Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2001:
[Freeciv-Dev] Re: Patch for civserver: save game on SIGPWR, SIGTERMor S 		Home

[Freeciv-Dev] Re: Patch for civserver: save game on SIGPWR, SIGTERMor S

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: Mika Korhonen <mikak@xxxxxxxxxxxx>
Cc: freeciv-dev@xxxxxxxxxxx
Subject: [Freeciv-Dev] Re: Patch for civserver: save game on SIGPWR, SIGTERMor SIGHUP
From: "Eric R. Smith" <ersmith@xxxxxxxxxxxxxx>
Date: Fri, 04 May 2001 14:26:52 -0300 
Mika Korhonen wrote:
> 
> On Thu, 3 May 2001, Eric R. Smith wrote:
> 
> >Attached is a small patch to provide "emergency" saves when certain
> >signals (like SIGPWR) are received. This means that when your
> >fancy UPS notices that the power is down, it can shut down the
> >civserver without any moves or data being lost. It also provides
> >a way to "gracefully" shut down the server if you can't get
> >access to the console but can log in remotely -- just send it a
> >SIGTERM or SIGHUP signal. (Before, doing this just killed the
> >game with no save file being created.)
> 
> Almost zero-probability pitholes:
> 
> 1) what if SIGxxx is caught in the middle of saving the game
> 2) what if signals, say SIGHUP and SIGTERM, arrive in (very
>    close) succession

Hmmm, good points. I hadn't thought all of the cases through carefully!

I think that if case (1) occurs then the regular save file will
be corrupted, but the *_panic.sav.gz should be created properly. I'm
not certain of that, though -- it depends on whether there is any
"state" in the save file code which would be disrupted if that code
is re-entered. It also depends on what functions the save code calls;
not all C standard functions are guaranteed to be callable from
signal handlers when they themselves are interrupted by the signal.

(2) is definitely a problem. It falls into "implementation defined
behaviour"
in the Posix standard, I think, and could mean that the process would
be killed and a corrupted save file left. A better patch would probably
use the "sigaction" function to install the signal handlers rather than
"signal". "sigaction" can block other signals during the handler.
However, I'm not sure how portable this would be, particularly to
Windows,
and as you say it's probably a very rare problem.

> Well these are extremely rare cases and I vote for these nice patch even
> without addressing those cases (for this will save 99 games that otherwise
> would get lost at lose at most 1 game that otherwise would get saved ;-).

Thank you for the kind words (and for pointing out the holes in the
patch)! I do agree that this patch, for its flaws, is better than the
current case. In fact I believe that right now if a signal is received
the server always terminates immediately without saving the game. If
it's
in the middle of saving the game the save file is left corrupted. So I
don't think there's any disadvantage to the patch I sent, compared with
the present situation. However, perhaps an even better patch could be
created.

Regards,
Eric
[Prev in Thread] Current Thread [Next in Thread]