Whole document tree

23. Non-Local Exits

Sometimes when your program detects an unusual situation inside a deeply nested set of function calls, you would like to be able to immediately return to an outer level of control. This section describes how you can do such non-local exits using the setjmp and longjmp functions.

23.1 Introduction to Non-Local Exits		When and how to use these facilities.
23.2 Details of Non-Local Exits		Functions for non-local exits.
23.3 Non-Local Exits and Signals		Portability issues.
23.4 Complete Context Control		Complete context control a la System V.

23.1 Introduction to Non-Local Exits

As an example of a situation where a non-local exit can be useful, suppose you have an interactive program that has a "main loop" that prompts for and executes commands. Suppose the "read" command reads input from a file, doing some lexical analysis and parsing of the input while processing it. If a low-level input error is detected, it would be useful to be able to return immediately to the "main loop" instead of having to make each of the lexical analysis, parsing, and processing phases all have to explicitly deal with error situations initially detected by nested calls.

(On the other hand, if each of these phases has to do a substantial amount of cleanup when it exits--such as closing files, deallocating buffers or other data structures, and the like--then it can be more appropriate to do a normal return and have each phase do its own cleanup, because a non-local exit would bypass the intervening phases and their associated cleanup code entirely. Alternatively, you could use a non-local exit but do the cleanup explicitly either before or after returning to the "main loop".)

In some ways, a non-local exit is similar to using the `return' statement to return from a function. But while `return' abandons only a single function call, transferring control back to the point at which it was called, a non-local exit can potentially abandon many levels of nested function calls.

You identify return points for non-local exits by calling the function setjmp. This function saves information about the execution environment in which the call to setjmp appears in an object of type jmp_buf. Execution of the program continues normally after the call to setjmp, but if an exit is later made to this return point by calling longjmp with the corresponding jmp_buf object, control is transferred back to the point where setjmp was called. The return value from setjmp is used to distinguish between an ordinary return and a return made by a call to longjmp, so calls to setjmp usually appear in an `if' statement.

Here is how the example program described above might be set up:

#include <setjmp.h> #include <stdlib.h> #include <stdio.h> jmp_buf main_loop; void abort_to_main_loop (int status) { longjmp (main_loop, status); } int main (void) { while (1) if (setjmp (main_loop)) puts ("Back at main loop...."); else do_command (); } void do_command (void) { char buffer[128]; if (fgets (buffer, 128, stdin) == NULL) abort_to_main_loop (-1); else exit (EXIT_SUCCESS); }

The function abort_to_main_loop causes an immediate transfer of control back to the main loop of the program, no matter where it is called from.

The flow of control inside the main function may appear a little mysterious at first, but it is actually a common idiom with setjmp. A normal call to setjmp returns zero, so the "else" clause of the conditional is executed. If abort_to_main_loop is called somewhere within the execution of do_command, then it actually appears as if the same call to setjmp in main were returning a second time with a value of -1.

So, the general pattern for using setjmp looks something like:

if (setjmp (buffer)) /* Code to clean up after premature return. */ ... else /* Code to be executed normally after setting up the return point. */ ...

23.2 Details of Non-Local Exits

Here are the details on the functions and data structures used for performing non-local exits. These facilities are declared in `setjmp.h'.

Data Type: jmp_buf

Objects of type jmp_buf hold the state information to be restored by a non-local exit. The contents of a jmp_buf identify a specific place to return to.

Macro: int setjmp (jmp_buf state)

When called normally, setjmp stores information about the execution state of the program in state and returns zero. If longjmp is later used to perform a non-local exit to this state, setjmp returns a nonzero value.

Function: void longjmp (jmp_buf state, int value)

This function restores current execution to the state saved in state, and continues execution from the call to setjmp that established that return point. Returning from setjmp by means of longjmp returns the value argument that was passed to longjmp, rather than 0. (But if value is given as 0, setjmp returns 1).

There are a lot of obscure but important restrictions on the use of setjmp and longjmp. Most of these restrictions are present because non-local exits require a fair amount of magic on the part of the C compiler and can interact with other parts of the language in strange ways.

The setjmp function is actually a macro without an actual function definition, so you shouldn't try to `#undef' it or take its address. In addition, calls to setjmp are safe in only the following contexts:

• As the test expression of a selection or iteration statement (such as `if', `switch', or `while').

• As one operand of a equality or comparison operator that appears as the test expression of a selection or iteration statement. The other operand must be an integer constant expression.

• As the operand of a unary `!' operator, that appears as the test expression of a selection or iteration statement.

• By itself as an expression statement.

Return points are valid only during the dynamic extent of the function that called setjmp to establish them. If you longjmp to a return point that was established in a function that has already returned, unpredictable and disastrous things are likely to happen.

You should use a nonzero value argument to longjmp. While longjmp refuses to pass back a zero argument as the return value from setjmp, this is intended as a safety net against accidental misuse and is not really good programming style.

When you perform a non-local exit, accessible objects generally retain whatever values they had at the time longjmp was called. The exception is that the values of automatic variables local to the function containing the setjmp call that have been changed since the call to setjmp are indeterminate, unless you have declared them volatile.

23.3 Non-Local Exits and Signals

In BSD Unix systems, setjmp and longjmp also save and restore the set of blocked signals; see 24.7 Blocking Signals. However, the POSIX.1 standard requires setjmp and longjmp not to change the set of blocked signals, and provides an additional pair of functions (sigsetjmp and siglongjmp) to get the BSD behavior.

The behavior of setjmp and longjmp in the GNU library is controlled by feature test macros; see 1.3.4 Feature Test Macros. The default in the GNU system is the POSIX.1 behavior rather than the BSD behavior.

The facilities in this section are declared in the header file `setjmp.h'.

Data Type: sigjmp_buf

This is similar to jmp_buf, except that it can also store state information about the set of blocked signals.

Function: int sigsetjmp (sigjmp_buf state, int savesigs)

This is similar to setjmp. If savesigs is nonzero, the set of blocked signals is saved in state and will be restored if a siglongjmp is later performed with this state.

Function: void siglongjmp (sigjmp_buf state, int value)

This is similar to longjmp except for the type of its state argument. If the sigsetjmp call that set this state used a nonzero savesigs flag, siglongjmp also restores the set of blocked signals.

23.4 Complete Context Control

The Unix standard one more set of function to control the execution path and these functions are more powerful than those discussed in this chapter so far. These function were part of the original System V API and by this route were added to the Unix API. Beside on branded Unix implementations these interfaces are not widely available. Not all platforms and/or architectures the GNU C Library is available on provide this interface. Use `configure' to detect the availability.

Similar to the jmp_buf and sigjmp_buf types used for the variables to contain the state of the longjmp functions the interfaces of interest here have an appropriate type as well. Objects of this type are normally much larger since more information is contained. The type is also used in a few more places as we will see. The types and functions described in this section are all defined and declared respectively in the `ucontext.h' header file.

Data Type: ucontext_t

The ucontext_t type is defined as a structure with as least the following elements:

ucontext_t *uc_link

This is a pointer to the next context structure which is used if the context described in the current structure returns.

sigset_t uc_sigmask

Set of signals which are blocked when this context is used.

stack_t uc_stack

Stack used for this context. The value need not be (and normally is not) the stack pointer. See section 24.9 Using a Separate Signal Stack.

mcontext_t uc_mcontext

This element contains the actual state of the process. The mcontext_t type is also defined in this header but the definition should be treated as opaque. Any use of knowledge of the type makes applications less portable.

Objects of this type have to be created by the user. The initialization and modification happens through one of the following functions:

Function: int getcontext (ucontext_t *ucp)

The getcontext function initializes the variable pointed to by ucp with the context of the calling thread. The context contains the content of the registers, the signal mask, and the current stack. Executing the contents would start at the point where the getcontext call just returned.

The function returns 0 if successful. Otherwise it returns -1 and sets errno accordingly.

The getcontext function is similar to setjmp but it does not provide an indication of whether the function returns for the first time or whether the initialized context was used and the execution is resumed at just that point. If this is necessary the user has to take determine this herself. This must be done carefully since the context contains registers which might contain register variables. This is a good situation to define variables with volatile.

Once the context variable is initialized it can be used as is or it can be modified. The latter is normally done to implement co-routines or similar constructs. The makecontext function is what has to be used to do that.

Function: void makecontext (ucontext_t *ucp, void (*func) (void), int argc, ...)

The ucp parameter passed to the makecontext shall be initialized by a call to getcontext. The context will be modified to in a way so that if the context is resumed it will start by calling the function func which gets argc integer arguments passed. The integer arguments which are to be passed should follow the argc parameter in the call to makecontext.

Before the call to this function the uc_stack and uc_link element of the ucp structure should be initialized. The uc_stack element describes the stack which is used for this context. No two contexts which are used at the same time should use the same memory region for a stack.

The uc_link element of the object pointed to by ucp should be a pointer to the context to be executed when the function func returns or it should be a null pointer. See setcontext for more information about the exact use.

While allocating the memory for the stack one has to be careful. Most modern processors keep track of whether a certain memory region is allowed to contain code which is executed or not. Data segments and heap memory is normally not tagged to allow this. The result is that programs would fail. Examples for such code include the calling sequences the GNU C compiler generates for calls to nested functions. Safe ways to allocate stacks correctly include using memory on the original threads stack or explicitly allocate memory tagged for execution using (see section 13.7 Memory-mapped I/O).

Compatibility note: The current Unix standard is very imprecise about the way the stack is allocated. All implementations seem to agree that the uc_stack element must be used but the values stored in the elements of the stack_t value are unclear. The GNU C library and most other Unix implementations require the ss_sp value of the uc_stack element to point to the base of the memory region allocated for the stack and the size of the memory region is stored in ss_size. There are implements out there which require ss_sp to be set to the value the stack pointer will have (which can depending on the direction the stack grows be different). This difference makes the makecontext function hard to use and it requires detection of the platform at compile time.

Function: int setcontext (const ucontext_t *ucp)

The setcontext function restores the context described by ucp. The context is not modified and can be reused as often as wanted.

If the context was created by getcontext execution resumes with the registers filled with the same values and the same stack as if the getcontext call just returned.

If the context was modified with a call to makecontext execution continues with the function passed to makecontext which gets the specified parameters passed. If this function returns execution is resumed in the context which was referenced by the uc_link element of the context structure passed to makecontext at the time of the call. If uc_link was a null pointer the application terminates in this case.

Since the context contains information about the stack no two threads should use the same context at the same time. The result in most cases would be disastrous.

The setcontext function does not return unless an error occurred in which case it returns -1.

The setcontext function simply replaces the current context with the one described by the ucp parameter. This is often useful but there are situations where the current context has to be preserved.

Function: int swapcontext (ucontext_t *restrict oucp, const ucontext_t *restrict ucp)

The swapcontext function is similar to setcontext but instead of just replacing the current context the latter is first saved in the object pointed to by oucp as if this was a call to getcontext. The saved context would resume after the call to swapcontext.

Once the current context is saved the context described in ucp is installed and execution continues as described in this context.

If swapcontext succeeds the function does not return unless the context oucp is used without prior modification by makecontext. The return value in this case is 0. If the function fails it returns -1 and set errno accordingly.

Example for SVID Context Handling

The easiest way to use the context handling functions is as a replacement for setjmp and longjmp. The context contains on most platforms more information which might lead to less surprises but this also means using these functions is more expensive (beside being less portable).

int random_search (int n, int (*fp) (int, ucontext_t *)) { volatile int cnt = 0; ucontext_t uc; /* Safe current context. */ if (getcontext (&uc) < 0) return -1; /* If we have not tried n times try again. */ if (cnt++ < n) /* Call the function with a new random number and the context. */ if (fp (rand (), &uc) != 0) /* We found what we were looking for. */ return 1; /* Not found. */ return 0; }

Using contexts in such a way enables emulating exception handling. The search functions passed in the fp parameter could be very large, nested, and complex which would make it complicated (or at least would require a lot of code) to leave the function with an error value which has to be passed down to the caller. By using the context it is possible to leave the search function in one step and allow restarting the search which also has the nice side effect that it can be significantly faster.

Something which is harder to implement with setjmp and longjmp is to switch temporarily to a different execution path and then resume where execution was stopped.

#include <signal.h> #include <stdio.h> #include <stdlib.h> #include <ucontext.h> #include <sys/time.h> /* Set by the signal handler. */ static volatile int expired; /* The contexts. */ static ucontext_t uc[3]; /* We do only a certain number of switches. */ static int switches; /* This is the function doing the work. It is just a skeleton, real code has to be filled in. */ static void f (int n) { int m = 0; while (1) { /* This is where the work would be done. */ if (++m % 100 == 0) { putchar ('.'); fflush (stdout); } /* Regularly the expire variable must be checked. */ if (expired) { /* We do not want the program to run forever. */ if (++switches == 20) return; printf ("\nswitching from %d to %d\n", n, 3 - n); expired = 0; /* Switch to the other context, saving the current one. */ swapcontext (&uc[n], &uc[3 - n]); } } } /* This is the signal handler which simply set the variable. */ void handler (int signal) { expired = 1; } int main (void) { struct sigaction sa; struct itimerval it; char st1[8192]; char st2[8192]; /* Initialize the data structures for the interval timer. */ sa.sa_flags = SA_RESTART; sigfillset (&sa.sa_mask); sa.sa_handler = handler; it.it_interval.tv_sec = 0; it.it_interval.tv_usec = 1; it.it_value = it.it_interval; /* Install the timer and get the context we can manipulate. */ if (sigaction (SIGPROF, &sa, NULL) < 0 || setitimer (ITIMER_PROF, &it, NULL) < 0 || getcontext (&uc[1]) == -1 || getcontext (&uc[2]) == -1) abort (); /* Create a context with a separate stack which causes the function f to be call with the parameter 1. Note that the uc_link points to the main context which will cause the program to terminate once the function return. */ uc[1].uc_link = &uc[0]; uc[1].uc_stack.ss_sp = st1; uc[1].uc_stack.ss_size = sizeof st1; makecontext (&uc[1], (void (*) (void)) f, 1, 1); /* Similarly, but 2 is passed as the parameter to f. */ uc[2].uc_link = &uc[0]; uc[2].uc_stack.ss_sp = st2; uc[2].uc_stack.ss_size = sizeof st2; makecontext (&uc[2], (void (*) (void)) f, 1, 2); /* Start running. */ swapcontext (&uc[0], &uc[1]); putchar ('\n'); return 0; }

This an example how the context functions can be used to implement co-routines or cooperative multi-threading. All that has to be done is to call every once in a while swapcontext to continue running a different context. It is not allowed to do the context switching from the signal handler directly since neither setcontext nor swapcontext are functions which can be called from a signal handler. But setting a variable in the signal handler and checking it in the body of the functions which are executed. Since swapcontext is saving the current context it is possible to have multiple different scheduling points in the code. Execution will always resume where it was left.