[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: closeout bug?
From: |
Paul Eggert |
Subject: |
Re: closeout bug? |
Date: |
Sat, 22 Jul 2006 15:16:50 -0700 |
User-agent: |
Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (gnu/linux) |
address@hidden (Eric Blake) writes:
> Should we go ahead and delete the atexit module, then?
That'd be fine with me. Jim?
> Hmm, maybe to reduce the effort when patching coreutils to use
> this new idiom, maybe you should name the two functions
> int close_stdout_warn and void close_stdout,
Good idea. Better yet, give the int function a FILE * arg, so that it
can be applied to streams other than stdout. I installed this into
gnulib and will shortly propagate this into coreutils:
2006-07-22 Paul Eggert <address@hidden>
* modules/close-stream: New file.
* modules/closeout (Description): Make it clear that it exits
with a diagnostic on error.
(Depends-on): Add close-stream. Remove fpending, stdbool.
* MODULES.html.sh (File stream based Input/Output): Add close-stream.
* lib/close-stream.c, lib/close-stream.h: New files.
* m4/close-stream.m4: New file.
--- /dev/null 2005-09-24 22:00:15.000000000 -0700
+++ modules/close-stream 2006-07-22 15:00:15.000000000 -0700
@@ -0,0 +1,25 @@
+Description:
+Close a stream, with nicer error checking than fclose's.
+
+Files:
+lib/close-stream.h
+lib/close-stream.c
+m4/close-stream.m4
+
+Depends-on:
+fpending
+stdbool
+
+configure.ac:
+gl_CLOSE_STREAM
+
+Makefile.am:
+
+Include:
+"close-stream.h"
+
+License:
+GPL
+
+Maintainer:
+Jim Meyering
--- /dev/null 2005-09-24 22:00:15.000000000 -0700
+++ lib/close-stream.h 2006-07-22 14:58:02.000000000 -0700
@@ -0,0 +1,2 @@
+#include <stdio.h>
+int close_stream (FILE *stream);
--- /dev/null 2005-09-24 22:00:15.000000000 -0700
+++ lib/close-stream.c 2006-07-22 14:58:02.000000000 -0700
@@ -0,0 +1,78 @@
+/* Close a stream, with nicer error checking than fclose's.
+
+ Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, 2006 Free
+ Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include "close-stream.h"
+
+#include <errno.h>
+#include <stdbool.h>
+
+#include "__fpending.h"
+
+#if USE_UNLOCKED_IO
+# include "unlocked-io.h"
+#endif
+
+/* Close STREAM. Return 0 if successful, EOF (setting errno)
+ otherwise. A failure might set errno to 0 if the error number
+ cannot be determined.
+
+ If a program writes *anything* to STREAM, that program should close
+ STREAM and make sure that it succeeds before exiting. Otherwise,
+ suppose that you go to the extreme of checking the return status
+ of every function that does an explicit write to STREAM. The last
+ printf can succeed in writing to the internal stream buffer, and yet
+ the fclose(STREAM) could still fail (due e.g., to a disk full error)
+ when it tries to write out that buffered data. Thus, you would be
+ left with an incomplete output file and the offending program would
+ exit successfully. Even calling fflush is not always sufficient,
+ since some file systems (NFS and CODA) buffer written/flushed data
+ until an actual close call.
+
+ Besides, it's wasteful to check the return value from every call
+ that writes to STREAM -- just let the internal stream state record
+ the failure. That's what the ferror test is checking below. */
+
+int
+close_stream (FILE *stream)
+{
+ bool some_pending = (__fpending (stream) != 0);
+ bool prev_fail = (ferror (stream) != 0);
+ bool fclose_fail = (fclose (stream) != 0);
+
+ /* Return an error indication if there was a previous failure or if
+ fclose failed, with one exception: ignore an fclose failure if
+ there was no previous error, no data remains to be flushed, and
+ fclose failed with EBADF. That can happen when a program like cp
+ is invoked like this `cp a b >&-' (i.e., with standard output
+ closed) and doesn't generate any output (hence no previous error
+ and nothing to be flushed). */
+
+ if (prev_fail || (fclose_fail && (some_pending || errno != EBADF)))
+ {
+ if (! fclose_fail)
+ errno = 0;
+ return EOF;
+ }
+
+ return 0;
+}
--- /dev/null 2005-09-24 22:00:15.000000000 -0700
+++ m4/close-stream.m4 2006-07-22 14:58:08.000000000 -0700
@@ -0,0 +1,13 @@
+dnl Copyright (C) 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_CLOSE_STREAM],
+[
+ AC_LIBSOURCES([close-stream.c, close-stream.h])
+ AC_LIBOBJ([close-stream])
+
+ dnl Prerequisites of lib/close-stream.c.
+ :
+])
Index: MODULES.html.sh
===================================================================
RCS file: /cvsroot/gnulib/gnulib/MODULES.html.sh,v
retrieving revision 1.128
diff -p -u -r1.128 MODULES.html.sh
--- MODULES.html.sh 21 Jul 2006 13:06:22 -0000 1.128
+++ MODULES.html.sh 22 Jul 2006 22:05:18 -0000
@@ -1932,6 +1932,7 @@ func_all_modules ()
func_begin_table
func_module fpending
func_module closeout
+ func_module close-stream
func_module stdio-safer
func_module stdlib-safer
func_module getpass
Index: lib/closeout.c
===================================================================
RCS file: /cvsroot/gnulib/gnulib/lib/closeout.c,v
retrieving revision 1.19
diff -p -u -r1.19 closeout.c
--- lib/closeout.c 8 Feb 2006 00:04:23 -0000 1.19
+++ lib/closeout.c 22 Jul 2006 22:05:18 -0000
@@ -1,4 +1,4 @@
-/* closeout.c - close standard output
+/* Close standard output, exiting with a diagnostic on error.
Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, 2006 Free
Software Foundation, Inc.
@@ -23,21 +23,17 @@
#include "closeout.h"
-#include <stdio.h>
-#include <stdbool.h>
#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
#include "gettext.h"
#define _(msgid) gettext (msgid)
+#include "close-stream.h"
#include "error.h"
#include "exitfail.h"
#include "quotearg.h"
-#include "__fpending.h"
-
-#if USE_UNLOCKED_IO
-# include "unlocked-io.h"
-#endif
static const char *file_name;
@@ -49,22 +45,22 @@ close_stdout_set_file_name (const char *
file_name = file;
}
-/* Close standard output, exiting with status 'exit_failure' on failure.
- If a program writes *anything* to stdout, that program should close
- stdout and make sure that it succeeds before exiting. Otherwise,
- suppose that you go to the extreme of checking the return status
- of every function that does an explicit write to stdout. The last
- printf can succeed in writing to the internal stream buffer, and yet
- the fclose(stdout) could still fail (due e.g., to a disk full error)
- when it tries to write out that buffered data. Thus, you would be
- left with an incomplete output file and the offending program would
- exit successfully. Even calling fflush is not always sufficient,
- since some file systems (NFS and CODA) buffer written/flushed data
- until an actual close call.
-
- Besides, it's wasteful to check the return value from every call
- that writes to stdout -- just let the internal stream state record
- the failure. That's what the ferror test is checking below.
+/* Close standard output. On error, issue a diagnostic and _exit
+ with status 'exit_failure'.
+
+ Since close_stdout is commonly registered via 'atexit', POSIX
+ and the C standard both say that it should not call 'exit',
+ because the behavior is undefined if 'exit' is called more than
+ once. So it calls '_exit' instead of 'exit'. If close_stdout
+ is registered via atexit before other functions are registered,
+ the other functions can act before this _exit is invoked.
+
+ Applications that use close_stdout should flush any streams
+ other than stdout and stderr before exiting, since the call to
+ _exit will bypass other buffer flushing. Applications should
+ be flushing and closing other streams anyway, to check for I/O
+ errors. Also, applications should not use tmpfile, since _exit
+ can bypass the removal of these files.
It's important to detect such failures and exit nonzero because many
tools (most notably `make' and other build-management systems) depend
@@ -73,29 +69,15 @@ close_stdout_set_file_name (const char *
void
close_stdout (void)
{
- bool none_pending = (__fpending (stdout) == 0);
- bool prev_fail = (ferror (stdout) != 0);
- bool fclose_fail = (fclose (stdout) != 0);
-
- if (prev_fail || fclose_fail)
+ if (close_stream (stdout) != 0)
{
- int e = fclose_fail ? errno : 0;
- char const *write_error;
-
- /* If ferror returned zero, no data remains to be flushed, and we'd
- otherwise fail with EBADF due to a failed fclose, then assume that
- it's ok to ignore the fclose failure. That can happen when a
- program like cp is invoked like this `cp a b >&-' (i.e., with
- stdout closed) and doesn't generate any output (hence no previous
- error and nothing to be flushed). */
- if (e == EBADF && !prev_fail && none_pending)
- return;
-
- write_error = _("write error");
+ char const *write_error = _("write error");
if (file_name)
- error (exit_failure, e, "%s: %s", quotearg_colon (file_name),
+ error (0, errno, "%s: %s", quotearg_colon (file_name),
write_error);
else
- error (exit_failure, e, "%s", write_error);
+ error (0, errno, "%s", write_error);
+
+ _exit (exit_failure);
}
}
Index: lib/closeout.h
===================================================================
RCS file: /cvsroot/gnulib/gnulib/lib/closeout.h,v
retrieving revision 1.8
diff -p -u -r1.8 closeout.h
--- lib/closeout.h 14 May 2005 06:03:57 -0000 1.8
+++ lib/closeout.h 22 Jul 2006 22:05:18 -0000
@@ -1,6 +1,6 @@
/* Close standard output.
- Copyright (C) 1998, 2000, 2003, 2004 Free Software Foundation, Inc.
+ Copyright (C) 1998, 2000, 2003, 2004, 2006 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -24,7 +24,8 @@ extern "C" {
# endif
void close_stdout_set_file_name (const char *file);
-void close_stdout (void);
+int close_stdout (void);
+void close_stdout_exit (void);
# ifdef __cplusplus
}
Index: modules/closeout
===================================================================
RCS file: /cvsroot/gnulib/gnulib/modules/closeout,v
retrieving revision 1.13
diff -p -u -r1.13 closeout
--- modules/closeout 8 Feb 2006 00:04:08 -0000 1.13
+++ modules/closeout 22 Jul 2006 22:05:18 -0000
@@ -1,5 +1,5 @@
Description:
-Close stdout, checking for errors.
+Close standard output, exiting with a diagnostic on error.
Files:
lib/closeout.h
@@ -7,12 +7,11 @@ lib/closeout.c
m4/closeout.m4
Depends-on:
+close-stream
gettext-h
error
quotearg
-fpending
exitfail
-stdbool
configure.ac:
gl_CLOSEOUT