More fork safety (RustPython#7380)

youknowone · youknowone · commit 7fbd0a92884f · 2026-03-08T18:28:33.000+09:00
* apply more allow_threads

* Simplify STW thread state transitions

- Fix park_detached_threads: successful CAS no longer sets
  all_suspended=false, avoiding unnecessary polling rounds
- Replace park_timeout(50µs) with park() in wait_while_suspended
- Remove redundant self-suspension in attach_thread and detach_thread;
  the STW controller handles DETACHED→SUSPENDED via park_detached_threads
- Add double-check under mutex before condvar wait to prevent lost wakes
- Remove dead stats_detach_wait_yields field and add_detach_wait_yields

* Representable for ThreadHandle

* Set ThreadHandle state to Running in parent thread after spawn

Like CPython's ThreadHandle_start, set RUNNING state in the parent
thread immediately after spawn() succeeds, rather than in the child.
This eliminates a race where join() could see Starting state if called
before the child thread executes.

Also reverts the macOS skip for test_start_new_thread_failed since the
root cause is fixed.

* Set ThreadHandle state to Running in parent thread after spawn

* Add debug_assert for thread state in start_the_world

* Unskip now-passing test_get_event_loop_thread and test_start_new_thread_at_finalization

* Wrap IO locks and file ops in allow_threads

Add lock_wrapped to ThreadMutex for detaching thread state
while waiting on contended locks. Use it for buffered and
text IO locks. Wrap FileIO read/write in allow_threads via
crt_fd to prevent STW hangs on blocking file operations.

* Use std::sync for thread start/ready events

Replace parking_lot Mutex/Condvar with std::sync (pthread-based)
for started_event and handle_ready_event. This prevents hangs
in forked children where parking_lot's global HASHTABLE may be
corrupted.
diff --git a/Lib/test/test_asyncio/test_events.py b/Lib/test/test_asyncio/test_events.py
@@ -2876,7 +2876,6 @@ def test_get_event_loop_after_set_none(self):
         policy.set_event_loop(None)
         self.assertRaises(RuntimeError, policy.get_event_loop)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON; - mock.patch doesn't work correctly with threading.current_thread
     @mock.patch('asyncio.events.threading.current_thread')
     def test_get_event_loop_thread(self, m_current_thread):
 
diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py
@@ -1162,8 +1162,6 @@ def import_threading():
         self.assertEqual(out, b'')
         self.assertEqual(err, b'')
 
-    # TODO: RUSTPYTHON - __del__ not called during interpreter finalization (no cyclic GC)
-    @unittest.expectedFailure
     def test_start_new_thread_at_finalization(self):
         code = """if 1:
             import _thread
diff --git a/crates/common/src/lock/thread_mutex.rs b/crates/common/src/lock/thread_mutex.rs
@@ -54,6 +54,18 @@ impl<R: RawMutex, G: GetThreadId> RawThreadMutex<R, G> {
         .is_some()
     }
 
+    /// Like `lock()` but wraps the blocking wait in `wrap_fn`.
+    /// The caller can use this to detach thread state while waiting.
+    pub fn lock_wrapped<F: FnOnce(&dyn Fn())>(&self, wrap_fn: F) -> bool {
+        let id = self.get_thread_id.nonzero_thread_id().get();
+        if self.owner.load(Ordering::Relaxed) == id {
+            return false;
+        }
+        wrap_fn(&|| self.mutex.lock());
+        self.owner.store(id, Ordering::Relaxed);
+        true
+    }
+
     /// Returns `Some(true)` if able to successfully lock without blocking, `Some(false)`
     /// otherwise, and `None` when the mutex is already locked on the current thread.
     pub fn try_lock(&self) -> Option<bool> {
@@ -135,6 +147,23 @@ impl<R: RawMutex, G: GetThreadId, T: ?Sized> ThreadMutex<R, G, T> {
             None
         }
     }
+
+    /// Like `lock()` but wraps the blocking wait in `wrap_fn`.
+    /// The caller can use this to detach thread state while waiting.
+    pub fn lock_wrapped<F: FnOnce(&dyn Fn())>(
+        &self,
+        wrap_fn: F,
+    ) -> Option<ThreadMutexGuard<'_, R, G, T>> {
+        if self.raw.lock_wrapped(wrap_fn) {
+            Some(ThreadMutexGuard {
+                mu: self,
+                marker: PhantomData,
+            })
+        } else {
+            None
+        }
+    }
+
     pub fn try_lock(&self) -> Result<ThreadMutexGuard<'_, R, G, T>, TryLockThreadError> {
         match self.raw.try_lock() {
             Some(true) => Ok(ThreadMutexGuard {
diff --git a/crates/stdlib/src/multiprocessing.rs b/crates/stdlib/src/multiprocessing.rs
@@ -484,15 +484,15 @@ mod _multiprocessing {
                 tv_sec: (delay / 1_000_000) as _,
                 tv_usec: (delay % 1_000_000) as _,
             };
-            unsafe {
+            vm.allow_threads(|| unsafe {
                 libc::select(
                     0,
                     core::ptr::null_mut(),
                     core::ptr::null_mut(),
                     core::ptr::null_mut(),
                     &mut tv_delay,
                 )
-            };
+            });
 
             // check for signals - preserve the exception (e.g., KeyboardInterrupt)
             if let Err(exc) = vm.check_signals() {
@@ -710,13 +710,13 @@ mod _multiprocessing {
                 #[cfg(not(target_vendor = "apple"))]
                 {
                     loop {
+                        let sem_ptr = self.handle.as_ptr();
                         // Py_BEGIN_ALLOW_THREADS / Py_END_ALLOW_THREADS
-                        // RustPython doesn't have GIL, so we just do the wait
-                        if let Some(ref dl) = deadline {
-                            res = unsafe { libc::sem_timedwait(self.handle.as_ptr(), dl) };
+                        res = if let Some(ref dl) = deadline {
+                            vm.allow_threads(|| unsafe { libc::sem_timedwait(sem_ptr, dl) })
                         } else {
-                            res = unsafe { libc::sem_wait(self.handle.as_ptr()) };
-                        }
+                            vm.allow_threads(|| unsafe { libc::sem_wait(sem_ptr) })
+                        };
 
                         if res >= 0 {
                             break;
@@ -750,7 +750,8 @@ mod _multiprocessing {
                     } else {
                         // No timeout: use sem_wait (available on macOS)
                         loop {
-                            res = unsafe { libc::sem_wait(self.handle.as_ptr()) };
+                            let sem_ptr = self.handle.as_ptr();
+                            res = vm.allow_threads(|| unsafe { libc::sem_wait(sem_ptr) });
                             if res >= 0 {
                                 break;
                             }
diff --git a/crates/stdlib/src/select.rs b/crates/stdlib/src/select.rs
@@ -280,9 +280,7 @@ mod decl {
 
         loop {
             let mut tv = timeout.map(sec_to_timeval);
-            let res = vm.allow_threads(|| {
-                super::select(nfds, &mut r, &mut w, &mut x, tv.as_mut())
-            });
+            let res = vm.allow_threads(|| super::select(nfds, &mut r, &mut w, &mut x, tv.as_mut()));
 
             match res {
                 Ok(_) => break,
@@ -504,7 +502,9 @@ mod decl {
                 let deadline = timeout.map(|d| Instant::now() + d);
                 let mut poll_timeout = timeout_ms;
                 loop {
-                    let res = unsafe { libc::poll(fds.as_mut_ptr(), fds.len() as _, poll_timeout) };
+                    let res = vm.allow_threads(|| unsafe {
+                        libc::poll(fds.as_mut_ptr(), fds.len() as _, poll_timeout)
+                    });
                     match nix::Error::result(res) {
                         Ok(_) => break,
                         Err(nix::Error::EINTR) => vm.check_signals()?,
@@ -697,11 +697,13 @@ mod decl {
 
                 loop {
                     events.clear();
-                    match epoll::wait(
-                        epoll,
-                        rustix::buffer::spare_capacity(&mut events),
-                        poll_timeout.as_ref(),
-                    ) {
+                    match vm.allow_threads(|| {
+                        epoll::wait(
+                            epoll,
+                            rustix::buffer::spare_capacity(&mut events),
+                            poll_timeout.as_ref(),
+                        )
+                    }) {
                         Ok(_) => break,
                         Err(rustix::io::Errno::INTR) => vm.check_signals()?,
                         Err(e) => return Err(e.into_pyexception(vm)),
diff --git a/crates/vm/src/frame.rs b/crates/vm/src/frame.rs
@@ -1199,7 +1199,9 @@ impl ExecutingFrame<'_> {
                 }
             }
 
-            if let Err(exception) = vm.check_signals() {
+            if vm.eval_breaker_tripped()
+                && let Err(exception) = vm.check_signals()
+            {
                 #[cold]
                 fn handle_signal_exception(
                     frame: &mut ExecutingFrame<'_>,
diff --git a/crates/vm/src/signal.rs b/crates/vm/src/signal.rs
@@ -91,6 +91,11 @@ pub(crate) fn set_triggered() {
     ANY_TRIGGERED.store(true, Ordering::Release);
 }
 
+#[inline(always)]
+pub(crate) fn is_triggered() -> bool {
+    ANY_TRIGGERED.load(Ordering::Relaxed)
+}
+
 /// Reset all signal trigger state after fork in child process.
 /// Stale triggers from the parent must not fire in the child.
 #[cfg(unix)]
diff --git a/crates/vm/src/stdlib/io.rs b/crates/vm/src/stdlib/io.rs
@@ -1580,7 +1580,7 @@ mod _io {
 
         fn lock(&self, vm: &VirtualMachine) -> PyResult<PyThreadMutexGuard<'_, BufferedData>> {
             self.data()
-                .lock()
+                .lock_wrapped(|do_lock| vm.allow_threads(do_lock))
                 .ok_or_else(|| vm.new_runtime_error("reentrant call inside buffered io"))
         }
 
@@ -2812,7 +2812,7 @@ mod _io {
             vm: &VirtualMachine,
         ) -> PyResult<PyThreadMutexGuard<'_, Option<TextIOData>>> {
             self.data
-                .lock()
+                .lock_wrapped(|do_lock| vm.allow_threads(do_lock))
                 .ok_or_else(|| vm.new_runtime_error("reentrant call inside textio"))
         }
 
@@ -4158,7 +4158,7 @@ mod _io {
             vm: &VirtualMachine,
         ) -> PyResult<PyThreadMutexGuard<'_, Option<IncrementalNewlineDecoderData>>> {
             self.data
-                .lock()
+                .lock_wrapped(|do_lock| vm.allow_threads(do_lock))
                 .ok_or_else(|| vm.new_runtime_error("reentrant call inside nldecoder"))
         }
 
@@ -5336,7 +5336,7 @@ mod fileio {
         types::{Constructor, DefaultConstructor, Destructor, Initializer, Representable},
     };
     use crossbeam_utils::atomic::AtomicCell;
-    use std::io::{Read, Write};
+    use std::io::Read;
 
     bitflags::bitflags! {
         #[derive(Copy, Clone, Debug, PartialEq)]
@@ -5740,12 +5740,12 @@ mod fileio {
                     "File or stream is not readable".to_owned(),
                 ));
             }
-            let mut handle = zelf.get_fd(vm)?;
+            let handle = zelf.get_fd(vm)?;
             let bytes = if let Some(read_byte) = read_byte.to_usize() {
                 let mut bytes = vec![0; read_byte];
                 // Loop on EINTR (PEP 475)
                 let n = loop {
-                    match handle.read(&mut bytes) {
+                    match vm.allow_threads(|| crt_fd::read(handle, &mut bytes)) {
                         Ok(n) => break n,
                         Err(e) if e.raw_os_error() == Some(libc::EINTR) => {
                             vm.check_signals()?;
@@ -5764,7 +5764,10 @@ mod fileio {
                 let mut bytes = vec![];
                 // Loop on EINTR (PEP 475)
                 loop {
-                    match handle.read_to_end(&mut bytes) {
+                    match vm.allow_threads(|| {
+                        let mut h = handle;
+                        h.read_to_end(&mut bytes)
+                    }) {
                         Ok(_) => break,
                         Err(e) if e.raw_os_error() == Some(libc::EINTR) => {
                             vm.check_signals()?;
@@ -5802,10 +5805,9 @@ mod fileio {
             let handle = zelf.get_fd(vm)?;
 
             let mut buf = obj.borrow_buf_mut();
-            let mut f = handle.take(buf.len() as _);
             // Loop on EINTR (PEP 475)
             let ret = loop {
-                match f.read(&mut buf) {
+                match vm.allow_threads(|| crt_fd::read(handle, &mut buf)) {
                     Ok(n) => break n,
                     Err(e) if e.raw_os_error() == Some(libc::EINTR) => {
                         vm.check_signals()?;
@@ -5835,11 +5837,11 @@ mod fileio {
                 ));
             }
 
-            let mut handle = zelf.get_fd(vm)?;
+            let handle = zelf.get_fd(vm)?;
 
             // Loop on EINTR (PEP 475)
             let len = loop {
-                match obj.with_ref(|b| handle.write(b)) {
+                match obj.with_ref(|b| vm.allow_threads(|| crt_fd::write(handle, b))) {
                     Ok(n) => break n,
                     Err(e) if e.raw_os_error() == Some(libc::EINTR) => {
                         vm.check_signals()?;
diff --git a/crates/vm/src/stdlib/posix.rs b/crates/vm/src/stdlib/posix.rs
diff --git a/crates/vm/src/stdlib/thread.rs b/crates/vm/src/stdlib/thread.rs
diff --git a/crates/vm/src/vm/mod.rs b/crates/vm/src/vm/mod.rs
diff --git a/crates/vm/src/vm/thread.rs b/crates/vm/src/vm/thread.rs

Original file line number	Diff line number	Diff line change
`@@ -1199,7 +1199,9 @@ impl ExecutingFrame<'_> {`
`1199`	`1199`	`}`
`1200`	`1200`	`}`
`1201`	`1201`
`1202`		`- if let Err(exception) = vm.check_signals() {`
	`1202`	`+ if vm.eval_breaker_tripped()`
	`1203`	`+ && let Err(exception) = vm.check_signals()`
	`1204`	`+ {`
`1203`	`1205`	`#[cold]`
`1204`	`1206`	`fn handle_signal_exception(`
`1205`	`1207`	`frame: &mut ExecutingFrame<'_>,`