Fix Ctrl-C segfaults in sage.libs.gap #40613
Conversation
We plan to install InterruptExecStat (gap/stats.h) as the SIGINT and SIGALRM handler while GAP code is running, since that seems to work better than mixing cysignals with GAP_Enter/GAP_Leave has.
Add two new pre/post-GAP functions to enable/disable GAP's own SIGINT (Ctrl-C) handler. These avoid the setjmp/longjmp issues we've encountered with the sig_on() and sig_off() from cysignals.
Replace the sig_on() and sig_off() wrappers from cysignals with the new custom gap_sig_on() and gap_sig_off(). We've lost the sig_on() and sig_off() around GAP_initialize() because I don't think we can trust GAP's own signal handler until after we've initialized GAP.
Replace the sig_on() and sig_off() wrappers from cysignals with the new custom gap_sig_on() and gap_sig_off(). This fixes the segfault that occurs after repeated testing of _pow_.
We are no longer using cysignals for this; instead we have our own gap_sig_on() and gap_sig_off() functions.
The way we handle signals in libgap is now unusual, so a few paragraphs have been added to the libgap module docstring explaining how and why it is unusual.
We've found that GAP's own SIGINT handler is less crashy than if we mix GAP_Enter/GAP_Leave with cysignals' sig_on and sig_off. We've installed that same handler for SIGALRM, but the code that catches it can't tell the difference and converts them both in to KeyboardInterrupt. To retain the ability to doctest this stuff, we have to catch those KeyboardInterrupts and poke at them to see if they arose from GAP.
This function used cysignals for sig_error(), and we have opted not to mix cysignals code with libgap code. It has in any case been replaced by plain GAP_Enter calls.
src/sage/libs/gap/element.pyx
Outdated
| # Ctrl-C | ||
| raise KeyboardInterrupt from e | ||
| else: | ||
| raise |
There was a problem hiding this comment.
this is some really bad duplication of code. I suggest
- fold
GAP_EnterandGAP_Leaveintogap_sig_onandgap_sig_offrespectively - instead of setting the interrupt handler directly to
InterruptExecStat, make custom wrapper function (or hook into cysignals), the custom wrapper function sets a global variable that determine which kind of signal is being raised, then callInterruptExecStat - the global variable above need to be reset at appropriate places
- modify
error_handlerto, instead of indiscriminately raiseGAPError, raise the correct exception by reading the global variable above
There was a problem hiding this comment.
Yeah it's pretty bad but I was trying to keep it as simple as possible for the first iteration. First get it to not crash, then make it pretty.
I don't think we can use a global for the signal type because signals are asynchronous. There's no reason why a SIGINT can't be triggered while handling a SIGALRM, or vice-versa. It's not very likely, but if there's a lesson here it's that we shouldn't count on unlikely things not happening.
We may be able to combine GAP_Enter and gap_sig_on(), though.
There was a problem hiding this comment.
I don't think we can use a global for the signal type because signals are asynchronous. There's no reason why a
SIGINTcan't be triggered while handling aSIGALRM, or vice-versa. It's not very likely, but if there's a lesson here it's that we shouldn't count on unlikely things not happening.
you're right but… I think currently the signal handler is calling PyErr_Restore() or something anyway, and that one isn't reentrant either.
Searching up a bit https://stackoverflow.com/a/3127697/, that's indeed a possibility. But doesn't the same thing happen for cysignals as well?
There was a problem hiding this comment.
We may be able to combine
GAP_Enterandgap_sig_on(), though.
Even this immediately leads to a segault.
| e.__traceback__ = None | ||
| alarm_raised = True | ||
| else: | ||
| raise |
There was a problem hiding this comment.
if the logic below (raise AlarmInterrupt instead of KeyboardInterrupt) are correctly implemented, this change wouldn't be necessary.
There was a problem hiding this comment.
I've further simplified this down to a one-line change, using the fact that AlarmInterrupt is a subclass of KeyboardInterrupt. Instead of catching AlarmInterrupt, we can catch KeyboardInterrupt, and then check,
- is it an
AlarmInterrupt? - does it have "user interrupt" as the message?
I prefer this to hacking AlarmInterrupt into the GAP code at this point because sage.libs.gap is otherwise free of cysignals. To raise the AlarmInterrupt from sage.libs.gap we'd have to,
- Add cysignals back as a dep in
meson.build - Import
AlarmInterrupt - Add the global
last_signalvariable - Set
last_signalwhenever a handler is called - Check
last_signalwhen raising aGAPErrorand convert it to the right thing
Since this is all for the benefit of one doctest method, it just seems easier to add the one line in that doctest method?
|
I find the current implementation (before this pull request) questionable also—one shouldn't be calling any Python code between GAP_Enter…GAP_Leave, and if there's no Python code, try…finally isn't necessary. If I understood correctly, the way the current exception handler works is that it just sets One implementation idea: whenever you need to call GAP API, you only need to where you do something like |
|
Documentation preview for this PR (built with commit c1adeb9; changes) is ready! 🎉 |
I think the error handler returns control to GAP, though, which eventually jumps back to |
In my understanding, the way it works is the following. that by itself cannot raise an exception. But But the problem I see is that this looks dangerous, since to me there doesn't seem to be any guarantee it will be checked right after Anyway, need to double check. |
I'm trying a simpler version of this to start, with just |
|
I guess if you don't understand the segmentation fault very well it would be unfair. Not sure if the rare segmentation fault is worth the code duplication though. Anyway what is your current implementation? (Note that the By the way, for quick hacking, you can use inline raw C embedded in pxd/pyx file with |
If we're going to raise a GAPError that resulted from a SIGINT or SIGALRM, we might as well turn it in to a KeyboardInterrupt right away.
We are no longer retaining the __cause__ of KeyboardInterrupts that arise from GAP, but the error message is still there, so we can use that to filter these out.
We are now converting "GAPError: Error, user interrupt" into a KeyboardInterrupt in our libgap error handler, so we don't have to do it at every call site.
to avoid interrupting in the middle of the user callback function which is likely to corrupt the Python state.
okay, that's surprising. But then maybe that can happen if x is really close to a multiple of π, or something like the table maker's dilemma, or because trigonometric functions are just slow. |
|
minor documentation formatting issue in rendered HTML https://doc-pr-40613--sagemath.netlify.app/html/en/reference/libs/sage/libs/gap/libgap#using-the-gap-c-library-from-cython (the indentation is interpreted as quotation, and some code blocks aren't interpreted as such because of the lack of I may put in some other improvements to remove the string check some day (just store the (and maybe expose some way to customize the class used for alarm interrupt, in order to raise |
|
actually I think you want to rebase it on top of #40594 (instead of cherry-pick the first 2 commits as in the current situation) to avoid polluting the commit history. |
These never should have been indented in the first place; the whole block is being rendered as a quote.
This is being rendered as a quote.
|
|
Docs should be fixed now. |
huh, does @vbraun actually read these? I thought they're for the benefit of reviewers. |
I hope so, we don't have any other way to express dependencies between PRs and this is how we imported them from trac. |
|
bad news, segmentation fault again here? |
I'm not sure, I can't reproduce that one. |
Ok, you were right. I tested and the history was clean even with a merge commit, so I don't know what's happening in the sage repo but it would be much better if the commit history were sane. As it stands |
I guess these are not new: #37295 |
sagemathgh-40727: Explicitly check signum in GAP error handler Follow-up to sagemath#40613. Instead of checking for the string `user interrupt` (which might change between GAP versions, or if there's some unforeseen way the string might be sneaked in), we store the signum from the signal handler then check it in the GAP error handler. Also optionally use `AlarmInterrupt` instead of `KeyboardInterrupt` if cysignals is available. ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [ ] The title is concise and informative. - [ ] The description explains in detail what this PR is about. - [ ] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation and checked the documentation preview. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> URL: sagemath#40727 Reported by: user202729 Reviewer(s): Michael Orlitzky, user202729
sagemathgh-40727: Explicitly check signum in GAP error handler Follow-up to sagemath#40613. Instead of checking for the string `user interrupt` (which might change between GAP versions, or if there's some unforeseen way the string might be sneaked in), we store the signum from the signal handler then check it in the GAP error handler. Also optionally use `AlarmInterrupt` instead of `KeyboardInterrupt` if cysignals is available. ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [ ] The title is concise and informative. - [ ] The description explains in detail what this PR is about. - [ ] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation and checked the documentation preview. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> URL: sagemath#40727 Reported by: user202729 Reviewer(s): Michael Orlitzky, user202729
Replace cysignals'
sig_on()andsig_off()with customgap_sig_on()andgap_sig_off()wrappers that use GAP's ownSIGINThandling. This fixes an uncommon, but ultimately reproducible segfault when Ctrl-C is used to interrupt a GAP computation.In concert with #40594 this has allowed
sage/libs/gap/element.pyxto pass many thousands of test iterations.Fixes
InterruptExecStatfor GAP interrupt #40598Dependencies