+}

crates/ark/src/sys/unix/macos.rs

@@ -0,0 +1,8 @@
+/*
+ * macos.rs
+ *
+ * Copyright (C) 2025 Posit Software, PBC. All rights reserved.
+ *
+ */
+
+pub mod parent_monitor;

crates/ark/src/sys/unix/macos/parent_monitor.rs

@@ -0,0 +1,14 @@
+//
+// parent_monitor.rs
+//
+// Copyright (C) 2025 Posit Software, PBC. All rights reserved.
+//
+
+use crossbeam::channel::Sender;
+
+use crate::request::RRequest;
+
+/// No parent monitoring on MacOS
+pub fn start_parent_monitoring(_r_request_tx: Sender<RRequest>) -> anyhow::Result<()> {
+    Ok(())
+}

crates/ark/src/sys/windows.rs

@@ -9,6 +9,7 @@ pub mod console;
 pub mod control;
 pub mod interface;
 mod locale;
+pub mod parent_monitor;
 pub mod path;
 pub mod signals;
 mod strings;

crates/ark/src/sys/windows/parent_monitor.rs

@@ -0,0 +1,14 @@
+//
+// parent_monitor.rs
+//
+// Copyright (C) 2025 Posit Software, PBC. All rights reserved.
+//
+
+use crossbeam::channel::Sender;
+
+use crate::request::RRequest;
+
+/// No parent monitoring on Windows
+pub fn start_parent_monitoring(_r_request_tx: Sender<RRequest>) -> anyhow::Result<()> {
+    Ok(())
+}