I've just read Leon Timmermans' article What you should know about signal based timeouts and I was wondering how it/if it applies to the use of Sys::SigAction::timeout_call().
1) First of all, it seems that timeout_call() uses longjmp and unsafe signals, and therefore CERT Secure Coding rule SIG32-C is applicable.
2) Is timeout_call safe to use if the code being monitored for timeouts only contains pure-perl code (i.e. no calls to XS modules)?
1)timeout_call()使用几乎完全相同的习语将系统调用包装在eval/alarm块中,如 Leon 的示例:
my $ALARM_EXCEPTION = "alarm clock restart";
my $h;
eval {
$h = set_sig_handler('ALRM', sub { die $ALARM_EXCEPTION }, { });
alarm 10;
flock $fh, 2 or die "cannot flock: $!";
alarm 0;
};
alarm 0;
$SIG{ALRM} = $h;
if ($@ && $@ !~ quotemeta($ALARM_EXCEPTION)) { die }
因此,如果set_sig_handler禁用/覆盖安全信号处理,那么timeout_call也会。
2) 纯 Perl 仍然可以与操作系统进行大量交互,并且每个系统调用对信号的响应方式在平台之间可能会有很大差异。所以总的来说答案是否定的。