Add spawnProcessDetached

[FreeSlave]

spawnProcessDetached is function similar to spawnProcess, but user does not need to wait on spawned process to avoid zombies (resource leak). Instead of returning Pid instance spawnProcessDetached returns integer pid via pointer. Rationale: user should not be able to wait on detached process.

Currently only Posix version is implemented. It uses double fork technique and setsid to detach the new process from its caller. Since this implementation reuses a lot of stuff from spawnProcess I moved some implementation details to separate private functions to share them between spawnProcess and spawnProcessDetached.

THIS IS WIP
I'll add more unittests and Windows version later. For now say if you like the idea.

[CyberShadow]

I believe that on Windows, you simply have to close the process handle as soon as the process is created to effectively "detach" the process. (This is not the same as a detached console window.)

Can this be implemented as a Config flag instead? I'm not sure about adding an entire overload set. Then it can be used for spawnShell as well. Pid will likely need a few changes to make waiting on a detached processes an explicit error.

[FreeSlave]

I believe that on Windows, you simply have to close the process handle as soon as the process is created to effectively "detach" the process.

I believe so. This is another reason why I did not want to use Pid class. Process handle is part of Pid class on Windows. Closing it will make osHandle be able to be null. So users will need to check for osHandle not being null if they want to use it. That differs from the current situation when osHandle is always not null. And it's also inconsistent with Posix, where osHandle is same as pid and therefore always valid. Do you think it is ok?

[CyberShadow]

So users will need to check for osHandle not being null if they want to use it.

I think it's more of not doing a thing that doesn't make sense to do.

And it's also inconsistent with Posix, where osHandle is same as pid and therefore always valid.

If you spawn a detached process, technically there is no guarantee that the PID remains valid for any amount of time - the process may exit on its own and the OS may assign the PID to another process. So, if we are to reuse Pid, probably the best course is a private bool owned field (which is false for detached processes), and kill and wait require that owned is true.

CC @schveiguy @kyllingstad

[FreeSlave]

kill and wait require that owned is true

Why would kill require owned is true? You can kill any process via task manager or "kill" program which are clearly do not own this process.

[CyberShadow]

Because it might not be the process you actually intend to kill - that process may have exited a long time ago.

[FreeSlave]

Got it.
I'm still not sure that Pid class can be re-used here. There was that PR #5086 that introduced possibility to have non-owned Pid instances. And it was reverted later. Probably because it complicates the usage of other functions (like already said wait and kill).

[CyberShadow]

#5086 had more problems than that, though (killing processes being an intrinsically platform-dependent operation; needing to call OpenProcess on Windows). I think overloading Pid here makes more sense than adding an overload set.

[kyllingstad]

I think overloading Pid here makes more sense than adding an overload set.

I very much agree with this.

[FreeSlave]

Added Pid.owned property and Config.detached constant.
Also added separate unittest to check non-ability of waiting/killing not owned process. It runs OK, but I get this message at terminal

/bin/sh: 0: Can't open /tmp/std.process temporary file 76b5fac2-57f8-4f5b-88dc-9fd27c32ae73

[CyberShadow]

Would like to review the implementation after the refactorings are undone.

[CyberShadow]

Since there is no longer an overload set, these refactorings aren't needed any more, right? If so, can they be undone?

[CyberShadow]

Should have a note here that calling wait or kill with the resulting Pid is invalid.

[CyberShadow]

No need to make this public. I can't think of many cases that programs would mix owned and non-owned Pids and require distinguishing them. Making it an implementation detail also allows changing the underlying implementation in the future, if necessary.

[CyberShadow]

Consider "Can't wait on a detached process"

[CyberShadow]

Ditto

[CyberShadow]

Consider "detached" or "non-child" instead of "not owned", the "owned" term should be an implementation detail

[CyberShadow]

ditto

[CyberShadow]

ditto

[CyberShadow]

ditto

[CyberShadow]

It runs OK, but I get this message at terminal

Is this an expected and unavoidable effect of the unit test, or do you need time/assistance in tracking it down?

[FreeSlave]

Is this an expected and unavoidable effect of the unit test, or do you need time/assistance in tracking it down?

It should not happen. It's simple TestScript usage. But I can't understand why it happens.

[FreeSlave]

Ok, I think I got it. TestScript destructor runs (effectively removing the file) before file execution. Looks like race condition between /bin/sh running with script file and removing this file by unittest.
We can overcome this by adding Thread.sleep. What do you think?

[CyberShadow]

Any reason to not reuse the same pipe used for communicating the result (forkPipe)?

[FreeSlave]

After the second fork started the first and the second forks run in parallel. I can't ensure that pid will be written to the pipe before possible errors.

[CyberShadow]

I see. Please add this explanation as a comment somewhere.

[CyberShadow]

I guess calling getpid from the second child is also a possibility, but I guess it's not worth the change.

[FreeSlave]

There's also a possibility that the second fork fails. In this case we would need to pass fictitious pid from the first fork to adjust.

[andralex]

make these considerations a nice comment

[FreeSlave]

Already considered in the comment before int[2] pidPipe;

[CyberShadow]

Why change the working directory in the second fork? Wouldn't it be simpler to change it in the first fork regardless of Config.detached?

[CyberShadow]

Hmm, isn't setsid supposed to be called from the first fork (so that the session leader is killed)?

[FreeSlave]

You're right. Will change.

[FreeSlave]

I found that setsid makes some apps run incorrectly when starting from terminal without setting stdin to /dev/null.
E.g. run setsid openarena from terminal. It shows a window, but does render anything.
Should we do anything about that?

[CyberShadow]

Unfortunately I am not sufficiently familiar with the subject to confidently answer that.

From looking online, I noticed that setsid is something that is often done when double-forking, but not prescriptively so. Perhaps it only makes sense for non-interactive daemon processes?

[FreeSlave]

If we don't setsid, the spawned process will belong to the same session so pkill -s '$sid' will send signal to this process too.
However on my system all my desktop applications belong to the same session, so it's ok.
We can add another flag to config to control whether the forked child should call setsid.

[CyberShadow]

OK, so correct me if I'm wrong, but as I understand the most commonly-observed difference will be that ^C will not kill the spawned process if it's in the same session.

In which case, it does sound like it's worthy of a Flag addition, with the Windows implementation being mapped to the CREATE_NEW_PROCESS_GROUP process creation flag.

[CyberShadow]

It may be worth leaving it for a separate PR.

[FreeSlave]

^C is sent only to the foreground processes of session. And session has distinction between foreground and background processes only if it has connection to controlling terminal.
Even if doing setsid via flag it's still not clear if user want the new process to be a session leader (i.e. call setsid in the second fork) or not (call setsid in the first fork and let it die).

It may be worth leaving it for a separate PR.

So shall I remove setsid for now?

[CyberShadow]

Thanks for the clarification. I think I'm out of my depth here. Perhaps someone more knowledgeable than me about POSIX process sessions can chime in, @kyllingstad @schveiguy @jmdavis ?

[FreeSlave]

I've done some experiments. Login via ssh (just plain login without tmux, screen or similar) and spawned some script process in detached state without calling to setsid. Logout and re-login again, the process still ran. So I guess setsid is not necessary after all.

[CyberShadow]

No point in a private property, just name the field owned.

[CyberShadow]

I think this is fine, but I'd give it a more generous timeout of 100 msecs or so just to exclude race conditions.

[FreeSlave]

I used 5 msecs, because there's the same sleep in the other unittest under version(Android), having a comment about Android killing sleeping applications.

[CyberShadow]

That's fine, we don't have CI for Android; I'm more concerned about Windows, where process creation is very slow. If the Android maintainer finds that this test is causing them trouble then they can fix it as needed. (Also, I was pretty sure Android kills idle apps, not processes...)

[dlang-bot]

Thanks for your pull request, @FreeSlave! We are looking forward to reviewing it, and you should be hearing from a maintainer soon.

Some tips to help speed things up:

• smaller, focused PRs are easier to review than big ones

• try not to mix up refactoring or style changes with bug fixes or feature enhancements

• provide helpful commit messages explaining the rationale behind each change

Bear in mind that large or tricky changes may require multiple rounds of review and revision.

Please see CONTRIBUTING.md for more information.

Bugzilla references

Fix	Bugzilla	Description
✓	17519	RedBlackTree doesn't like const/immutable elements

[CyberShadow]

Could you please rebase on top of the latest master? That should fix CircleCI.

[FreeSlave]

Rebased. Is any other change needed?

[CyberShadow]

Ah, a changelog entry or linked bug as per @dlang-bot's comment. I think that's all if there is no further feedback.

[FreeSlave]

I've added changelog FreeSlave@fa8a73f, but github does not see the changes. Probably because of the previous rebase.
Upd: it was resolved.

[CyberShadow]

@wilzbach Any idea why changelog is not showing up in DAutoTest diff here?

[wilzbach]

@wilzbach Any idea why changelog is not showing up in DAutoTest diff here?

Yes, it seems like Martin has added this file and thus it doesn't get generated:

https://github.com/dlang/dlang.org/blob/master/changelog/2.075.0_pre.dd

Should we bump the version at dlang.org? Probably a good idea to do this for all version files after the master -> stable branch-off?

[CyberShadow]

Should we bump the version at dlang.org? Probably a good idea to do this for all version files after the master -> stable branch-off?

Sounds like a good idea.

[CyberShadow]

Some copyediting:

Config.detached allows $(REF_ALTTEXT spawning processes, spawnProcess, std, process) which run independently from the current process. There is no need to wait on the processes created with this flag, and no $(HTTPS en.wikipedia.org/wiki/Zombie_process, zombie process) will be left after they exit.
Attempts to call $(REF wait, std, process) or $(REF kill, std, process) on detached processes will throw.

[JackStouffer]

Does this really need Andrei's approval? It doesn't really add a new symbol.

[wilzbach]

Does this really need Andrei's approval? It doesn't really add a new symbol.

Well there's Config.detached, but yeah I'm a bit frustrated about the huge bottleneck that this is causing as well. Maybe

• we should let the bot send @andralex a mail every week about open PRs which require his approval
• move away from this single point of failure and redefine this policy to "at least two codeowners need to approve a new symbol" (or require the @andralex label only for modules he cares about, i.e. for which he is a code owner)

[andralex]

add a comma so the next addition blames properly

[andralex]

looks like a multiline comment

[andralex]

Simplify flow:

if (core.sys.posix.unistd.pipe(pidPipe) != 0)
    throw ...;
setCLOEXEC(pidPipe[1], true);

[andralex]

make these considerations a nice comment

[andralex]

double space?

[FreeSlave]

It was like this in previous implementation

[andralex]

auto

[FreeSlave]

Again, you're asking to change things that were like this before me. Well, I can, for sure.

[andralex]

Yes and much appreciated!

[andralex]

immutable

[andralex]

delete

[andralex]

simplify flow

[andralex]

felete

[schveiguy]

delete? ;)

[FreeSlave]

Delete what? Can you elaborate? Oh, you mean just else. Got it.

[andralex]

I mean delete the else line.

[andralex]

move away from this single point of failure and redefine this policy to "at least two codeowners need to approve a new symbol" (or require the @andralex label only for modules he cares about, i.e. for which he is a code owner)

Please let me be the point of failure for the sake of better checks and balances of library consistency. In several prior cases it has happened that design sensibilities somewhat foreign to D/Phobos have entered the standard library, to everybody's displeasure. Thanks.

[schveiguy]

LGTM, I would just tweak the timing a bit. There's no guarantee on how long a process takes to finish, especially on a busy OS, and losing a few seconds in the time to test phobos isn't going to kill us.

[schveiguy]

delete? ;)

[schveiguy]

Wait longer. There's no need to vie for performance here. Wait 2 seconds instead of .2

[schveiguy]

Also, stylistic change, you can put 2.seconds instead of dur!"seconds"(2)

[FreeSlave]

I would prefer unittests run as fast as they could. But ok.

[schveiguy]

Longer time here too.

[andralex]

I'm ok with the addition, leaving detailed reviews to @schveiguy and others

[schveiguy]

ping @CyberShadow any idea why the DAutoTest fails?

[schveiguy]

Bugzilla references

@wilzbach this looks invalid to me, this has nothing to do with RedBlackTree. I don't actually see a bugzilla reference in any commit, so not sure why this showed up.

[CyberShadow]

ping @CyberShadow any idea why the DAutoTest fails?

Please see #5639 (comment) / #5626 (comment) / #5625 (comment) / #5619 (comment) / #5617 (comment).

TL;DR: GitHub bug.

[schveiguy]

@CyberShadow thanks, here's a followup: while this bug exists, what is the correct response, seeing as that test is required for merging? Should I just ping you/@wilzbach, or is there a way I can fix it myself?

[wilzbach]

while this bug exists, what is the correct response, seeing as that test is required for merging? Should I just ping you/@wilzbach, or is there a way I can fix it myself?

AFAICT the only safe way is to create a new PR.
It also needs to be a different commit sha :/

We can overwrite it manually if the auto-tester passes, but there is always the slight risk of breaking Jenkins or CircleCI though. However, at least for CircleCi we get a warning mail afterwards, so I think we can start to risk it. Creating a new PR all the time, is really annoying.

[wilzbach]

@wilzbach this looks invalid to me, this has nothing to do with RedBlackTree. I don't actually see a bugzilla reference in any commit, so not sure why this showed up.

I would guess that it's due to the GitHub API sending rubbish.

[wilzbach]

We can overwrite it manually if the auto-tester passes, but there is always the slight risk of breaking Jenkins or CircleCI though. However, at least for CircleCi we get a warning mail afterwards, so I think we can start to risk it. Creating a new PR all the time, is really annoying.

Tried it this time - let's hope for the best. We really need to get GitHub to fix their bugs though..