# Background
Starnix is a Fuchsia program that lets us run unmodified Linux binaries on Fuchsia. Currently, Starnix works by creating a child process and loading the Linux executable into that child process. Whenever the Linux binary wants to create a thread, Starnix uses zx_thread_create to create a Zircon thread remotely in the child process.
When the Linux binary is done with the thread, the child process issues the exit() Linux syscall, which generates a BAD_SYSCALL exception that Starnix catches. Starnix updates its internal state to reflect the death of the thread, but currently Starnix has no way to actually destroy the underlying Zircon thread in the child process.
Previously, the zx_task_kill Zircon syscall could do that work, but RFC-0007 removed support for killing threads with zx_task_kill. We also cannot use zx_thread_exit, which is how normal Fuchsia threads destroy themselves, because that syscall can only be issued from the thread being destroyed and the child process does not know how to issue Zircon syscalls (and does not have the requisite capabilities anyway).
# Problem statement
How can Starnix kill the underlying Zircon thread in the child process?
# Proposal
We could add a ZX_EXCEPTION_STATE_FATAL disposition to Zircon exceptions. When Starnix catches the BAD_SYSCALL exception for exit() from the child process, Starnix could set the disposition for the exception to ZX_EXCEPTION_STATE_FATAL (rather than ZX_EXCEPTION_STATE_TRY_NEXT or ZX_EXCEPTION_STATE_HANDLED).
When pumping the exception handler state machine, Zircon could recognize the ZX_EXCEPTION_STATE_FATAL disposition and kill the thread rather than continue propagating the exception.
# Prototype
With this prototype, Starnix is able to use ZX_EXCEPTION_STATE_FATAL to successfully pass the PipeTest.WriterSideCloses test case, which is a particular test case in a Linux binary that (incidentally) creates and destroys a number of threads.
# Alternative
We could make zx_thread_kill work again, potentially only when the thread is suspended or with some other restriction to avoid the pitfalls discussed in RFC-0007.
Thoughts?
Adam