tracing: unsafe Agent::Stop() call in signal handler

[bnoordhuis]

Commit ba4847e introduces a call to tracing::Agent::Stop() in the SignalExit() function.

Signal handlers are only allowed to call async-signal-safe functions, which the implementation of tracing::Agent::Stop() is not. This can cause erratic behavior; crashes, hangs, etc.

@jasongin @matthewloring

[matthewloring]

This was added so that traces would be flushed even if the process did not exit cleanly. Is there an alternate place where this kind of shutdown logic can safely live and still run on all types of process exit?

[bnoordhuis]

Not in case of SIGINT or SIGTERM, no, although you are allowed to call write(2) and close(2). Perhaps tracing::Agent needs to grow a SignalSafeStop() method? ^{(3x alliteration bonus)}

[matthewloring]

Does this code ever run on windows or are linux-only operations allowed?

[bnoordhuis]

No, never runs on Windows. (Weirdly, it's not surrounded by an #ifdef __POSIX__. It should be, it's dead code.)

If you mean 'POSIX-only' rather than 'linux-only', yes, that's okay. Signals aren't a thing on Windows.

[matthewloring]

I got a chance to look into this a bit. I think the primary issue is that safely flushing the buffer requires locking a mutex which cannot be safely done inside a signal handler (I think). I'm not sure it will be possible to write this safely without ensuring the other thread isn't concurrently flushing the same buffer or swapping buffers mid flush.

[bnoordhuis]

No longer hypothetical: #11052 (comment)

cc @nodejs/trace-events

[jasnell]

@addaleax ... with the recent refactoring that you did, does this need to remain open?