win32unix: cannot kill and wait for arbitrary processes

[MisterDA]

Hi! I encountered this issue writing test cases for my PRs on
win32unix.

This issue is closely related to #4034. As a result of pids in
win32unix being so-called "pseudo-pids" (handles casted to integers),
they're local to each process. As @xavierleroy explained there,

if Unix.waitpid is called for a process that has already
terminated, its processID is invalid (Windows doesn't keep the
process around if its handles are closed) and there is no way to
recover its handle and therefore its exit code.

Adrawback is that with the current API processes can only wait or
kill processes they've created themselves and not arbitrary processes,
since there's currently no way to get a handle to arbitrary
processes. Furthermore, if a "real" pid (regardless of whether the
corresponding process was created in the same "parent" process or
elsewhere) is given to Unix.waitpid or Unix.kill, the functions
will raise Unix.ESRCH.

For instance, the following program fails and cannot be correctly
written with the current API (it is to an extent pseudo-code):

Grand-parent tries to kill grand-child

let parent () =
  let null = Unix.openfile Filename.null [Unix.O_RDWR; O_CLOEXEC] 0o0 in
  let pin, pout = Unix.pipe ~cloexec:true () in

  let child = Unix.create_process Sys.argv.(0) [|Sys.argv.(0); "child"|]
                null pout Unix.stderr in

  let buf = Bytes.create 8 in
  assert (Unix.read pin buf 0 8 = 8);
  let sub_child = Bytes.get_int64_ne buf 0 |> Int64.to_int in

  begin try
      Unix.kill child Sys.sigkill;
      print_endline "PARENT: killed child process."
    with Unix.Unix_error(Unix.ESRCH, _, _) ->
      print_endline "PARENT: couldn't kill child process."
  end;
  begin try
      Unix.kill sub_child Sys.sigkill;
      print_endline "PARENT: killed sub_child process."
    with Unix.Unix_error(Unix.ESRCH, _, _) ->
      print_endline "PARENT: couldn't kill sub_child process."
  end

let child () =
  let _ = Unix.create_process Sys.argv.(0) [|Sys.argv.(0); "subchild"|]
                    Unix.stdin Unix.stdout Unix.stderr in
  Unix.sleep 2

let sub_child () =
  let pid = Unix.getpid () in
  let buf = Bytes.create 8 in
  Bytes.set_int64_ne buf 0 (Int64.of_int pid);
  assert (Unix.write Unix.stdout buf 0 8 = 8);
  while true do Unix.sleep 2 done

let () =
  match Sys.argv with
  | [|_|] -> parent ()
  | [|_; "child"|] -> child ()
  | [|_; "subchild"|] -> sub_child ()
  | _ -> invalid_arg "Sys.argv"

I think that makes a compelling case for the idea @alainfrisch
described:

A related remark only : I think it would seem coherent with the
treatment of file descriptors in the Unix library to represent
process descriptors with a dedicated abstract type which would be
implemented as the integer representing the pid on Unix, and as the
handle on Windows.

which entails adding a new type, new functions to win32unix and a
wrapper for OpenProcess.

Note also that Linux 5.13 has introduced pidfd which share
similarities to Windows process handles.

I hope I got this right! Thanks.

cc @dra27 @nojb

[nojb]

which entails adding a new type, new functions to win32unix and a wrapper for OpenProcess.

Do you have a concrete suggestion for the modifications/extensions to the existing API ? Also, note that unix and win32unix share the same .mli so ideally any addition or modification should make sense for both of them. Thanks!

[MisterDA]

First I think we should amend the documentation with something like this:

diff --git a/otherlibs/unix/unixLabels.mli b/otherlibs/unix/unixLabels.mli
index be47faf14..b4f9ba525 100644
--- a/otherlibs/unix/unixLabels.mli
+++ b/otherlibs/unix/unixLabels.mli
@@ -249,7 +249,7 @@ val waitpid : mode:wait_flag list -> int -> int * process_status
    immediately without waiting, and whether it should report stopped
    children.

-   On Windows: can only wait for a given PID, not any child process. *)
+   On Windows: can only wait for the given PID of any child process. *)

 val system : string -> process_status
 (** Execute the given command, wait until it terminates, and return
@@ -1106,7 +1106,8 @@ val kill : pid:int -> signal:int -> unit
 (** [kill ~pid ~signal] sends signal number [signal] to the process
    with id [pid].

-   On Windows: only the {!Sys.sigkill} signal is emulated. *)
+   On Windows: only the sending the {!Sys.sigkill} signal to child
+   processes is emulated. *)

 type sigprocmask_command = Unix.sigprocmask_command =
     SIG_SETMASK

Do you have a concrete suggestion for the modifications/extensions to the existing API?

Yes. I don't think we can replace the pid type (currently an integer) with something else, because it might change the type of the functions or break C stubs.

I think we can add a Unix.pidfd type that would map to a process handle on Windows, add a wrapper to OpenProcess, and add Unix.fork_fd, Unix.wait_fd, Unix.waitpid_fd, Unix.kill_fd complementary to the existing functions. They'll take the process handles.

Linux has support for process file descriptors, so these functions would also work on Linux. See

• Adding the pidfd abstraction to the kernel;
• Completing the pidfd API;
• https://man7.org/linux/man-pages/man2/pidfd_open.2.html

FreeBSD probably too:

• pdfork, pdgetpid, pdkill -- System calls to manage process descriptors

The functions could raise on unsupported systems, or the Unix.pidfd could also fallback to an integer process id.

[nojb]

First I think we should amend the documentation with something like this:

I think making this documentation fix makes a lot of sense. A PR would be welcome!

I think we can add a Unix.pidfd type that would map to a process handle on Windows, add a wrapper to OpenProcess, and add Unix.fork_fd, Unix.wait_fd, Unix.waitpid_fd, Unix.kill_fd complementary to the existing functions. They'll take the process handles.

This sounds reasonable from a distance, but it would have to go through the usual PR discussion stage before a decision is taken. PR welcome!

[dra27]

(removing the Stale label, as this remains a useful (and coherent) addition for the Unix library with a concrete proposal for a PR)

[damiendoligez]

-   On Windows: can only wait for a given PID, not any child process. *)
+   On Windows: can only wait for the given PID of any child process. *)

I think you misunderstood this sentence. On Unix, you can wait for "the first" child process that terminates and get its information, without specifying a PID. IOW, on Windows you can't pass -1 or 0 to waitpid. The original sentence doesn't seem very clear, but I don't know how to make it better.