2 * Copyright 2017 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * Subprocess library, modeled after Python's subprocess module
19 * (http://docs.python.org/2/library/subprocess.html)
21 * This library defines one class (Subprocess) which represents a child
22 * process. Subprocess has two constructors: one that takes a vector<string>
23 * and executes the given executable without using the shell, and one
24 * that takes a string and executes the given command using the shell.
25 * Subprocess allows you to redirect the child's standard input, standard
26 * output, and standard error to/from child descriptors in the parent,
27 * or to create communication pipes between the child and the parent.
29 * The simplest example is a thread-safe [1] version of the system() library
31 * Subprocess(cmd).wait();
32 * which executes the command using the default shell and waits for it
33 * to complete, returning the exit status.
35 * A thread-safe [1] version of popen() (type="r", to read from the child):
36 * Subprocess proc(cmd, Subprocess::Options().pipeStdout());
37 * // read from proc.stdoutFd()
40 * A thread-safe [1] version of popen() (type="w", to write to the child):
41 * Subprocess proc(cmd, Subprocess::Options().pipeStdin());
42 * // write to proc.stdinFd()
45 * If you want to redirect both stdin and stdout to pipes, you can, but note
46 * that you're subject to a variety of deadlocks. You'll want to use
47 * nonblocking I/O, like the callback version of communicate().
49 * The string or IOBuf-based variants of communicate() are the simplest way
50 * to communicate with a child via its standard input, standard output, and
51 * standard error. They buffer everything in memory, so they are not great
52 * for large amounts of data (or long-running processes), but they are much
53 * simpler than the callback version.
55 * == A note on thread-safety ==
57 * [1] "thread-safe" refers ONLY to the fact that Subprocess is very careful
58 * to fork in a way that does not cause grief in multithreaded programs.
60 * Caveat: If your system does not have the atomic pipe2 system call, it is
61 * not safe to concurrently call Subprocess from different threads.
62 * Therefore, it is best to have a single thread be responsible for spawning
65 * A particular instances of Subprocess is emphatically **not** thread-safe.
66 * If you need to simultaneously communicate via the pipes, and interact
67 * with the Subprocess state, your best bet is to:
68 * - takeOwnershipOfPipes() to separate the pipe I/O from the subprocess.
69 * - Only interact with the Subprocess from one thread at a time.
71 * The current implementation of communicate() cannot be safely interrupted.
72 * To do so correctly, one would need to use EventFD, or open a dedicated
73 * pipe to be messaged from a different thread -- in particular, kill() will
74 * not do, since a descendant may keep the pipes open indefinitely.
76 * So, once you call communicate(), you must wait for it to return, and not
77 * touch the pipes from other threads. closeParentFd() is emphatically
78 * unsafe to call concurrently, and even sendSignal() is not a good idea.
79 * You can perhaps give the Subprocess's PID to a different thread before
80 * starting communicate(), and use that PID to send a signal without
81 * accessing the Subprocess object. In that case, you will need a mutex
82 * that ensures you don't wait() before you sent said signal. In a
83 * nutshell, don't do this.
85 * In fact, signals are inherently concurrency-unsafe on Unix: if you signal
86 * a PID, while another thread is in waitpid(), the signal may fire either
87 * before or after the process is reaped. This means that your signal can,
88 * in pathological circumstances, be delivered to the wrong process (ouch!).
89 * To avoid this, you should only use non-blocking waits (i.e. poll()), and
90 * make sure to serialize your signals (i.e. kill()) with the waits --
91 * either wait & signal from the same thread, or use a mutex.
96 #include <sys/types.h>
108 #include <boost/container/flat_map.hpp>
110 #include <folly/Exception.h>
111 #include <folly/File.h>
112 #include <folly/FileUtil.h>
113 #include <folly/Function.h>
114 #include <folly/MapUtil.h>
115 #include <folly/Optional.h>
116 #include <folly/Portability.h>
117 #include <folly/Range.h>
118 #include <folly/gen/String.h>
119 #include <folly/io/IOBufQueue.h>
120 #include <folly/portability/SysResource.h>
125 * Class to wrap a process return code.
128 class ProcessReturnCode {
129 friend class Subprocess;
132 // Subprocess starts in the constructor, so this state designates only
133 // default-initialized or moved-out ProcessReturnCodes.
140 // Default-initialized for convenience. Subprocess::returnCode() will
141 // never produce this value.
142 ProcessReturnCode() : ProcessReturnCode(RV_NOT_STARTED) {}
144 // Trivially copyable
145 ProcessReturnCode(const ProcessReturnCode& p) = default;
146 ProcessReturnCode& operator=(const ProcessReturnCode& p) = default;
147 // Non-default move: In order for Subprocess to be movable, the "moved
148 // out" state must not be "running", or ~Subprocess() will abort.
149 ProcessReturnCode(ProcessReturnCode&& p) noexcept;
150 ProcessReturnCode& operator=(ProcessReturnCode&& p) noexcept;
153 * Process state. One of:
154 * NOT_STARTED: process hasn't been started successfully
155 * RUNNING: process is currently running
156 * EXITED: process exited (successfully or not)
157 * KILLED: process was killed by a signal.
162 * Helper wrappers around state().
164 bool notStarted() const { return state() == NOT_STARTED; }
165 bool running() const { return state() == RUNNING; }
166 bool exited() const { return state() == EXITED; }
167 bool killed() const { return state() == KILLED; }
170 * Exit status. Only valid if state() == EXITED; throws otherwise.
172 int exitStatus() const;
175 * Signal that caused the process's termination. Only valid if
176 * state() == KILLED; throws otherwise.
178 int killSignal() const;
181 * Was a core file generated? Only valid if state() == KILLED; throws
184 bool coreDumped() const;
187 * String representation; one of
190 * "exited with status <status>"
191 * "killed by signal <signal>"
192 * "killed by signal <signal> (core dumped)"
194 std::string str() const;
197 * Helper function to enforce a precondition based on this.
198 * Throws std::logic_error if in an unexpected state.
200 void enforce(State state) const;
202 explicit ProcessReturnCode(int rv) : rawStatus_(rv) { }
203 static constexpr int RV_NOT_STARTED = -2;
204 static constexpr int RV_RUNNING = -1;
210 * Base exception thrown by the Subprocess methods.
212 class SubprocessError : public std::exception {};
215 * Exception thrown by *Checked methods of Subprocess.
217 class CalledProcessError : public SubprocessError {
219 explicit CalledProcessError(ProcessReturnCode rc);
220 ~CalledProcessError() throw() override = default;
221 const char* what() const throw() override { return what_.c_str(); }
222 ProcessReturnCode returnCode() const { return returnCode_; }
224 ProcessReturnCode returnCode_;
229 * Exception thrown if the subprocess cannot be started.
231 class SubprocessSpawnError : public SubprocessError {
233 SubprocessSpawnError(const char* executable, int errCode, int errnoValue);
234 ~SubprocessSpawnError() throw() override = default;
235 const char* what() const throw() override { return what_.c_str(); }
236 int errnoValue() const { return errnoValue_; }
248 static const int CLOSE = -1;
249 static const int PIPE = -2;
250 static const int PIPE_IN = -3;
251 static const int PIPE_OUT = -4;
254 * See Subprocess::Options::dangerousPostForkPreExecCallback() for usage.
255 * Every derived class should include the following warning:
257 * DANGER: This class runs after fork in a child processes. Be fast, the
258 * parent thread is waiting, but remember that other parent threads are
259 * running and may mutate your state. Avoid mutating any data belonging to
260 * the parent. Avoid interacting with non-POD data that originated in the
261 * parent. Avoid any libraries that may internally reference non-POD data.
262 * Especially beware parent mutexes -- for example, glog's LOG() uses one.
264 struct DangerousPostForkPreExecCallback {
265 virtual ~DangerousPostForkPreExecCallback() {}
266 // This must return 0 on success, or an `errno` error code.
267 virtual int operator()() = 0;
271 * Class representing various options: file descriptor behavior, and
272 * whether to use $PATH for searching for the executable,
274 * By default, we don't use $PATH, file descriptors are closed if
275 * the close-on-exec flag is set (fcntl FD_CLOEXEC) and inherited
279 friend class Subprocess;
281 Options() {} // E.g. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58328
284 * Change action for file descriptor fd.
286 * "action" may be another file descriptor number (dup2()ed before the
287 * child execs), or one of CLOSE, PIPE_IN, and PIPE_OUT.
289 * CLOSE: close the file descriptor in the child
290 * PIPE_IN: open a pipe *from* the child
291 * PIPE_OUT: open a pipe *to* the child
293 * PIPE is a shortcut; same as PIPE_IN for stdin (fd 0), same as
294 * PIPE_OUT for stdout (fd 1) or stderr (fd 2), and an error for
295 * other file descriptors.
297 Options& fd(int fd, int action);
300 * Shortcut to change the action for standard input.
302 Options& stdinFd(int action) { return fd(STDIN_FILENO, action); }
305 * Shortcut to change the action for standard output.
307 Options& stdoutFd(int action) { return fd(STDOUT_FILENO, action); }
310 * Shortcut to change the action for standard error.
311 * Note that stderr(1) will redirect the standard error to the same
312 * file descriptor as standard output; the equivalent of bash's "2>&1"
314 Options& stderrFd(int action) { return fd(STDERR_FILENO, action); }
316 Options& pipeStdin() { return fd(STDIN_FILENO, PIPE_IN); }
317 Options& pipeStdout() { return fd(STDOUT_FILENO, PIPE_OUT); }
318 Options& pipeStderr() { return fd(STDERR_FILENO, PIPE_OUT); }
321 * Close all other fds (other than standard input, output, error,
322 * and file descriptors explicitly specified with fd()).
324 * This is potentially slow; it's generally a better idea to
325 * set the close-on-exec flag on all file descriptors that shouldn't
326 * be inherited by the child.
328 * Even with this option set, standard input, output, and error are
329 * not closed; use stdin(CLOSE), stdout(CLOSE), stderr(CLOSE) if you
332 Options& closeOtherFds() { closeOtherFds_ = true; return *this; }
335 * Use the search path ($PATH) when searching for the executable.
337 Options& usePath() { usePath_ = true; return *this; }
340 * Change the child's working directory, after the vfork.
342 Options& chdir(const std::string& dir) { childDir_ = dir; return *this; }
346 * Child will receive a signal when the parent exits.
348 Options& parentDeathSignal(int sig) {
349 parentDeathSignal_ = sig;
355 * Child will be made a process group leader when it starts. Upside: one
356 * can reliably all its kill non-daemonizing descendants. Downside: the
357 * child will not receive Ctrl-C etc during interactive use.
359 Options& processGroupLeader() {
360 processGroupLeader_ = true;
365 * *** READ THIS WHOLE DOCBLOCK BEFORE USING ***
367 * Run this callback in the child after the fork, just before the
368 * exec(), and after the child's state has been completely set up:
369 * - signal handlers have been reset to default handling and unblocked
370 * - the working directory was set
371 * - closed any file descriptors specified via Options()
372 * - set child process flags (see code)
374 * This is EXTREMELY DANGEROUS. For example, this innocuous-looking code
375 * can cause a fraction of your Subprocess launches to hang forever:
377 * LOG(INFO) << "Hello from the child";
379 * The reason is that glog has an internal mutex. If your fork() happens
380 * when the parent has the mutex locked, the child will wait forever.
384 * - Be quick -- the parent thread is blocked until you exit.
385 * - Remember that other parent threads are running, and may mutate your
387 * - Avoid mutating any data belonging to the parent.
388 * - Avoid interacting with non-POD data that came from the parent.
389 * - Avoid any libraries that may internally reference non-POD state.
390 * - Especially beware parent mutexes, e.g. LOG() uses a global mutex.
391 * - Avoid invoking the parent's destructors (you can accidentally
392 * delete files, terminate network connections, etc).
393 * - Read http://ewontfix.com/7/
395 Options& dangerousPostForkPreExecCallback(
396 DangerousPostForkPreExecCallback* cob) {
397 dangerousPostForkPreExecCallback_ = cob;
403 * This is an experimental feature, it is best you don't use it at this
405 * Although folly would support cloning with custom flags in some form, this
406 * API might change in the near future. So use the following assuming it is
407 * experimental. (Apr 11, 2017)
409 * This unlocks Subprocess to support clone flags, many of them need
410 * CAP_SYS_ADMIN permissions. It might also require you to go through the
411 * implementation to understand what happens before, between and after the
414 * `man 2 clone` would be a starting point for knowing about the available
417 using clone_flags_t = uint64_t;
418 Options& useCloneWithFlags(clone_flags_t cloneFlags) noexcept {
419 cloneFlags_ = cloneFlags;
425 typedef boost::container::flat_map<int, int> FdMap;
427 bool closeOtherFds_{false};
428 bool usePath_{false};
429 std::string childDir_; // "" keeps the parent's working directory
431 int parentDeathSignal_{0};
433 bool processGroupLeader_{false};
434 DangerousPostForkPreExecCallback*
435 dangerousPostForkPreExecCallback_{nullptr};
437 // none means `vfork()` instead of a custom `clone()`
438 // Optional<> is used because value of '0' means do clone without any flags.
439 Optional<clone_flags_t> cloneFlags_;
443 // Non-copiable, but movable
444 Subprocess(const Subprocess&) = delete;
445 Subprocess& operator=(const Subprocess&) = delete;
446 Subprocess(Subprocess&&) = default;
447 Subprocess& operator=(Subprocess&&) = default;
450 * Create an uninitialized subprocess.
452 * In this state it can only be destroyed, or assigned to using the move
453 * assignment operator.
458 * Create a subprocess from the given arguments. argv[0] must be listed.
459 * If not-null, executable must be the actual executable
460 * being used (otherwise it's the same as argv[0]).
462 * If env is not-null, it must contain name=value strings to be used
463 * as the child's environment; otherwise, we inherit the environment
464 * from the parent. env must be null if options.usePath is set.
467 const std::vector<std::string>& argv,
468 const Options& options = Options(),
469 const char* executable = nullptr,
470 const std::vector<std::string>* env = nullptr);
474 * Create a subprocess run as a shell command (as shell -c 'command')
476 * The shell to use is taken from the environment variable $SHELL,
477 * or /bin/sh if $SHELL is unset.
479 FOLLY_DEPRECATED("Prefer not running in a shell or use `shellify`.")
481 const std::string& cmd,
482 const Options& options = Options(),
483 const std::vector<std::string>* env = nullptr);
486 //// The methods below only manipulate the process state, and do not
487 //// affect its communication pipes.
491 * Return the child's pid, or -1 if the child wasn't successfully spawned
492 * or has already been wait()ed upon.
497 * Return the child's status (as per wait()) if the process has already
498 * been waited on, -1 if the process is still running, or -2 if the
499 * process hasn't been successfully started. NOTE that this does not call
500 * waitpid() or Subprocess::poll(), but simply returns the status stored
501 * in the Subprocess object.
503 ProcessReturnCode returnCode() const { return returnCode_; }
506 * Poll the child's status and return it. Return the exit status if the
507 * subprocess had quit, or RUNNING otherwise. Throws an std::logic_error
508 * if called on a Subprocess whose status is no longer RUNNING. No other
509 * exceptions are possible. Aborts on egregious violations of contract,
510 * e.g. if you wait for the underlying process without going through this
511 * Subprocess instance.
513 ProcessReturnCode poll(struct rusage* ru = nullptr);
516 * Poll the child's status. If the process is still running, return false.
517 * Otherwise, return true if the process exited with status 0 (success),
518 * or throw CalledProcessError if the process exited with a non-zero status.
523 * Wait for the process to terminate and return its status. Like poll(),
524 * the only exception this can throw is std::logic_error if you call this
525 * on a Subprocess whose status is RUNNING. Aborts on egregious
526 * violations of contract, like an out-of-band waitpid(p.pid(), 0, 0).
528 ProcessReturnCode wait();
531 * Wait for the process to terminate, throw if unsuccessful.
536 * Send a signal to the child. Shortcuts for the commonly used Unix
539 void sendSignal(int signal);
540 void terminate() { sendSignal(SIGTERM); }
541 void kill() { sendSignal(SIGKILL); }
544 //// The methods below only affect the process's communication pipes, but
545 //// not its return code or state (they do not poll() or wait()).
549 * Communicate with the child until all pipes to/from the child are closed.
551 * The input buffer is written to the process' stdin pipe, and data is read
552 * from the stdout and stderr pipes. Non-blocking I/O is performed on all
553 * pipes simultaneously to avoid deadlocks.
555 * The stdin pipe will be closed after the full input buffer has been written.
556 * An error will be thrown if a non-empty input buffer is supplied but stdin
557 * was not configured as a pipe.
559 * Returns a pair of buffers containing the data read from stdout and stderr.
560 * If stdout or stderr is not a pipe, an empty IOBuf queue will be returned
561 * for the respective buffer.
563 * Note that communicate() and communicateIOBuf() both return when all
564 * pipes to/from the child are closed; the child might stay alive after
565 * that, so you must still wait().
567 * communicateIOBuf() uses IOBufQueue for buffering (which has the
568 * advantage that it won't try to allocate all data at once), but it does
569 * store the subprocess's entire output in memory before returning.
571 * communicate() uses strings for simplicity.
573 std::pair<IOBufQueue, IOBufQueue> communicateIOBuf(
574 IOBufQueue input = IOBufQueue());
576 std::pair<std::string, std::string> communicate(
577 StringPiece input = StringPiece());
580 * Communicate with the child until all pipes to/from the child are closed.
584 * readCallback(pfd, cfd) will be called whenever there's data available
585 * on any pipe *from* the child (PIPE_OUT). pfd is the file descriptor
586 * in the parent (that you use to read from); cfd is the file descriptor
587 * in the child (used for identifying the stream; 1 = child's standard
588 * output, 2 = child's standard error, etc)
590 * writeCallback(pfd, cfd) will be called whenever a pipe *to* the child is
591 * writable (PIPE_IN). pfd is the file descriptor in the parent (that you
592 * use to write to); cfd is the file descriptor in the child (used for
593 * identifying the stream; 0 = child's standard input, etc)
595 * The read and write callbacks must read from / write to pfd and return
596 * false during normal operation. Return true to tell communicate() to
597 * close the pipe. For readCallback, this might send SIGPIPE to the
598 * child, or make its writes fail with EPIPE, so you should generally
599 * avoid returning true unless you've reached end-of-file.
601 * communicate() returns when all pipes to/from the child are closed; the
602 * child might stay alive after that, so you must still wait().
603 * Conversely, the child may quit long before its pipes are closed, since
604 * its descendants can keep them alive forever.
606 * Most users won't need to use this callback version; the simpler version
607 * of communicate (which buffers data in memory) will probably work fine.
609 * == Things you must get correct ==
611 * 1) You MUST consume all data passed to readCallback (or return true to
612 * close the pipe). Similarly, you MUST write to a writable pipe (or
613 * return true to close the pipe). To do otherwise is an error that can
614 * result in a deadlock. You must do this even for pipes you are not
617 * 2) pfd is nonblocking, so be prepared for read() / write() to return -1
618 * and set errno to EAGAIN (in which case you should return false). Use
619 * readNoInt() from FileUtil.h to handle interrupted reads for you.
621 * 3) Your callbacks MUST NOT call any of the Subprocess methods that
622 * manipulate the pipe FDs. Check the docblocks, but, for example,
623 * neither closeParentFd (return true instead) nor takeOwnershipOfPipes
624 * are safe. Stick to reading/writing from pfd, as appropriate.
628 * 1) See ReadLinesCallback for an easy way to consume the child's output
629 * streams line-by-line (or tokenized by another delimiter).
631 * 2) "Wait until the descendants close the pipes" is usually the behavior
632 * you want, since the descendants may have something to say even if the
633 * immediate child is dead. If you need to be able to force-close all
634 * parent FDs, communicate() will NOT work for you. Do it your own way by
635 * using takeOwnershipOfPipes().
637 * Why not? You can return "true" from your callbacks to sever active
638 * pipes, but inactive ones can remain open indefinitely. It is
639 * impossible to safely close inactive pipes while another thread is
640 * blocked in communicate(). This is BY DESIGN. Racing communicate()'s
641 * read/write callbacks can result in wrong I/O and data corruption. This
642 * class would need internal synchronization and timeouts, a poor and
643 * expensive implementation choice, in order to make closeParentFd()
646 using FdCallback = folly::Function<bool(int, int)>;
647 void communicate(FdCallback readCallback, FdCallback writeCallback);
650 * A readCallback for Subprocess::communicate() that helps you consume
651 * lines (or other delimited pieces) from your subprocess's file
652 * descriptors. Use the readLinesCallback() helper to get template
653 * deduction. For example:
655 * subprocess.communicate(
656 * Subprocess::readLinesCallback(
657 * [](int fd, folly::StringPiece s) {
658 * std::cout << fd << " said: " << s;
659 * return false; // Keep reading from the child
662 * [](int pdf, int cfd){ return true; } // Don't write to the child
665 * If a file line exceeds maxLineLength, your callback will get some
666 * initial chunks of maxLineLength with no trailing delimiters. The final
667 * chunk of a line is delimiter-terminated iff the delimiter was present
668 * in the input. In particular, the last line in a file always lacks a
669 * delimiter -- so if a file ends on a delimiter, the final line is empty.
671 * Like a regular communicate() callback, your fdLineCb() normally returns
672 * false. It may return true to tell Subprocess to close the underlying
673 * file descriptor. The child process may then receive SIGPIPE or get
674 * EPIPE errors on writes.
676 template <class Callback>
677 class ReadLinesCallback {
679 // Binds an FD to the client-provided FD+line callback
680 struct StreamSplitterCallback {
681 StreamSplitterCallback(Callback& cb, int fd) : cb_(cb), fd_(fd) { }
682 // The return value semantics are inverted vs StreamSplitter
683 bool operator()(StringPiece s) { return !cb_(fd_, s); }
687 typedef gen::StreamSplitter<StreamSplitterCallback> LineSplitter;
689 explicit ReadLinesCallback(
691 uint64_t maxLineLength = 0, // No line length limit by default
692 char delimiter = '\n',
693 uint64_t bufSize = 1024
694 ) : fdLineCb_(std::forward<Callback>(fdLineCb)),
695 maxLineLength_(maxLineLength),
696 delimiter_(delimiter),
699 bool operator()(int pfd, int cfd) {
700 // Make a splitter for this cfd if it doesn't already exist
701 auto it = fdToSplitter_.find(cfd);
702 auto& splitter = (it != fdToSplitter_.end()) ? it->second
703 : fdToSplitter_.emplace(cfd, LineSplitter(
704 delimiter_, StreamSplitterCallback(fdLineCb_, cfd), maxLineLength_
706 // Read as much as we can from this FD
709 ssize_t ret = readNoInt(pfd, buf, bufSize_);
710 if (ret == -1 && errno == EAGAIN) { // No more data for now
713 checkUnixError(ret, "read");
714 if (ret == 0) { // Reached end-of-file
715 splitter.flush(); // Ignore return since the file is over anyway
718 if (!splitter(StringPiece(buf, ret))) {
719 return true; // The callback told us to stop
726 const uint64_t maxLineLength_;
727 const char delimiter_;
728 const uint64_t bufSize_;
729 // We lazily make splitters for all cfds that get used.
730 std::unordered_map<int, LineSplitter> fdToSplitter_;
733 // Helper to enable template deduction
734 template <class Callback>
735 static auto readLinesCallback(
737 uint64_t maxLineLength = 0, // No line length limit by default
738 char delimiter = '\n',
739 uint64_t bufSize = 1024)
740 -> ReadLinesCallback<typename std::decay<Callback>::type> {
741 return ReadLinesCallback<typename std::decay<Callback>::type>(
742 std::forward<Callback>(fdLineCb), maxLineLength, delimiter, bufSize);
746 * communicate() callbacks can use this to temporarily enable/disable
747 * notifications (callbacks) for a pipe to/from the child. By default,
748 * all are enabled. Useful for "chatty" communication -- you want to
749 * disable write callbacks until you receive the expected message.
751 * Disabling a pipe does not free you from the requirement to consume all
752 * incoming data. Failing to do so will easily create deadlock bugs.
754 * Throws if the childFd is not known.
756 void enableNotifications(int childFd, bool enabled);
759 * Are notifications for one pipe to/from child enabled? Throws if the
760 * childFd is not known.
762 bool notificationsEnabled(int childFd) const;
765 //// The following methods are meant for the cases when communicate() is
766 //// not suitable. You should not need them when you call communicate(),
767 //// and, in fact, it is INHERENTLY UNSAFE to use closeParentFd() or
768 //// takeOwnershipOfPipes() from a communicate() callback.
772 * Close the parent file descriptor given a file descriptor in the child.
773 * DO NOT USE from communicate() callbacks; make them return true instead.
775 void closeParentFd(int childFd);
778 * Set all pipes from / to child to be non-blocking. communicate() does
781 void setAllNonBlocking();
784 * Get parent file descriptor corresponding to the given file descriptor
785 * in the child. Throws if childFd isn't a pipe (PIPE_IN / PIPE_OUT).
786 * Do not close() the returned file descriptor; use closeParentFd, above.
788 int parentFd(int childFd) const {
789 return pipes_[findByChildFd(childFd)].pipe.fd();
791 int stdinFd() const { return parentFd(0); }
792 int stdoutFd() const { return parentFd(1); }
793 int stderrFd() const { return parentFd(2); }
796 * The child's pipes are logically separate from the process metadata
797 * (they may even be kept alive by the child's descendants). This call
798 * lets you manage the pipes' lifetime separetely from the lifetime of the
801 * After this call, the Subprocess instance will have no knowledge of
802 * these pipes, and the caller assumes responsibility for managing their
803 * lifetimes. Pro-tip: prefer to explicitly close() the pipes, since
804 * folly::File would otherwise silently suppress I/O errors.
806 * No, you may NOT call this from a communicate() callback.
809 ChildPipe(int fd, folly::File&& ppe) : childFd(fd), pipe(std::move(ppe)) {}
811 folly::File pipe; // Owns the parent FD
813 std::vector<ChildPipe> takeOwnershipOfPipes();
816 static const int RV_RUNNING = ProcessReturnCode::RV_RUNNING;
817 static const int RV_NOT_STARTED = ProcessReturnCode::RV_NOT_STARTED;
819 // spawn() sets up a pipe to read errors from the child,
820 // then calls spawnInternal() to do the bulk of the work. Once
821 // spawnInternal() returns it reads the error pipe to see if the child
822 // encountered any errors.
824 std::unique_ptr<const char*[]> argv,
825 const char* executable,
826 const Options& options,
827 const std::vector<std::string>* env);
829 std::unique_ptr<const char*[]> argv,
830 const char* executable,
832 const std::vector<std::string>* env,
835 // Actions to run in child.
836 // Note that this runs after vfork(), so tread lightly.
837 // Returns 0 on success, or an errno value on failure.
838 int prepareChild(const Options& options,
839 const sigset_t* sigmask,
840 const char* childDir) const;
841 int runChild(const char* executable, char** argv, char** env,
842 const Options& options) const;
845 * Read from the error pipe, and throw SubprocessSpawnError if the child
846 * failed before calling exec().
848 void readChildErrorPipe(int pfd, const char* executable);
850 // Returns an index into pipes_. Throws std::invalid_argument if not found.
851 size_t findByChildFd(const int childFd) const;
854 ProcessReturnCode returnCode_{RV_NOT_STARTED};
857 * Represents a pipe between this process, and the child process (or its
858 * descendant). To interact with these pipes, you can use communicate(),
859 * or use parentFd() and related methods, or separate them from the
860 * Subprocess instance entirely via takeOwnershipOfPipes().
862 struct Pipe : private boost::totally_ordered<Pipe> {
863 folly::File pipe; // Our end of the pipe, wrapped in a File to auto-close.
864 int childFd = -1; // Identifies the pipe: what FD is this in the child?
865 int direction = PIPE_IN; // one of PIPE_IN / PIPE_OUT
866 bool enabled = true; // Are notifications enabled in communicate()?
868 bool operator<(const Pipe& other) const {
869 return childFd < other.childFd;
871 bool operator==(const Pipe& other) const {
872 return childFd == other.childFd;
876 // Populated at process start according to fdActions, empty after
877 // takeOwnershipOfPipes(). Sorted by childFd. Can only have elements
878 // erased, but not inserted, after being populated.
880 // The number of pipes between parent and child is assumed to be small,
881 // so we're happy with a vector here, even if it means linear erase.
882 std::vector<Pipe> pipes_;