bugprone-signal-handler¶
Finds specific constructs in signal handler functions that can cause undefined behavior. The rules for what is allowed differ between C++ language versions.
Checked signal handler rules for C:
Calls to non-asynchronous-safe functions are not allowed.
Checked signal handler rules for up to and including C++14:
Calls to non-asynchronous-safe functions are not allowed.
C++-specific code constructs are not allowed in signal handlers. In other words, only the common subset of C and C++ is allowed to be used.
Calls to functions with non-C linkage are not allowed (including the signal handler itself).
The check is disabled on C++17 and later.
Asynchronous-safety is determined by comparing the function’s name against a set of known functions. In addition, the function must come from a system header include and in a global namespace. The (possible) arguments passed to the function are not checked. Any function that cannot be determined to be asynchronous-safe is assumed to be non-asynchronous-safe by the check, including user functions for which only the declaration is visible. Calls to user-defined functions with visible definitions are checked recursively.
This check implements the CERT C Coding Standard rule
SIG30-C. Call only asynchronous-safe functions within signal handlers
and the rule
MSC54-CPP. A signal handler must be a plain old function.
It has the alias names cert-sig30-c
and cert-msc54-cpp
.
Options¶
- AsyncSafeFunctionSet¶
Selects which set of functions is considered as asynchronous-safe (and therefore allowed in signal handlers). It can be set to the following values:
minimal
Selects a minimal set that is defined in the CERT SIG30-C rule. and includes functions
abort()
,_Exit()
,quick_exit()
andsignal()
.POSIX
Selects a larger set of functions that is listed in POSIX.1-2017 (see this link for more information). The following functions are included:
_Exit
,_exit
,abort
,accept
,access
,aio_error
,aio_return
,aio_suspend
,alarm
,bind
,cfgetispeed
,cfgetospeed
,cfsetispeed
,cfsetospeed
,chdir
,chmod
,chown
,clock_gettime
,close
,connect
,creat
,dup
,dup2
,execl
,execle
,execv
,execve
,faccessat
,fchdir
,fchmod
,fchmodat
,fchown
,fchownat
,fcntl
,fdatasync
,fexecve
,ffs
,fork
,fstat
,fstatat
,fsync
,ftruncate
,futimens
,getegid
,geteuid
,getgid
,getgroups
,getpeername
,getpgrp
,getpid
,getppid
,getsockname
,getsockopt
,getuid
,htonl
,htons
,kill
,link
,linkat
,listen
,longjmp
,lseek
,lstat
,memccpy
,memchr
,memcmp
,memcpy
,memmove
,memset
,mkdir
,mkdirat
,mkfifo
,mkfifoat
,mknod
,mknodat
,ntohl
,ntohs
,open
,openat
,pause
,pipe
,poll
,posix_trace_event
,pselect
,pthread_kill
,pthread_self
,pthread_sigmask
,quick_exit
,raise
,read
,readlink
,readlinkat
,recv
,recvfrom
,recvmsg
,rename
,renameat
,rmdir
,select
,sem_post
,send
,sendmsg
,sendto
,setgid
,setpgid
,setsid
,setsockopt
,setuid
,shutdown
,sigaction
,sigaddset
,sigdelset
,sigemptyset
,sigfillset
,sigismember
,siglongjmp
,signal
,sigpause
,sigpending
,sigprocmask
,sigqueue
,sigset
,sigsuspend
,sleep
,sockatmark
,socket
,socketpair
,stat
,stpcpy
,stpncpy
,strcat
,strchr
,strcmp
,strcpy
,strcspn
,strlen
,strncat
,strncmp
,strncpy
,strnlen
,strpbrk
,strrchr
,strspn
,strstr
,strtok_r
,symlink
,symlinkat
,tcdrain
,tcflow
,tcflush
,tcgetattr
,tcgetpgrp
,tcsendbreak
,tcsetattr
,tcsetpgrp
,time
,timer_getoverrun
,timer_gettime
,timer_settime
,times
,umask
,uname
,unlink
,unlinkat
,utime
,utimensat
,utimes
,wait
,waitpid
,wcpcpy
,wcpncpy
,wcscat
,wcschr
,wcscmp
,wcscpy
,wcscspn
,wcslen
,wcsncat
,wcsncmp
,wcsncpy
,wcsnlen
,wcspbrk
,wcsrchr
,wcsspn
,wcsstr
,wcstok
,wmemchr
,wmemcmp
,wmemcpy
,wmemmove
,wmemset
,write
The function
quick_exit
is not included in the POSIX list but it is included here in the set of safe functions.
The default value is
POSIX
.