feature: replace strerror with thread safe version( strerror_r )

[aliihsancengiz]

Closes #4568

Related: #4568

What's new?

Replace strerror with thread safe version of strerror_r

How to test

Checklist

• Tests added and pass
• Adequate documentation added
• (optional) Added Screenshots or videos

[AlanGriffiths]

Related: #4586

How is this related?

[AlanGriffiths]

I think this detail would be better encapsulated in a .cpp file

[tarek-y-ismail]

Looks like a typo

[AlanGriffiths]

Do we need this? I can see some uses, but errno_to_cstr() seems adequate in all these cases.

[tarek-y-ismail]

That was my initial opinion, but I think this uses stack memory after returning. See this comment

[tarek-y-ismail]

Ok, after Alan clearing up thread_local to me. I agree with this, we can just use the cstr version and wrap in in std::string{...} in all the places that require it.

[AlanGriffiths]

The implementation would be better encapsulated in a .cpp file

[AlanGriffiths]

Why do we include <cerrno>?

[tarek-y-ismail]

Suggested change

	#include "mir/errno_utils.h"
	#include <mir/errno_utils.h>

This occurs with every inclusion of this header. I won't point it out in every file since it would be too annoying.
Checking the style guide, we forgot to update it to point this out. Opened #4597 to fix this.

[tarek-y-ismail]

I believe we don't follow the detail pattern in the codebase. Can you split the implementation details into their own source file?

[tarek-y-ismail]

While this is a correct fix. I'm not sure if we should sneak it in with this PR

[aliihsancengiz]

Hey @AlanGriffiths and @tarek-y-ismail , thanks for the review.
I have rebased and addressed comments. Please find the first iteration.

• Got rid of errno_to_string
• Splitted implementation into .cpp file
• Some include tweaking
• exported mir::errno_to_cstr*; for symbol map, i did this manually, but not sure that's the right way.

Thanks.

[AlanGriffiths]

Suggested change

	#include <mir/fd.h>
	#include <mir/emergency_cleanup_registry.h>
	#include "ioctl_vt_switcher.h"
	#include <mir/errno_utils.h>
	#include <mir/errno_utils.h>

[AlanGriffiths]

This is in the wrong stanza (the symbol didn't exist in Mir-2.22).

You need to add it in a new MIR_COMMON_2.26 stanza. Vis:

MIR_COMMON_2.26 {
global:
  extern "C++" {
    mir::errno_to_cstr*;
  };
} MIR_COMMON_INTERNAL_2.24;

(That may look confusing, but there's a pre-existing issue with abusing "_INTERNAL_". We can't address that without breaking ABI.)

[AlanGriffiths]

Project style is snake_case for test names and braces opened on the next line.

Suggested change

	TEST(ErrnoToCstr, ReturnsNonNullAndNonEmpty) {
	TEST(ErrnoToCstr, returns_non_null_and_non_empty)
	{

[AlanGriffiths]

Why?

[aliihsancengiz]

That was not intended; indeed, it reverted.

[AlanGriffiths]

Project style is to have the opening brace on the next line

[AlanGriffiths]

Confusing comment

[aliihsancengiz]

Indeed, a leftover from clean-up, Thanks.

[AlanGriffiths]

A couple of style tweaks

[AlanGriffiths]

Not needed

[AlanGriffiths]

A couple of style tweaks

Pushed these to avoid another review cycle

[Copilot]

Pull request overview

This PR replaces the thread-unsafe strerror function with the thread-safe strerror_r across the codebase, addressing issue #4568. The implementation provides a wrapper function mir::errno_to_cstr that handles differences between GNU and POSIX versions of strerror_r.

Key changes:

• Introduces mir::errno_to_cstr() as a thread-safe replacement for strerror()
• Adds comprehensive unit tests for thread safety and correctness
• Updates all occurrences of strerror() throughout the codebase to use the new wrapper

Reviewed changes

Copilot reviewed 30 out of 31 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
include/common/mir/errno_utils.h	Declares the thread-safe errno conversion function
src/common/errno_utils.cpp	Implements thread-safe errno-to-string conversion using strerror_r with GNU/POSIX compatibility
tests/unit-tests/test_errno_utils.cpp	Adds unit tests verifying thread safety and correctness of errno_to_cstr
tests/unit-tests/CMakeLists.txt	Registers the new test file in the build system
src/common/CMakeLists.txt	Adds errno_utils.cpp to the build
[multiple platform/server files]	Replaces strerror calls with mir::errno_to_cstr for thread safety

[jhenstridge]

The use of thread_local means the thread safety guarantees are similar to those for plain strerror in modern glibc (although now the return value will always be overwritten on a second call to errno_to_cstr on the same thread).

If we're doing this to improve safety, would a std::string return be more appropriate?

[jhenstridge]

If ret is not zero, then buf could contain garbage. It should probably return "Unknown error" in this case, similar to what you've done in the GNU version.

[jhenstridge]

Is it really worth adding support for two versions of strerror_r? It basically means we'll have a code path that is unused for most of our testing.

Given that this code is in it's own source file now, we know what environment it is being compiled in. It would probably be simpler to put #undef _GNU_SOURCE before the includes, and use an assert to ensure we have the POSIX version. Something like:

static_assert(std::is_same_v<decltype(ret), int>);

[aliihsancengiz]

That would be a better aproach indeed.
But I am not sure undefining _GNU_SOURCE will force the compiler to use a POSIX/XSI-compliant version.

At least, when I apply it, my compiler is unable to find the POSIX version.

gcc (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0
g++ (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0
ldd (Ubuntu GLIBC 2.39-0ubuntu8.6) 2.39

Maybe i am missing something?

[AlanGriffiths]

The use of thread_local means the thread safety guarantees are similar to those for plain strerror in modern glibc

We don't know we're on glibc. For example, Alpine uses musl