thread_preload doesn't interpose some exit handlers, doesn't catch abnormal process exit

[sporksmith]

thread_preload relies on _shim_unload running in the shim to detect when a managed process exits, and stops interposing syscalls after it runs.

_shim_unload is marked with the destructor attribute; libc recognizes it and runs it along with the exit handlers.

Unfortunately this means we don't catch syscalls in any exit handlers that run after ours does. Notably, buffered file IO (from fwrite etc) is flushed in exit handlers as well, which can cause us to miss it.

If the managed process exits without running exit handlers (e.g. by crashing), Shadow doesn't detect that the process has exited and will wait forever.

[sporksmith]

I think we can solve these problems by adding a SIGCHLD handler in Shadow to get notified when a child process has exited. As long as we don't set the SA_RESTART flag, this will also wake up threads blocked waiting for IPC from the child.

To completely avoid deadlock we'll also need to add some timeout to the IPC and wrap it in a loop, checking that the child is still alive in each iteration. Otherwise the SIGCHLD handler could run in between checking that the child is still alive and initiating the blocking IPC call. (Well, it still could, but if we add a timeout then we'll notice after the timeout instead of waiting forever)

[sporksmith]

I'd looked a bit into using futex robust lists (e.g. see set_robust_list(3)), but their design really assumes libc is the only user. I don't think we could easily make use of it without our code and libc interfering with eachother. e.g. a given thread can only have one such global list, and the head of the list specifies the size of the list nodes and offset into the nodes at which the link is located. i.e. it's an intrusive linked list, with a user-space defined data type. Meanwhile the actual type used is an internal implementation detail of libc; it only exposes the functionality via pthread_mutexattr_setrobust, and pthread_mutexattr_getrobust.

[sporksmith]

Actually, maybe robust lists would work once #1260 is fixed. i.e. once Shadow is emulating robust lists for libc, then we're free to do what we want with the native ones. We actually return errors for these now, so I guess we can go ahead and use them now since we already prevent libc from clobbering it. We'd just need to be sure that we get control before libc manages to make a native call to get_robust_list or set_robust_list