.. title:: clang-tidy - bugprone-signal-handler

bugprone-signal-handler
=======================

Finds specific constructs in signal handler functions that can cause undefined
behavior. The rules for what is allowed differ between C++ language versions.

Checked signal handler rules for C:

- Calls to non-asynchronous-safe functions are not allowed.

Checked signal handler rules for up to and including C++14:

- Calls to non-asynchronous-safe functions are not allowed.
- C++-specific code constructs are not allowed in signal handlers.
  In other words, only the common subset of C and C++ is allowed to be used.
- Calls to functions with non-C linkage are not allowed (including the signal
  handler itself).

The check is disabled on C++17 and later.

Asynchronous-safety is determined by comparing the function's name against a set
of known functions. In addition, the function must come from a system header
include and in a global namespace. The (possible) arguments passed to the
function are not checked. Any function that cannot be determined to be
asynchronous-safe is assumed to be non-asynchronous-safe by the check,
including user functions for which only the declaration is visible.
Calls to user-defined functions with visible definitions are checked
recursively.

This check implements the CERT C Coding Standard rule
`SIG30-C. Call only asynchronous-safe functions within signal handlers
<https://www.securecoding.cert.org/confluence/display/c/SIG30-C.+Call+only+asynchronous-safe+functions+within+signal+handlers>`_
and the rule
`MSC54-CPP. A signal handler must be a plain old function
<https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC54-CPP.+A+signal+handler+must+be+a+plain+old+function>`_.
It has the alias names ``cert-sig30-c`` and ``cert-msc54-cpp``.

Options
-------

.. option:: AsyncSafeFunctionSet

  Selects which set of functions is considered as asynchronous-safe
  (and therefore allowed in signal handlers). It can be set to the following values:
  
  ``minimal``
     Selects a minimal set that is defined in the CERT SIG30-C rule.
     and includes functions ``abort()``, ``_Exit()``, ``quick_exit()`` and
     ``signal()``.
  ``POSIX``
     Selects a larger set of functions that is listed in POSIX.1-2017 (see `this
     link
     <https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03>`_
     for more information). The following functions are included:
     ``_Exit``, ``_exit``, ``abort``, ``accept``, ``access``, ``aio_error``,
     ``aio_return``, ``aio_suspend``, ``alarm``, ``bind``, ``cfgetispeed``,
     ``cfgetospeed``, ``cfsetispeed``, ``cfsetospeed``, ``chdir``, ``chmod``,
     ``chown``, ``clock_gettime``, ``close``, ``connect``, ``creat``, ``dup``,
     ``dup2``, ``execl``, ``execle``, ``execv``, ``execve``, ``faccessat``,
     ``fchdir``, ``fchmod``, ``fchmodat``, ``fchown``, ``fchownat``, ``fcntl``,
     ``fdatasync``, ``fexecve``, ``ffs``, ``fork``, ``fstat``, ``fstatat``,
     ``fsync``, ``ftruncate``, ``futimens``, ``getegid``, ``geteuid``,
     ``getgid``, ``getgroups``, ``getpeername``, ``getpgrp``, ``getpid``,
     ``getppid``, ``getsockname``, ``getsockopt``, ``getuid``, ``htonl``,
     ``htons``, ``kill``, ``link``, ``linkat``, ``listen``, ``longjmp``,
     ``lseek``, ``lstat``, ``memccpy``, ``memchr``, ``memcmp``, ``memcpy``,
     ``memmove``, ``memset``, ``mkdir``, ``mkdirat``, ``mkfifo``, ``mkfifoat``,
     ``mknod``, ``mknodat``, ``ntohl``, ``ntohs``, ``open``, ``openat``,
     ``pause``, ``pipe``, ``poll``, ``posix_trace_event``, ``pselect``,
     ``pthread_kill``, ``pthread_self``, ``pthread_sigmask``, ``quick_exit``,
     ``raise``, ``read``, ``readlink``, ``readlinkat``, ``recv``, ``recvfrom``,
     ``recvmsg``, ``rename``, ``renameat``, ``rmdir``, ``select``, ``sem_post``,
     ``send``, ``sendmsg``, ``sendto``, ``setgid``, ``setpgid``, ``setsid``,
     ``setsockopt``, ``setuid``, ``shutdown``, ``sigaction``, ``sigaddset``,
     ``sigdelset``, ``sigemptyset``, ``sigfillset``, ``sigismember``,
     ``siglongjmp``, ``signal``, ``sigpause``, ``sigpending``, ``sigprocmask``,
     ``sigqueue``, ``sigset``, ``sigsuspend``, ``sleep``, ``sockatmark``,
     ``socket``, ``socketpair``, ``stat``, ``stpcpy``, ``stpncpy``,
     ``strcat``, ``strchr``, ``strcmp``, ``strcpy``, ``strcspn``, ``strlen``,
     ``strncat``, ``strncmp``, ``strncpy``, ``strnlen``, ``strpbrk``,
     ``strrchr``, ``strspn``, ``strstr``, ``strtok_r``, ``symlink``,
     ``symlinkat``, ``tcdrain``, ``tcflow``, ``tcflush``, ``tcgetattr``,
     ``tcgetpgrp``, ``tcsendbreak``, ``tcsetattr``, ``tcsetpgrp``,
     ``time``, ``timer_getoverrun``, ``timer_gettime``, ``timer_settime``,
     ``times``, ``umask``, ``uname``, ``unlink``, ``unlinkat``, ``utime``,
     ``utimensat``, ``utimes``, ``wait``, ``waitpid``, ``wcpcpy``,
     ``wcpncpy``, ``wcscat``, ``wcschr``, ``wcscmp``, ``wcscpy``, ``wcscspn``,
     ``wcslen``, ``wcsncat``, ``wcsncmp``, ``wcsncpy``, ``wcsnlen``, ``wcspbrk``,
     ``wcsrchr``, ``wcsspn``, ``wcsstr``, ``wcstok``, ``wmemchr``, ``wmemcmp``,
     ``wmemcpy``, ``wmemmove``, ``wmemset``, ``write``

     The function ``quick_exit`` is not included in the POSIX list but it
     is included here in the set of safe functions.

  The default value is ``POSIX``.