I was about to add an extra signal handler to an app we have here and I noticed that the author had used sigaction() to set up the other signal handlers. I was going to use signal(). To follow convention I should use sigaction() but if I was writing from scratch, which should I choose?
Use sigaction() unless you've got very compelling reasons not to do so.
The signal() interface has antiquity (and hence availability) in its favour, and it is defined in the C standard. Nevertheless, it has a number of undesirable characteristics that sigaction() avoids - unless you use the flags explicitly added to sigaction() to allow it to faithfully simulate the old signal() behaviour.
The signal() function does not (necessarily) block other signals from arriving while the current handler is executing; sigaction() can block other signals until the current handler returns.
The signal() function (usually) resets the signal action back to SIG_DFL (default) for almost all signals. This means that the signal() handler must reinstall itself as its first action. It also opens up a window of vulnerability between the time when the signal is detected and the handler is reinstalled during which if a second instance of the signal arrives, the default behaviour (usually terminate, sometimes with prejudice - aka core dump) occurs.
The exact behaviour of signal() varies between systems — and the standards permit those variations.
These are generally good reasons for using sigaction() instead of signal(). However, the interface of sigaction() is undeniably more fiddly.
Whichever of the two you use, do not be tempted by the alternative signal interfaces such as
sighold(),
sigignore(),
sigpause() and
sigrelse().
They are nominally alternatives to sigaction(), but they are only barely standardized and are present in POSIX for backwards compatibility rather than for serious use. Note that the POSIX standard says their behaviour in multi-threaded programs is undefined.
Multi-threaded programs and signals is a whole other complicated story. AFAIK, both signal() and sigaction() are OK in multi-threaded applications.
Cornstalks observes:
The Linux man page for signal() says:
The effects of signal() in a multi-threaded process are unspecified.
Thus, I think sigaction() is the only that can be used safely in a multi-threaded process.
That's interesting. The Linux manual page is more restrictive than POSIX in this case. POSIX specifies for signal():
If the process is multi-threaded, or if the process is single-threaded and a signal handler is executed other than as the result of:
The process calling abort(), raise(), kill(), pthread_kill(), or sigqueue() to generate a signal that is not blocked
A pending signal being unblocked and being delivered before the call that unblocked it returns
the behavior is undefined if the signal handler refers to any object other than errno with static storage duration other than by assigning a value to an object declared as volatile sig_atomic_t, or if the signal handler calls any function defined in this standard other than one of the functions listed in Signal Concepts.
So POSIX clearly specifies the behaviour of signal() in a multi-threaded application.
Nevertheless, sigaction() is to be preferred in essentially all circumstances — and portable multi-threaded code should use sigaction() unless there's an overwhelming reason why it can't (such as "only use functions defined by Standard C" — and yes, C11 code can be multi-threaded). Which is basically what the opening paragraph of this answer also says.
In short:
sigaction() (see here and here) is good and well-defined, but is a POSIX function and so it works only on Linux or POSIX systems. signal() (see here and here) is bad and poorly-defined, but is a C standard function and so it works on anything.
What do the Linux man pages have to say about it?
man 2 signal (see it online here) states:
The behavior of signal() varies across UNIX versions, and has also varied historically across different versions of Linux. Avoid its use: use sigaction(2) instead. See Portability below.
Portability
The only portable use of signal() is to set a signal's disposition to
SIG_DFL or SIG_IGN. The semantics when using signal() to establish a
signal handler vary across systems (and POSIX.1 explicitly permits
this variation); do not use it for this purpose.
In other words: do not use signal(). Use sigaction() instead!
This position is reiterated in the next line which states (emphasis added):
POSIX.1 solved the portability mess by specifying sigaction(2), which provides explicit control of the semantics when a signal handler is invoked; use that interface instead of signal().
What does GCC think?
From https://www.gnu.org/software/libc/manual/html_node/Basic-Signal-Handling.html#Basic-Signal-Handling (emphasis added):
Compatibility Note: As said above for signal, this function should be avoided when possible. sigaction is the preferred method.
So, if both Linux and GCC say not to use signal(), but to use sigaction() instead, that begs the question: how the heck do we use this confusing sigaction() thing!?
Usage Examples:
Read GCC's EXCELLENT signal() example here: https://www.gnu.org/software/libc/manual/html_node/Basic-Signal-Handling.html#Basic-Signal-Handling
And their EXCELLENT sigaction() example here: https://www.gnu.org/software/libc/manual/html_node/Sigaction-Function-Example.html
After reading those pages, I came up with the following technique for sigaction():
1. sigaction(), since it's the right way to attach a signal handler, as described above:
#include <errno.h> // errno
#include <signal.h> // sigaction()
#include <stdio.h> // printf()
#include <string.h> // strerror()
// Format: const char *, unsigned int, const char *
#define LOG_LOCATION __FILE__, __LINE__, __func__
#define LOG_FORMAT_STR "file: %s, line: %u, func: %s: "
/// #brief Callback function to handle termination signals, such as
/// Ctrl + C
/// #param[in] signal Signal number of the signal being handled by this
/// callback function
/// #return None
static void termination_handler(const int signal)
{
switch (signal)
{
case SIGINT:
printf("\nSIGINT (%i) (Ctrl + C) signal caught.\n", signal);
break;
case SIGTERM:
printf("\nSIGTERM (%i) (default `kill` or `killall`) signal caught.\n",
signal);
break;
case SIGHUP:
printf("\nSIGHUP (%i) (\"hang-up\") signal caught.\n", signal);
break;
default:
printf("\nUnk signal (%i) caught.\n", signal);
break;
}
// DO PROGRAM CLEANUP HERE, such as freeing memory, closing files, etc.
exit(signal);
}
/// #brief Set a new signal handler action for a given signal
/// #details Only update the signals with our custom handler if they are NOT
/// set to "signal ignore" (`SIG_IGN`), which means they are currently
/// intentionally ignored. GCC recommends this "because non-job-control
/// shells often ignore certain signals when starting children, and it is
/// important for children to respect this." See
/// https://www.gnu.org/software/libc/manual/html_node/Basic-Signal-Handling.html#Basic-Signal-Handling
/// and
/// https://www.gnu.org/software/libc/manual/html_node/Sigaction-Function-Example.html.
/// Note that termination signals can be found here:
/// https://www.gnu.org/software/libc/manual/html_node/Termination-Signals.html#Termination-Signals
/// #param[in] signal Signal to set to this action
/// #param[in] action Pointer to sigaction struct, including the callback
/// function inside it, to attach to this signal
/// #return None
static inline void set_sigaction(int signal, const struct sigaction *action)
{
struct sigaction old_action;
// check current signal handler action to see if it's set to SIGNAL IGNORE
sigaction(signal, NULL, &old_action);
if (old_action.sa_handler != SIG_IGN)
{
// set new signal handler action to what we want
int ret_code = sigaction(signal, action, NULL);
if (ret_code == -1)
{
printf(LOG_FORMAT_STR "sigaction failed when setting signal to "
"%i; errno = %i: %s\n",
LOG_LOCATION, signal, errno, strerror(errno));
}
}
}
int main(int argc, char *argv[])
{
//...
// Register callbacks to handle kill signals; prefer the Linux function
// `sigaction()` over the C function `signal()`: "It is better to use
// sigaction if it is available since the results are much more reliable."
// Source:
// https://www.gnu.org/software/libc/manual/html_node/Basic-Signal-Handling.html#Basic-Signal-Handling
// and
// https://stackoverflow.com/questions/231912/what-is-the-difference-between-sigaction-and-signal/232711#232711.
// See here for official gcc `sigaction()` demo, which this code is modeled
// after:
// https://www.gnu.org/software/libc/manual/html_node/Sigaction-Function-Example.html
// Set up the structure to specify the new action, per GCC's demo.
struct sigaction new_action;
new_action.sa_handler = termination_handler; // set callback function
sigemptyset(&new_action.sa_mask);
new_action.sa_flags = 0;
// SIGINT: ie: Ctrl + C kill signal
set_sigaction(SIGINT, &new_action);
// SIGTERM: termination signal--the default generated by `kill` and
// `killall`
set_sigaction(SIGTERM, &new_action);
// SIGHUP: "hang-up" signal due to lost connection
set_sigaction(SIGHUP, &new_action);
//...
}
2. And for signal(), even though its not a good way to attach a signal handler, as described above, it's still good to know how to use it.
Here's the GCC demonstration code copy-pasted, as it's about as good as it's going to get:
#include <signal.h>
void
termination_handler (int signum)
{
struct temp_file *p;
for (p = temp_file_list; p; p = p->next)
unlink (p->name);
}
int
main (void)
{
…
if (signal (SIGINT, termination_handler) == SIG_IGN)
signal (SIGINT, SIG_IGN);
if (signal (SIGHUP, termination_handler) == SIG_IGN)
signal (SIGHUP, SIG_IGN);
if (signal (SIGTERM, termination_handler) == SIG_IGN)
signal (SIGTERM, SIG_IGN);
…
}
The main links to be aware of:
Standard Signals: https://www.gnu.org/software/libc/manual/html_node/Standard-Signals.html#Standard-Signals
Termination Signals: https://www.gnu.org/software/libc/manual/html_node/Termination-Signals.html#Termination-Signals
Basic Signal Handling, including official GCC signal() usage example: https://www.gnu.org/software/libc/manual/html_node/Basic-Signal-Handling.html#Basic-Signal-Handling
Official GCC sigaction() usage example: https://www.gnu.org/software/libc/manual/html_node/Sigaction-Function-Example.html
Signal sets, including sigemptyset() and sigfillset(); I still don't understand these exactly, but know they are important: https://www.gnu.org/software/libc/manual/html_node/Signal-Sets.html
See also:
My answer on "How to manually send any signal to any running process" and "How to trap any signal in your program" (ex: in Bash).
TutorialsPoint C++ Signal Handling [with excellent demo code]: https://www.tutorialspoint.com/cplusplus/cpp_signal_handling.htm
https://www.tutorialspoint.com/c_standard_library/signal_h.htm
To me, this below line was enough to decide:
The sigaction() function provides a
more comprehensive and reliable
mechanism for controlling signals; new
applications should use sigaction()
rather than signal()
http://pubs.opengroup.org/onlinepubs/009695399/functions/signal.html#tag_03_690_07
Whether you're starting from scratch or modifying an old program, sigaction should be the right option.
signal() is standard C, sigaction() is not.
If you're able to use either (that is, you're on a POSIX system), then use sigaction(); it's unspecified whether signal() resets the handler, meaning that to be portable you have to call signal() again inside the handler. What's worse is that there's a race: if you get two signals in quick succession, and the second is delivered before you reinstall the handler, you'll have the default action, which is probably going to be to kill your process.
sigaction(), on the other hand, is guaranteed to use “reliable” signal semantics. You need not reinstall the handler, because it will never be reset. With SA_RESTART, you can also get some system calls to automatically restart (so you don't have to manually check for EINTR).
sigaction() has more options and is reliable, so its use is encouraged.
Psst... don't tell anyone I told you this, but POSIX currently has a function bsd_signal() which acts like signal() but gives BSD semantics, which means it's reliable. Its main use is for porting old applications that assumed reliable signals, and POSIX does not recommend using it.
They're different interfaces for OS's signal facilities. One should prefer using sigaction to signal if possible as the signal() has implementation-defined (often race prone) behavior and behaves differently on Windows, OS X, Linux and other UNIX systems.
See this security note for details.
From the signal(3) man page:
DESCRIPTION
This signal() facility is a simplified interface to the more
general sigaction(2) facility.
Both invoke the same underlying facility. You should presumably not manipulate the response the a single signal with both, but mixing them shouldn't cause anything to break...
I would also suggest using sigaction() over signal() and would like to add one more point.
sigaction() gives you more options such as pid of the process that died (possible using the siginfo_t struct).
I'd use signal() since it's more portable, in theory at least. I'll vote up any commenter who can come up with a modern system that doesn't have a POSIX compatibility layer and supports signal().
Quoting from the GLIBC documentation:
It's possible to use both the signal and sigaction functions within
a single program, but you have to be careful because they can
interact in slightly strange ways.
The sigaction function specifies more information than the signal
function, so the return value from signal cannot express the full
range of sigaction possibilities. Therefore, if you use signal to
save and later reestablish an action, it may not be able to
reestablish properly a handler that was established with sigaction.
To avoid having problems as a result, always use sigaction to save
and restore a handler if your program uses sigaction at all. Since
sigaction is more general, it can properly save and reestablish any
action, regardless of whether it was established originally with
signal or sigaction.
On some systems if you establish an action with signal and then
examine it with sigaction, the handler address that you get may not
be the same as what you specified with signal. It may not even be
suitable for use as an action argument with signal. But you can rely
on using it as an argument to sigaction. This problem never happens
on the GNU system.
So, you're better off using one or the other of the mechanisms
consistently within a single program.
Portability Note: The basic signal function is a feature of ISO C,
while sigaction is part of the POSIX.1 standard. If you are
concerned about portability to non-POSIX systems, then you should
use the signal function instead.
Copyright (C) 1996-2008 Free Software Foundation, Inc.
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software
Foundation; with no Invariant Sections, with no Front-Cover Texts,
and with no Back-Cover Texts. A copy of the license is included in
the section entitled "GNU Free Documentation License".
From man page signal(7)
A process-directed signal may be delivered to any
one of the threads that does not currently have the signal blocked.
If more than one of the threads has the signal unblocked, then the
kernel chooses an arbitrary thread to which to deliver the signal.
And I would say this "issue" exists for signal(2) and sigaction(2).
So be careful with signals and pthreads.
... and signal(2) seems to call sigaction(2) underneath in Linux with glibc.
I see a code illustrating how to do safe signal handling. A point I don't understand that why the signal handler calls again signal (sig, catch_alarm);. What's the reason to do that? Without it, the code works too.
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
/* This flag controls termination of the main loop. */
volatile sig_atomic_t keep_going = 1;
/* The signal handler just clears the flag and re-enables itself. */
void
catch_alarm (int sig)
{
keep_going = 0;
signal (sig, catch_alarm); // <----- ???
}
void
do_stuff (void)
{
puts ("Doing stuff while waiting for alarm....");
}
int
main (void)
{
/* Establish a handler for SIGALRM signals. */
signal (SIGALRM, catch_alarm);
/* Set an alarm to go off in a little while. */
alarm (2);
/* Check the flag once in a while to see when to quit. */
while (keep_going)
do_stuff ();
return EXIT_SUCCESS;
}
The problem is that the behaviour of signal() varies across UNIX versions, and has also varied historically across different versions of Linux (quoted from Linux man). Especially:
In the original UNIX systems, when a handler that was established using
signal() was invoked by the delivery of a signal, the disposition of
the signal would be reset to SIG_DFL, and the system did not block
delivery of further instances of the signal. This is equivalent to
calling sigaction(2) with the following flags:
sa.sa_flags = SA_RESETHAND | SA_NODEFER;
So in such a system you have to call signal() again after a signal has been delivered. Because of these portability issues, the man page starts with:
The behavior of signal() varies across UNIX versions, and has also varied historically across different versions of Linux. Avoid its use:
use sigaction(2) instead. See Portability below.
To put it simply: You're wrong and the code is wrong.
Or, you assume that the signal call is superfluous - it isn't, and exists there to make the code behave correctly on platforms that use THE other allowed signal semantics.
Also, the excerpt is not about safe signal handling with signal function;
it is about how to pass an event out from a signal handler - for which there is only one portable way - by changing a variable of type volatile sig_atomic_t. To write safe portable code now, you'd use the function sigaction.
The Linux signal(2) manuals say:
The behavior of signal() varies across UNIX versions, and has also
varied historically across different versions of Linux. Avoid its
use: use sigaction(2) instead.
and
The only portable use of signal() is to set a signal's disposition to SIG_DFL or SIG_IGN.
The semantics when using signal() to establish a signal handler vary across systems (and
POSIX.1 explicitly permits this variation); do not use it for this purpose.
POSIX.1 solved the portability mess by specifying sigaction(2), which
provides explicit control of the semantics when a signal handler is
invoked; use that interface instead of signal().
And
The situation on Linux is as follows:
The kernel's signal() system call provides System V semantics.
By default, in glibc 2 and later, the signal() wrapper function does not invoke the kernel
system call. Instead, it calls sigaction(2) using flags that supply BSD semantics. This
default behavior is provided as long as a suitable feature test macro is defined:
_BSD_SOURCE on glibc 2.19 and earlier or _DEFAULT_SOURCE in glibc 2.19 and later. (By
default, these macros are defined; see feature_test_macros(7) for details.) If such a
feature test macro is not defined, then signal() provides System V semantics.
Now the question is which one is defined. If you compile with -std=c11 you will get the resetting semantics, because it doesn't set the _DEFAULT_SOURCE! And then you need to rearm the SIG_ALARM every time.
The purpose of resetting the signal in the signal handler is that some Unixen clear the handler whenever the signal is triggered. There are also other interesting edge cases - the only reason to use this function is that it is in the C standard, but its behaviour isn't well-specified there either. Never use it to set a custom signal handler.
As the code says, both of these signal calls should be frowned upon. Good modern code shouldmust use sigaction instead, for example
struct sigaction newsigfunc;
newsigfunc.sa_handler = catch_alarm;
sigemptyset(&newsigfunc.sa_mask);
newsigfunc.sa_flags = 0;
sigaction(SIGALRM, &newsigfunc, NULL);
sigaction, unlike signal, will guarantee portability here; wherever it doesn't exist, signal is likely to misbehave too...
The short answer is the original Unix implementation would reset the signal handler to it's default value after signal is received. The code here simply demonstrate this.
signal (sig, catch_alarm);
This is somewhat of a followup to related question I found
here.
In the linked question there is a mention of using signalfd() and using that fd with libevent. In that question the OP does not list why he is using signalfd() as opposed to the libevent signal handling facilities.
In both methods you would be processing the callback outside of the signal-handler.
This documentation seems to warn about scheduling timer in the signal event callback. Which doesn't seem right (as we would be outside of a signal handler context). Aside for said warning I cant see a benefit to doing this with signalfd().
Any input about the difference between the two methods or about the warning
Thanks!
from libevent's source code (v2.0.19-stable)
/* signal.c
This is the signal-handling implementation we use for backends that
don't have a better way to do signal handling. It uses sigaction()
or signal() to set a signal handler, and a socket pair to tell the
event base when
Note that I said "the event base" : only one event base can be set
up to use this at a time. For historical reasons and backward
compatibility, if you add an event for a signal to event_base A,
then add an event for a signal (any signal!) to event_base B,
event_base B will get informed about the signal, but event_base A
won't.
It would be neat to change this behavior in some future version of
Libevent. kqueue already does something far more sensible. We can
make all backends on Linux do a reasonable thing using signalfd.
*/
so right now libevent uses sigaction() if it's available, and, failing that, signal().
if you use signalfd() you usually block the signal using sigprocmask so that the signals won't cause the default handlers to execute. then, you can monitor the returned file handle using libevent and handle the signal from normal synchronous code safely, without having to worry about memory safety or blocking or interrupting other syscalls.
there are restrictions on what you can safely do inside classic asynchronous signal handlers (i.e. those registered using sigaction). See the "Async-signal-safe functions" in man signal. Using the signalfd approach, these restrictions are greatly lessened.
the warning about registering a timer callback was likely put there as a concern because libevent supports so many platforms, and at least one person reported problems. note that if you are selecting/polling a file handle registered by signalfd then you don't have to worry about this restriction anyways.
EDIT: i re-read your question and realized I hadn't really answered it properly. the benefit of registering a signalfd and then using that in libevent is because it's faster at the expense of portability. there were plans (http://archives.seul.org/libevent/users/Mar-2010/msg00046.html) to include signalfd into libevent but AFAIK it hasn't happened yet.
also, once you've been notified of the SIGCHLD you should always call waitpid in a loop until you get ENOCHLD because both methods will collapse multiple occurences of the signal.
I saw that semaphores in my application were not always working as expected. Then I was told that this unexpected behavior can be caused when a signal interrupts the sem_wait call.
So, my question is what care needs to be taken by the programmer in the presence of signals. For sem_wait, we can check for the return values, but is this the same for all non-async safe functions? And what else we should keep in mind when expecting signals to interrupt our code?
UNIX signals is a can of worm, just to have said that.
There's 2 camps regarding syscalls and signals.
SysV/Posix semantics: syscalls are interrupted by a signal, they return an error and sets errno to EINTR
BSD semantics syscalls are auto restarted if a signal occurs (well, most of them are anyway, some are not, e.g. select/poll/sleep).
When using the signal(), the default is one of the two above, with BSD systems and Linux defaulting to BSD semantics, and everyone[citation needed..] else have the SysV semantics.
(On Linux, this depends on many things, e.g. compiling with -std=c99 gives SysV semantics, with -std=gnu99 gives BSD semantics. See e.g. http://www.gnu.org/s/hello/manual/libc/Interrupted-Primitives.html)
When you install a signal handler with sigaction(), you get to chose which semantics with the SA_RESTART flags.
Basically:
Don't use signals if you can help it.
Use the BSD semantics if you can.
On code that needs to be portable and handles signals, you need to wrap each and every system call in a loop that checks the call for failure, inspects errno for EINTR and perform the syscall again (or do something based on the caught signal ).
library calls can use signals, even if your code don't.
syscalls in general, with SysV/Posix semantics, will return -1 and set errno to EINTR. But read the documenation to learn what the error condition is.
EDIT: edited, as I mixed up BSD vs Sysv semantics.
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
What is the difference between sigaction and signal?
It seems to me that both of them can be used to register a callback for a specific signal.
How do you choose which one to use?
TLPI
UNIX systems provide two ways of
changing the disposition of a signal:
signal() and sigaction(). The
sigaction() system call is an
alternative to signal() for setting
the disposition of a signal. Although
sigaction() is somewhat more complex
to use than signal(), in return it
provides greater flexibility.
sigaction is also more portable than signal. Also, with sigaction you can specify signal handlers that receive additional arguments (sa_sigaction versus sa_handler).
/* can be installed by signal / sigaction */
void(*) (int);
/* can be installed by sigaction only */
void(*) (int, siginfo_t *, void *);
From my point of view, the difference (except interface :) and portability) is in behavior after signal is caught:
If the disposition is set to a function, then first either the disposition is reset to SIG_DFL, or the signal is blocked (see Portability below), and then handler is called with argument signum. If invocation of the handler caused the signal to be blocked, then the signal is unblocked upon return from the handler.
And, also I'd like to repeat the same as the man page says:
The behavior of signal() varies across Unix versions, and has also varied historically across different versions of Linux. Avoid its use: use sigaction(2) instead.