aaeegg
commented
1 year ago Is this ticket originally about freediag/scantool, or some other program that uses our diag_* as a library?
freediag is not multithreaded. Don't be fooled by the pthreads mutex calls in diag_os_unix, they are just an ineffectual offering to the concurrency god. We never create any threads, so we're not multithreaded. In particular, signal handlers are not an implicit thread; they are analogous to hardware interrupts. A signal is a forced branch to the signal handler from whatever you were doing before. As such, you can't call any non-reentrant functions from a signal handler. For example, you can't call malloc or free, which means that basically any of the keepalive functions will end up corrupting the heap. It works for a few minutes, an hour, whatever, and then a signal comes in at an unlucky time and it segfaults. Generally, best practice for signal handlers is to just set a variable in the signal handler and return, and then check the variable in your mainline code.
I think SIGALRM for keepalives is basically an untenable approach.
We have a few choices:
- Fork a subprocess that handles all communication, and talks to the main process over pipes. No threads anywhere. This is the traditional UNIX approach. Unfortunately, it won't work if we ever want to run on Mac OS: making an innocent-seeming standard library call in Mac OS may start threads or open Mach ports, after which calling fork() and then doing anything other than an immediate exec() after the fork can cause a deadlock.
- Have readline periodically time out while waiting for console input and check if it's time to send a keepalive. This is the most straightforward approach, but it's kludgy, and it won't work if we're doing some other long running operation that doesn't involve talking to the ECU or waiting for a command.
- Implement ISO9141 and the other L2 protocols as line disciplines in the kernel, and have the line discipline take care of keepalives. Architecturally, this is the only correct solution. But, it's impractical. It only works on Linux, it means users would have to update to a kernel with the new line disciplines, and someone would have to write the kernel code and get it merged, code for protocols that are already obsolescent now that recent vehicles are using CANbus.
- Use actual threads, including one dedicated to keepalives. We get all the headaches associated with threads. We won't be able to run on very archaic UNIX flavors that lack threads, but Linux will be OK. In case of future ports: Mac OS and iOS also support pthreads, and Android supports a pthreads subset. (iOS and Android would probably also be a nonissue because on those devices, we would be using a smart interface rather than a tty.)
So I think for keepalives, the readline timeouts are the easiest option, a keepalive thread is a tougher but maybe better option, and in an ideal world, line disciplines could also be added as a selectable L0 that would (as with ELM and other smart interfaces) move the keepalives out of the userspace process.
As far as read/write timeouts, I think we can get rid of SIGUSR1 with some combination of select/poll, nonblocking read/write, and the MIN/TIME termios. On the other hand, if we're not using threads (using readline timeouts, and not dealing with a program other than freediag/scantool that uses our diag_* and is multithreaded) then our current use of SIGUSR1 might be fine.
fenugrec
Summary of email conversations with Tomasz K. There are issues with linux/unix timeouts in diag_tty_read() and diag_tty_write().
Tomasz was having issues with some read/write calls not being interrupted, he notes
Some background info: http://pubs.opengroup.org/onlinepubs/7908799/xsh/sigaction.html
POSIX:
That sounds like a bad sign - the timeout SIGUSR1 is delivered "to the process" because of SIGEV_SIGNAL; this seems to agree 100% with your findings : the "wrong" thread receives SIGUSR1.
Maybe the main thread (and whole process) could be set to ignore SIGUSR1; but inside the diag_tty_read() and _write() functions, we could temporarily set the signal mask to unblock SIGUSR1 for the current thread; and reset the masks to SIG_IGN before returning.
POSIX:
As well as setting signal masks, a robust solution would probably need a different timer + signal for every open tty. POSIX already has provisions for this, defining a range of signal numbers from "SIGRTMIN" to "SIGRTMAX".