about summary refs log tree commit homepage
diff options
context:
space:
mode:
authorEric Wong <normalperson@yhbt.net>2010-10-05 23:59:45 +0000
committerEric Wong <normalperson@yhbt.net>2010-10-06 00:35:08 +0000
commitcb233696be73873f6f8c367f4b977ade1815b265 (patch)
tree7821802bb2be7058c98b8d9d848a6666b9dae1e9
parentd4c898a4adc6cb6c3a20a648ae6b9b6a226066a6 (diff)
downloadunicorn-cb233696be73873f6f8c367f4b977ade1815b265.tar.gz
This also affects some constant scoping rules, but hopefully
makes things easier to follow.  Accessing ivars (not via
accessor methods) are also slightly faster, so use them in
the criticial process_client code path.
-rw-r--r--lib/unicorn.rb829
-rw-r--r--lib/unicorn/const.rb51
-rw-r--r--lib/unicorn/http_server.rb700
3 files changed, 793 insertions, 787 deletions
diff --git a/lib/unicorn.rb b/lib/unicorn.rb
index 731fe86..f9d5954 100644
--- a/lib/unicorn.rb
+++ b/lib/unicorn.rb
@@ -1,780 +1,83 @@
 # -*- encoding: binary -*-
-
 require 'fcntl'
 require 'etc'
 require 'stringio'
 require 'rack'
 require 'kgio'
-require 'unicorn/socket_helper'
-require 'unicorn/const'
-require 'unicorn/http_request'
-require 'unicorn/configurator'
-require 'unicorn/tmpio'
-require 'unicorn/util'
-require 'unicorn/tee_input'
-require 'unicorn/http_response'
-require 'unicorn/worker'
 
-# Unicorn module containing all of the classes (include C extensions) for running
-# a Unicorn web server.  It contains a minimalist HTTP server with just enough
-# functionality to service web application requests fast as possible.
+# Unicorn module containing all of the classes (include C extensions) for
+# running a Unicorn web server.  It contains a minimalist HTTP server with just
+# enough functionality to service web application requests fast as possible.
 module Unicorn
-
-  # raised inside TeeInput when a client closes the socket inside the
-  # application dispatch.  This is always raised with an empty backtrace
-  # since there is nothing in the application stack that is responsible
-  # for client shutdowns/disconnects.
-  class ClientShutdown < EOFError
+  def self.run(app, options = {})
+    Unicorn::HttpServer.new(app, options).start.join
   end
 
-  class << self
-    def run(app, options = {})
-      HttpServer.new(app, options).start.join
-    end
-
-    # This returns a lambda to pass in as the app, this does not "build" the
-    # app (which we defer based on the outcome of "preload_app" in the
-    # Unicorn config).  The returned lambda will be called when it is
-    # time to build the app.
-    def builder(ru, opts)
-      # allow Configurator to parse cli switches embedded in the ru file
-      Unicorn::Configurator::RACKUP.update(:file => ru, :optparse => opts)
-
-      # always called after config file parsing, may be called after forking
-      lambda do ||
-        inner_app = case ru
-        when /\.ru$/
-          raw = File.read(ru)
-          raw.sub!(/^__END__\n.*/, '')
-          eval("Rack::Builder.new {(#{raw}\n)}.to_app", TOPLEVEL_BINDING, ru)
-        else
-          require ru
-          Object.const_get(File.basename(ru, '.rb').capitalize)
-        end
-
-        pp({ :inner_app => inner_app }) if $DEBUG
-
-        # return value, matches rackup defaults based on env
-        case ENV["RACK_ENV"]
-        when "development"
-          Rack::Builder.new do
-            use Rack::CommonLogger, $stderr
-            use Rack::ShowExceptions
-            use Rack::Lint
-            run inner_app
-          end.to_app
-        when "deployment"
-          Rack::Builder.new do
-            use Rack::CommonLogger, $stderr
-            run inner_app
-          end.to_app
-        else
-          inner_app
-        end
-      end
-    end
-
-    # returns an array of strings representing TCP listen socket addresses
-    # and Unix domain socket paths.  This is useful for use with
-    # Raindrops::Middleware under Linux: http://raindrops.bogomips.org/
-    def listener_names
-      HttpServer::LISTENERS.map { |io| SocketHelper.sock_name(io) }
-    end
-  end
-
-  # This is the process manager of Unicorn. This manages worker
-  # processes which in turn handle the I/O and application process.
-  # Listener sockets are started in the master process and shared with
-  # forked worker children.
-
-  class HttpServer < Struct.new(:app, :timeout, :worker_processes,
-                                :before_fork, :after_fork, :before_exec,
-                                :logger, :pid, :listener_opts, :preload_app,
-                                :reexec_pid, :orig_app, :init_listeners,
-                                :master_pid, :config, :ready_pipe, :user)
-    include ::Unicorn::SocketHelper
-    include ::Unicorn::HttpResponse
-
-    # backwards compatibility with 1.x
-    Worker = Unicorn::Worker
-
-    # prevents IO objects in here from being GC-ed
-    IO_PURGATORY = []
-
-    # all bound listener sockets
-    LISTENERS = []
-
-    # This hash maps PIDs to Workers
-    WORKERS = {}
-
-    # We use SELF_PIPE differently in the master and worker processes:
-    #
-    # * The master process never closes or reinitializes this once
-    # initialized.  Signal handlers in the master process will write to
-    # it to wake up the master from IO.select in exactly the same manner
-    # djb describes in http://cr.yp.to/docs/selfpipe.html
-    #
-    # * The workers immediately close the pipe they inherit from the
-    # master and replace it with a new pipe after forking.  This new
-    # pipe is also used to wakeup from IO.select from inside (worker)
-    # signal handlers.  However, workers *close* the pipe descriptors in
-    # the signal handlers to raise EBADF in IO.select instead of writing
-    # like we do in the master.  We cannot easily use the reader set for
-    # IO.select because LISTENERS is already that set, and it's extra
-    # work (and cycles) to distinguish the pipe FD from the reader set
-    # once IO.select returns.  So we're lazy and just close the pipe when
-    # a (rare) signal arrives in the worker and reinitialize the pipe later.
-    SELF_PIPE = []
-
-    # signal queue used for self-piping
-    SIG_QUEUE = []
-
-    # constant lookups are faster and we're single-threaded/non-reentrant
-    REQUEST = HttpRequest.new
-
-    # We populate this at startup so we can figure out how to reexecute
-    # and upgrade the currently running instance of Unicorn
-    # This Hash is considered a stable interface and changing its contents
-    # will allow you to switch between different installations of Unicorn
-    # or even different installations of the same applications without
-    # downtime.  Keys of this constant Hash are described as follows:
-    #
-    # * 0 - the path to the unicorn/unicorn_rails executable
-    # * :argv - a deep copy of the ARGV array the executable originally saw
-    # * :cwd - the working directory of the application, this is where
-    # you originally started Unicorn.
-    #
-    # To change your unicorn executable to a different path without downtime,
-    # you can set the following in your Unicorn config file, HUP and then
-    # continue with the traditional USR2 + QUIT upgrade steps:
-    #
-    #   Unicorn::HttpServer::START_CTX[0] = "/home/bofh/1.9.2/bin/unicorn"
-    START_CTX = {
-      :argv => ARGV.map { |arg| arg.dup },
-      :cwd => lambda {
-          # favor ENV['PWD'] since it is (usually) symlink aware for
-          # Capistrano and like systems
-          begin
-            a = File.stat(pwd = ENV['PWD'])
-            b = File.stat(Dir.pwd)
-            a.ino == b.ino && a.dev == b.dev ? pwd : Dir.pwd
-          rescue
-            Dir.pwd
-          end
-        }.call,
-      0 => $0.dup,
-    }
-
-    # Creates a working server on host:port (strange things happen if
-    # port isn't a Number).  Use HttpServer::run to start the server and
-    # HttpServer.run.join to join the thread that's processing
-    # incoming requests on the socket.
-    def initialize(app, options = {})
-      self.app = app
-      self.reexec_pid = 0
-      self.ready_pipe = options.delete(:ready_pipe)
-      self.init_listeners = options[:listeners] ? options[:listeners].dup : []
-      self.config = Configurator.new(options.merge(:use_defaults => true))
-      self.listener_opts = {}
-
-      # we try inheriting listeners first, so we bind them later.
-      # we don't write the pid file until we've bound listeners in case
-      # unicorn was started twice by mistake.  Even though our #pid= method
-      # checks for stale/existing pid files, race conditions are still
-      # possible (and difficult/non-portable to avoid) and can be likely
-      # to clobber the pid if the second start was in quick succession
-      # after the first, so we rely on the listener binding to fail in
-      # that case.  Some tests (in and outside of this source tree) and
-      # monitoring tools may also rely on pid files existing before we
-      # attempt to connect to the listener(s)
-      config.commit!(self, :skip => [:listeners, :pid])
-      self.orig_app = app
-    end
-
-    # Runs the thing.  Returns self so you can run join on it
-    def start
-      BasicSocket.do_not_reverse_lookup = true
-
-      # inherit sockets from parents, they need to be plain Socket objects
-      # before they become Kgio::UNIXServer or Kgio::TCPServer
-      inherited = ENV['UNICORN_FD'].to_s.split(/,/).map do |fd|
-        io = Socket.for_fd(fd.to_i)
-        set_server_sockopt(io, listener_opts[sock_name(io)])
-        IO_PURGATORY << io
-        logger.info "inherited addr=#{sock_name(io)} fd=#{fd}"
-        server_cast(io)
-      end
-
-      config_listeners = config[:listeners].dup
-      LISTENERS.replace(inherited)
-
-      # we start out with generic Socket objects that get cast to either
-      # Kgio::TCPServer or Kgio::UNIXServer objects; but since the Socket
-      # objects share the same OS-level file descriptor as the higher-level
-      # *Server objects; we need to prevent Socket objects from being
-      # garbage-collected
-      config_listeners -= listener_names
-      if config_listeners.empty? && LISTENERS.empty?
-        config_listeners << Unicorn::Const::DEFAULT_LISTEN
-        init_listeners << Unicorn::Const::DEFAULT_LISTEN
-        START_CTX[:argv] << "-l#{Unicorn::Const::DEFAULT_LISTEN}"
-      end
-      config_listeners.each { |addr| listen(addr) }
-      raise ArgumentError, "no listeners" if LISTENERS.empty?
-
-      # this pipe is used to wake us up from select(2) in #join when signals
-      # are trapped.  See trap_deferred.
-      init_self_pipe!
-
-      # setup signal handlers before writing pid file in case people get
-      # trigger happy and send signals as soon as the pid file exists.
-      # Note that signals don't actually get handled until the #join method
-      QUEUE_SIGS.each { |sig| trap_deferred(sig) }
-      trap(:CHLD) { |_| awaken_master }
-      self.pid = config[:pid]
-
-      self.master_pid = $$
-      build_app! if preload_app
-      maintain_worker_count
-      self
-    end
-
-    # replaces current listener set with +listeners+.  This will
-    # close the socket if it will not exist in the new listener set
-    def listeners=(listeners)
-      cur_names, dead_names = [], []
-      listener_names.each do |name|
-        if ?/ == name[0]
-          # mark unlinked sockets as dead so we can rebind them
-          (File.socket?(name) ? cur_names : dead_names) << name
-        else
-          cur_names << name
-        end
-      end
-      set_names = listener_names(listeners)
-      dead_names.concat(cur_names - set_names).uniq!
-
-      LISTENERS.delete_if do |io|
-        if dead_names.include?(sock_name(io))
-          IO_PURGATORY.delete_if do |pio|
-            pio.fileno == io.fileno && (pio.close rescue nil).nil? # true
-          end
-          (io.close rescue nil).nil? # true
-        else
-          set_server_sockopt(io, listener_opts[sock_name(io)])
-          false
-        end
-      end
-
-      (set_names - cur_names).each { |addr| listen(addr) }
-    end
-
-    def stdout_path=(path); redirect_io($stdout, path); end
-    def stderr_path=(path); redirect_io($stderr, path); end
-
-    def logger=(obj)
-      HttpRequest::DEFAULTS["rack.logger"] = super
-    end
-
-    # sets the path for the PID file of the master process
-    def pid=(path)
-      if path
-        if x = valid_pid?(path)
-          return path if pid && path == pid && x == $$
-          if x == reexec_pid && pid =~ /\.oldbin\z/
-            logger.warn("will not set pid=#{path} while reexec-ed "\
-                        "child is running PID:#{x}")
-            return
-          end
-          raise ArgumentError, "Already running on PID:#{x} " \
-                               "(or pid=#{path} is stale)"
-        end
-      end
-      unlink_pid_safe(pid) if pid
-
-      if path
-        fp = begin
-          tmp = "#{File.dirname(path)}/#{rand}.#$$"
-          File.open(tmp, File::RDWR|File::CREAT|File::EXCL, 0644)
-        rescue Errno::EEXIST
-          retry
-        end
-        fp.syswrite("#$$\n")
-        File.rename(fp.path, path)
-        fp.close
-      end
-      super(path)
-    end
-
-    # add a given address to the +listeners+ set, idempotently
-    # Allows workers to add a private, per-process listener via the
-    # after_fork hook.  Very useful for debugging and testing.
-    # +:tries+ may be specified as an option for the number of times
-    # to retry, and +:delay+ may be specified as the time in seconds
-    # to delay between retries.
-    # A negative value for +:tries+ indicates the listen will be
-    # retried indefinitely, this is useful when workers belonging to
-    # different masters are spawned during a transparent upgrade.
-    def listen(address, opt = {}.merge(listener_opts[address] || {}))
-      address = config.expand_addr(address)
-      return if String === address && listener_names.include?(address)
-
-      delay = opt[:delay] || 0.5
-      tries = opt[:tries] || 5
-      begin
-        io = bind_listen(address, opt)
-        unless Kgio::TCPServer === io || Kgio::UNIXServer === io
-          IO_PURGATORY << io
-          io = server_cast(io)
-        end
-        logger.info "listening on addr=#{sock_name(io)} fd=#{io.fileno}"
-        LISTENERS << io
-        io
-      rescue Errno::EADDRINUSE => err
-        logger.error "adding listener failed addr=#{address} (in use)"
-        raise err if tries == 0
-        tries -= 1
-        logger.error "retrying in #{delay} seconds " \
-                     "(#{tries < 0 ? 'infinite' : tries} tries left)"
-        sleep(delay)
-        retry
-      rescue => err
-        logger.fatal "error adding listener addr=#{address}"
-        raise err
-      end
-    end
-
-    # monitors children and receives signals forever
-    # (or until a termination signal is sent).  This handles signals
-    # one-at-a-time time and we'll happily drop signals in case somebody
-    # is signalling us too often.
-    def join
-      respawn = true
-      last_check = Time.now
-
-      proc_name 'master'
-      logger.info "master process ready" # test_exec.rb relies on this message
-      if ready_pipe
-        ready_pipe.syswrite($$.to_s)
-        ready_pipe.close rescue nil
-        self.ready_pipe = nil
-      end
-      begin
-        reap_all_workers
-        case SIG_QUEUE.shift
-        when nil
-          # avoid murdering workers after our master process (or the
-          # machine) comes out of suspend/hibernation
-          if (last_check + timeout) >= (last_check = Time.now)
-            murder_lazy_workers
-          else
-            # wait for workers to wakeup on suspend
-            master_sleep(timeout/2.0 + 1)
-          end
-          maintain_worker_count if respawn
-          master_sleep(1)
-        when :QUIT # graceful shutdown
-          break
-        when :TERM, :INT # immediate shutdown
-          stop(false)
-          break
-        when :USR1 # rotate logs
-          logger.info "master reopening logs..."
-          Unicorn::Util.reopen_logs
-          logger.info "master done reopening logs"
-          kill_each_worker(:USR1)
-        when :USR2 # exec binary, stay alive in case something went wrong
-          reexec
-        when :WINCH
-          if Process.ppid == 1 || Process.getpgrp != $$
-            respawn = false
-            logger.info "gracefully stopping all workers"
-            kill_each_worker(:QUIT)
-            self.worker_processes = 0
-          else
-            logger.info "SIGWINCH ignored because we're not daemonized"
-          end
-        when :TTIN
-          respawn = true
-          self.worker_processes += 1
-        when :TTOU
-          self.worker_processes -= 1 if self.worker_processes > 0
-        when :HUP
-          respawn = true
-          if config.config_file
-            load_config!
-          else # exec binary and exit if there's no config file
-            logger.info "config_file not present, reexecuting binary"
-            reexec
-          end
-        end
-      rescue Errno::EINTR
-      rescue => e
-        logger.error "Unhandled master loop exception #{e.inspect}."
-        logger.error e.backtrace.join("\n")
-      end while true
-      stop # gracefully shutdown all workers on our way out
-      logger.info "master complete"
-      unlink_pid_safe(pid) if pid
-    end
-
-    # Terminates all workers, but does not exit master process
-    def stop(graceful = true)
-      self.listeners = []
-      limit = Time.now + timeout
-      until WORKERS.empty? || Time.now > limit
-        kill_each_worker(graceful ? :QUIT : :TERM)
-        sleep(0.1)
-        reap_all_workers
-      end
-      kill_each_worker(:KILL)
-    end
-
-    private
-
-    # list of signals we care about and trap in master.
-    QUEUE_SIGS = [ :WINCH, :QUIT, :INT, :TERM, :USR1, :USR2, :HUP,
-                   :TTIN, :TTOU ]
-
-    # defer a signal for later processing in #join (master process)
-    def trap_deferred(signal)
-      trap(signal) do |sig_nr|
-        if SIG_QUEUE.size < 5
-          SIG_QUEUE << signal
-          awaken_master
-        else
-          logger.error "ignoring SIG#{signal}, queue=#{SIG_QUEUE.inspect}"
-        end
-      end
-    end
-
-    # wait for a signal hander to wake us up and then consume the pipe
-    # Wake up every second anyways to run murder_lazy_workers
-    def master_sleep(sec)
-      IO.select([ SELF_PIPE[0] ], nil, nil, sec) or return
-      SELF_PIPE[0].kgio_tryread(Const::CHUNK_SIZE)
-    end
-
-    def awaken_master
-      SELF_PIPE[1].kgio_trywrite('.') # wakeup master process from select
-    end
-
-    # reaps all unreaped workers
-    def reap_all_workers
-      begin
-        wpid, status = Process.waitpid2(-1, Process::WNOHANG)
-        wpid or return
-        if reexec_pid == wpid
-          logger.error "reaped #{status.inspect} exec()-ed"
-          self.reexec_pid = 0
-          self.pid = pid.chomp('.oldbin') if pid
-          proc_name 'master'
-        else
-          worker = WORKERS.delete(wpid) and worker.tmp.close rescue nil
-          m = "reaped #{status.inspect} worker=#{worker.nr rescue 'unknown'}"
-          status.success? ? logger.info(m) : logger.error(m)
-        end
-      rescue Errno::ECHILD
-        break
-      end while true
-    end
-
-    # reexecutes the START_CTX with a new binary
-    def reexec
-      if reexec_pid > 0
-        begin
-          Process.kill(0, reexec_pid)
-          logger.error "reexec-ed child already running PID:#{reexec_pid}"
-          return
-        rescue Errno::ESRCH
-          self.reexec_pid = 0
-        end
-      end
-
-      if pid
-        old_pid = "#{pid}.oldbin"
-        prev_pid = pid.dup
-        begin
-          self.pid = old_pid  # clear the path for a new pid file
-        rescue ArgumentError
-          logger.error "old PID:#{valid_pid?(old_pid)} running with " \
-                       "existing pid=#{old_pid}, refusing rexec"
-          return
-        rescue => e
-          logger.error "error writing pid=#{old_pid} #{e.class} #{e.message}"
-          return
-        end
-      end
-
-      self.reexec_pid = fork do
-        listener_fds = LISTENERS.map { |sock| sock.fileno }
-        ENV['UNICORN_FD'] = listener_fds.join(',')
-        Dir.chdir(START_CTX[:cwd])
-        cmd = [ START_CTX[0] ].concat(START_CTX[:argv])
-
-        # avoid leaking FDs we don't know about, but let before_exec
-        # unset FD_CLOEXEC, if anything else in the app eventually
-        # relies on FD inheritence.
-        (3..1024).each do |io|
-          next if listener_fds.include?(io)
-          io = IO.for_fd(io) rescue next
-          IO_PURGATORY << io
-          io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
-        end
-        logger.info "executing #{cmd.inspect} (in #{Dir.pwd})"
-        before_exec.call(self)
-        exec(*cmd)
-      end
-      proc_name 'master (old)'
-    end
-
-    # forcibly terminate all workers that haven't checked in in timeout
-    # seconds.  The timeout is implemented using an unlinked File
-    # shared between the parent process and each worker.  The worker
-    # runs File#chmod to modify the ctime of the File.  If the ctime
-    # is stale for >timeout seconds, then we'll kill the corresponding
-    # worker.
-    def murder_lazy_workers
-      WORKERS.dup.each_pair do |wpid, worker|
-        stat = worker.tmp.stat
-        # skip workers that disable fchmod or have never fchmod-ed
-        stat.mode == 0100600 and next
-        (diff = (Time.now - stat.ctime)) <= timeout and next
-        logger.error "worker=#{worker.nr} PID:#{wpid} timeout " \
-                     "(#{diff}s > #{timeout}s), killing"
-        kill_worker(:KILL, wpid) # take no prisoners for timeout violations
-      end
-    end
-
-    def spawn_missing_workers
-      (0...worker_processes).each do |worker_nr|
-        WORKERS.values.include?(worker_nr) and next
-        worker = Worker.new(worker_nr, Unicorn::TmpIO.new)
-        before_fork.call(self, worker)
-        WORKERS[fork {
-          ready_pipe.close if ready_pipe
-          self.ready_pipe = nil
-          worker_loop(worker)
-        }] = worker
-      end
-    end
-
-    def maintain_worker_count
-      (off = WORKERS.size - worker_processes) == 0 and return
-      off < 0 and return spawn_missing_workers
-      WORKERS.dup.each_pair { |wpid,w|
-        w.nr >= worker_processes and kill_worker(:QUIT, wpid) rescue nil
-      }
-    end
-
-    # if we get any error, try to write something back to the client
-    # assuming we haven't closed the socket, but don't get hung up
-    # if the socket is already closed or broken.  We'll always ensure
-    # the socket is closed at the end of this function
-    def handle_error(client, e)
-      msg = case e
-      when EOFError,Errno::ECONNRESET,Errno::EPIPE,Errno::EINVAL,Errno::EBADF
-        Const::ERROR_500_RESPONSE
-      when HttpParserError # try to tell the client they're bad
-        Const::ERROR_400_RESPONSE
+  # This returns a lambda to pass in as the app, this does not "build" the
+  # app (which we defer based on the outcome of "preload_app" in the
+  # Unicorn config).  The returned lambda will be called when it is
+  # time to build the app.
+  def self.builder(ru, opts)
+    # allow Configurator to parse cli switches embedded in the ru file
+    Unicorn::Configurator::RACKUP.update(:file => ru, :optparse => opts)
+
+    # always called after config file parsing, may be called after forking
+    lambda do ||
+      inner_app = case ru
+      when /\.ru$/
+        raw = File.read(ru)
+        raw.sub!(/^__END__\n.*/, '')
+        eval("Rack::Builder.new {(#{raw}\n)}.to_app", TOPLEVEL_BINDING, ru)
       else
-        logger.error "Read error: #{e.inspect}"
-        logger.error e.backtrace.join("\n")
-        Const::ERROR_500_RESPONSE
-      end
-      client.kgio_trywrite(msg)
-      client.close
-      rescue
-        nil
-    end
-
-    # once a client is accepted, it is processed in its entirety here
-    # in 3 easy steps: read request, call app, write app response
-    def process_client(client)
-      r = app.call(env = REQUEST.read(client))
-
-      if 100 == r[0].to_i
-        client.write(Const::EXPECT_100_RESPONSE)
-        env.delete(Const::HTTP_EXPECT)
-        r = app.call(env)
-      end
-      # r may be frozen or const, so don't modify it
-      REQUEST.response_headers? or r = [ r[0], nil, r[2] ]
-      http_response_write(client, r)
-    rescue => e
-      handle_error(client, e)
-    end
-
-    # gets rid of stuff the worker has no business keeping track of
-    # to free some resources and drops all sig handlers.
-    # traps for USR1, USR2, and HUP may be set in the after_fork Proc
-    # by the user.
-    def init_worker_process(worker)
-      QUEUE_SIGS.each { |sig| trap(sig, nil) }
-      trap(:CHLD, 'DEFAULT')
-      SIG_QUEUE.clear
-      proc_name "worker[#{worker.nr}]"
-      START_CTX.clear
-      init_self_pipe!
-      WORKERS.values.each { |other| other.tmp.close rescue nil }
-      WORKERS.clear
-      LISTENERS.each { |sock| sock.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) }
-      worker.tmp.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
-      after_fork.call(self, worker) # can drop perms
-      worker.user(*user) if user.kind_of?(Array) && ! worker.switched
-      self.timeout /= 2.0 # halve it for select()
-      build_app! unless preload_app
-    end
-
-    def reopen_worker_logs(worker_nr)
-      logger.info "worker=#{worker_nr} reopening logs..."
-      Unicorn::Util.reopen_logs
-      logger.info "worker=#{worker_nr} done reopening logs"
-      init_self_pipe!
-    end
-
-    # runs inside each forked worker, this sits around and waits
-    # for connections and doesn't die until the parent dies (or is
-    # given a INT, QUIT, or TERM signal)
-    def worker_loop(worker)
-      ppid = master_pid
-      init_worker_process(worker)
-      nr = 0 # this becomes negative if we need to reopen logs
-      alive = worker.tmp # tmp is our lifeline to the master process
-      ready = LISTENERS
-
-      # closing anything we IO.select on will raise EBADF
-      trap(:USR1) { nr = -65536; SELF_PIPE[0].close rescue nil }
-      trap(:QUIT) { alive = nil; LISTENERS.each { |s| s.close rescue nil } }
-      [:TERM, :INT].each { |sig| trap(sig) { exit!(0) } } # instant shutdown
-      logger.info "worker=#{worker.nr} ready"
-      m = 0
-
-      begin
-        nr < 0 and reopen_worker_logs(worker.nr)
-        nr = 0
-
-        # we're a goner in timeout seconds anyways if alive.chmod
-        # breaks, so don't trap the exception.  Using fchmod() since
-        # futimes() is not available in base Ruby and I very strongly
-        # prefer temporary files to be unlinked for security,
-        # performance and reliability reasons, so utime is out.  No-op
-        # changes with chmod doesn't update ctime on all filesystems; so
-        # we change our counter each and every time (after process_client
-        # and before IO.select).
-        alive.chmod(m = 0 == m ? 1 : 0)
-
-        ready.each do |sock|
-          if client = sock.kgio_tryaccept
-            process_client(client)
-            nr += 1
-            alive.chmod(m = 0 == m ? 1 : 0)
-          end
-          break if nr < 0
-        end
-
-        # make the following bet: if we accepted clients this round,
-        # we're probably reasonably busy, so avoid calling select()
-        # and do a speculative non-blocking accept() on ready listeners
-        # before we sleep again in select().
-        redo unless nr == 0 # (nr < 0) => reopen logs
-
-        ppid == Process.ppid or return
-        alive.chmod(m = 0 == m ? 1 : 0)
-
-        # timeout used so we can detect parent death:
-        ret = IO.select(LISTENERS, nil, SELF_PIPE, timeout) and ready = ret[0]
-      rescue Errno::EINTR
-        ready = LISTENERS
-      rescue Errno::EBADF
-        nr < 0 or return
-      rescue => e
-        if alive
-          logger.error "Unhandled listen loop exception #{e.inspect}."
-          logger.error e.backtrace.join("\n")
-        end
-      end while alive
-    end
-
-    # delivers a signal to a worker and fails gracefully if the worker
-    # is no longer running.
-    def kill_worker(signal, wpid)
-      Process.kill(signal, wpid)
-      rescue Errno::ESRCH
-        worker = WORKERS.delete(wpid) and worker.tmp.close rescue nil
-    end
-
-    # delivers a signal to each worker
-    def kill_each_worker(signal)
-      WORKERS.keys.each { |wpid| kill_worker(signal, wpid) }
-    end
-
-    # unlinks a PID file at given +path+ if it contains the current PID
-    # still potentially racy without locking the directory (which is
-    # non-portable and may interact badly with other programs), but the
-    # window for hitting the race condition is small
-    def unlink_pid_safe(path)
-      (File.read(path).to_i == $$ and File.unlink(path)) rescue nil
-    end
-
-    # returns a PID if a given path contains a non-stale PID file,
-    # nil otherwise.
-    def valid_pid?(path)
-      wpid = File.read(path).to_i
-      wpid <= 0 and return
-      Process.kill(0, wpid)
-      wpid
-      rescue Errno::ESRCH, Errno::ENOENT
-        # don't unlink stale pid files, racy without non-portable locking...
-    end
-
-    def load_config!
-      loaded_app = app
-      logger.info "reloading config_file=#{config.config_file}"
-      config[:listeners].replace(init_listeners)
-      config.reload
-      config.commit!(self)
-      kill_each_worker(:QUIT)
-      Unicorn::Util.reopen_logs
-      self.app = orig_app
-      build_app! if preload_app
-      logger.info "done reloading config_file=#{config.config_file}"
-    rescue StandardError, LoadError, SyntaxError => e
-      logger.error "error reloading config_file=#{config.config_file}: " \
-                   "#{e.class} #{e.message} #{e.backtrace}"
-      self.app = loaded_app
-    end
-
-    # returns an array of string names for the given listener array
-    def listener_names(listeners = LISTENERS)
-      listeners.map { |io| sock_name(io) }
-    end
-
-    def build_app!
-      if app.respond_to?(:arity) && app.arity == 0
-        if defined?(Gem) && Gem.respond_to?(:refresh)
-          logger.info "Refreshing Gem list"
-          Gem.refresh
-        end
-        self.app = app.call
+        require ru
+        Object.const_get(File.basename(ru, '.rb').capitalize)
+      end
+
+      pp({ :inner_app => inner_app }) if $DEBUG
+
+      # return value, matches rackup defaults based on env
+      case ENV["RACK_ENV"]
+      when "development"
+        Rack::Builder.new do
+          use Rack::CommonLogger, $stderr
+          use Rack::ShowExceptions
+          use Rack::Lint
+          run inner_app
+        end.to_app
+      when "deployment"
+        Rack::Builder.new do
+          use Rack::CommonLogger, $stderr
+          run inner_app
+        end.to_app
+      else
+        inner_app
       end
     end
+  end
 
-    def proc_name(tag)
-      $0 = ([ File.basename(START_CTX[0]), tag
-            ]).concat(START_CTX[:argv]).join(' ')
-    end
-
-    def redirect_io(io, path)
-      File.open(path, 'ab') { |fp| io.reopen(fp) } if path
-      io.sync = true
-    end
-
-    def init_self_pipe!
-      SELF_PIPE.each { |io| io.close rescue nil }
-      SELF_PIPE.replace(Kgio::Pipe.new)
-      SELF_PIPE.each { |io| io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) }
+  # returns an array of strings representing TCP listen socket addresses
+  # and Unix domain socket paths.  This is useful for use with
+  # Raindrops::Middleware under Linux: http://raindrops.bogomips.org/
+  def self.listener_names
+    Unicorn::HttpServer::LISTENERS.map do |io|
+      Unicorn::SocketHelper.sock_name(io)
     end
-
   end
 end
+
+# raised inside TeeInput when a client closes the socket inside the
+# application dispatch.  This is always raised with an empty backtrace
+# since there is nothing in the application stack that is responsible
+# for client shutdowns/disconnects.
+class Unicorn::ClientShutdown < EOFError; end
+
+require 'unicorn/const'
+require 'unicorn/socket_helper'
+require 'unicorn/http_request'
+require 'unicorn/configurator'
+require 'unicorn/tmpio'
+require 'unicorn/util'
+require 'unicorn/tee_input'
+require 'unicorn/http_response'
+require 'unicorn/worker'
+require 'unicorn/http_server'
diff --git a/lib/unicorn/const.rb b/lib/unicorn/const.rb
index abe3a37..9cb4dcd 100644
--- a/lib/unicorn/const.rb
+++ b/lib/unicorn/const.rb
@@ -1,35 +1,38 @@
 # -*- encoding: binary -*-
 
-module Unicorn
+# Frequently used constants when constructing requests or responses.
+# Many times the constant just refers to a string with the same
+# contents.  Using these constants gave about a 3% to 10% performance
+# improvement over using the strings directly.  Symbols did not really
+# improve things much compared to constants.
+module Unicorn::Const
 
-  # Frequently used constants when constructing requests or responses.  Many times
-  # the constant just refers to a string with the same contents.  Using these constants
-  # gave about a 3% to 10% performance improvement over using the strings directly.
-  # Symbols did not really improve things much compared to constants.
-  module Const
+  # The current version of Unicorn, currently 2.0.0pre
+  # this constant is deprecated and will soon move to Unicorn::VERSION
+  UNICORN_VERSION="2.0.0pre"
 
-    # The current version of Unicorn, currently 2.0.0pre
-    # this constant is deprecated and will soon move to Unicorn::VERSION
-    UNICORN_VERSION="2.0.0pre"
+  # default TCP listen host address (0.0.0.0, all interfaces)
+  DEFAULT_HOST = "0.0.0.0"
 
-    DEFAULT_HOST = "0.0.0.0" # default TCP listen host address
-    DEFAULT_PORT = 8080      # default TCP listen port
-    DEFAULT_LISTEN = "#{DEFAULT_HOST}:#{DEFAULT_PORT}"
+  # default TCP listen port (8080)
+  DEFAULT_PORT = 8080
 
-    # The basic max request size we'll try to read.
-    CHUNK_SIZE=(16 * 1024)
+  # default TCP listen address and port (0.0.0.0:8080)
+  DEFAULT_LISTEN = "#{DEFAULT_HOST}:#{DEFAULT_PORT}"
 
-    # Maximum request body size before it is moved out of memory and into a
-    # temporary file for reading (112 kilobytes).
-    MAX_BODY=1024 * 112
+  # The basic request body size we'll try to read at once (16 kilobytes).
+  CHUNK_SIZE = 16 * 1024
 
-    # common errors we'll send back
-    ERROR_400_RESPONSE = "HTTP/1.1 400 Bad Request\r\n\r\n"
-    ERROR_500_RESPONSE = "HTTP/1.1 500 Internal Server Error\r\n\r\n"
-    EXPECT_100_RESPONSE = "HTTP/1.1 100 Continue\r\n\r\n"
+  # Maximum request body size before it is moved out of memory and into a
+  # temporary file for reading (112 kilobytes).
+  MAX_BODY = 1024 * 112
 
-    # A frozen format for this is about 15% faster
-    HTTP_EXPECT="HTTP_EXPECT"
-  end
+  # :stopdoc:
+  # common errors we'll send back
+  ERROR_400_RESPONSE = "HTTP/1.1 400 Bad Request\r\n\r\n"
+  ERROR_500_RESPONSE = "HTTP/1.1 500 Internal Server Error\r\n\r\n"
+  EXPECT_100_RESPONSE = "HTTP/1.1 100 Continue\r\n\r\n"
 
+  HTTP_EXPECT = "HTTP_EXPECT"
+  # :startdoc:
 end
diff --git a/lib/unicorn/http_server.rb b/lib/unicorn/http_server.rb
new file mode 100644
index 0000000..d6fc0bd
--- /dev/null
+++ b/lib/unicorn/http_server.rb
@@ -0,0 +1,700 @@
+# -*- encoding: binary -*-
+
+# This is the process manager of Unicorn. This manages worker
+# processes which in turn handle the I/O and application process.
+# Listener sockets are started in the master process and shared with
+# forked worker children.
+class Unicorn::HttpServer
+  attr_accessor :app, :request, :timeout, :worker_processes,
+                :before_fork, :after_fork, :before_exec,
+                :logger, :pid, :listener_opts, :preload_app,
+                :reexec_pid, :orig_app, :init_listeners,
+                :master_pid, :config, :ready_pipe, :user
+
+  # :stopdoc:
+  include Unicorn::SocketHelper
+  include Unicorn::HttpResponse
+
+  # backwards compatibility with 1.x
+  Worker = Unicorn::Worker
+
+  # prevents IO objects in here from being GC-ed
+  IO_PURGATORY = []
+
+  # all bound listener sockets
+  LISTENERS = []
+
+  # This hash maps PIDs to Workers
+  WORKERS = {}
+
+  # We use SELF_PIPE differently in the master and worker processes:
+  #
+  # * The master process never closes or reinitializes this once
+  # initialized.  Signal handlers in the master process will write to
+  # it to wake up the master from IO.select in exactly the same manner
+  # djb describes in http://cr.yp.to/docs/selfpipe.html
+  #
+  # * The workers immediately close the pipe they inherit from the
+  # master and replace it with a new pipe after forking.  This new
+  # pipe is also used to wakeup from IO.select from inside (worker)
+  # signal handlers.  However, workers *close* the pipe descriptors in
+  # the signal handlers to raise EBADF in IO.select instead of writing
+  # like we do in the master.  We cannot easily use the reader set for
+  # IO.select because LISTENERS is already that set, and it's extra
+  # work (and cycles) to distinguish the pipe FD from the reader set
+  # once IO.select returns.  So we're lazy and just close the pipe when
+  # a (rare) signal arrives in the worker and reinitialize the pipe later.
+  SELF_PIPE = []
+
+  # signal queue used for self-piping
+  SIG_QUEUE = []
+
+  # We populate this at startup so we can figure out how to reexecute
+  # and upgrade the currently running instance of Unicorn
+  # This Hash is considered a stable interface and changing its contents
+  # will allow you to switch between different installations of Unicorn
+  # or even different installations of the same applications without
+  # downtime.  Keys of this constant Hash are described as follows:
+  #
+  # * 0 - the path to the unicorn/unicorn_rails executable
+  # * :argv - a deep copy of the ARGV array the executable originally saw
+  # * :cwd - the working directory of the application, this is where
+  # you originally started Unicorn.
+  #
+  # To change your unicorn executable to a different path without downtime,
+  # you can set the following in your Unicorn config file, HUP and then
+  # continue with the traditional USR2 + QUIT upgrade steps:
+  #
+  #   Unicorn::HttpServer::START_CTX[0] = "/home/bofh/1.9.2/bin/unicorn"
+  START_CTX = {
+    :argv => ARGV.map { |arg| arg.dup },
+    :cwd => lambda {
+        # favor ENV['PWD'] since it is (usually) symlink aware for
+        # Capistrano and like systems
+        begin
+          a = File.stat(pwd = ENV['PWD'])
+          b = File.stat(Dir.pwd)
+          a.ino == b.ino && a.dev == b.dev ? pwd : Dir.pwd
+        rescue
+          Dir.pwd
+        end
+      }.call,
+    0 => $0.dup,
+  }
+  # :startdoc:
+
+  # Creates a working server on host:port (strange things happen if
+  # port isn't a Number).  Use HttpServer::run to start the server and
+  # HttpServer.run.join to join the thread that's processing
+  # incoming requests on the socket.
+  def initialize(app, options = {})
+    @app = app
+    @request = Unicorn::HttpRequest.new
+    self.reexec_pid = 0
+    options = options.dup
+    self.ready_pipe = options.delete(:ready_pipe)
+    self.init_listeners = options[:listeners] ? options[:listeners].dup : []
+    options[:use_defaults] = true
+    self.config = Unicorn::Configurator.new(options)
+    self.listener_opts = {}
+
+    # we try inheriting listeners first, so we bind them later.
+    # we don't write the pid file until we've bound listeners in case
+    # unicorn was started twice by mistake.  Even though our #pid= method
+    # checks for stale/existing pid files, race conditions are still
+    # possible (and difficult/non-portable to avoid) and can be likely
+    # to clobber the pid if the second start was in quick succession
+    # after the first, so we rely on the listener binding to fail in
+    # that case.  Some tests (in and outside of this source tree) and
+    # monitoring tools may also rely on pid files existing before we
+    # attempt to connect to the listener(s)
+    config.commit!(self, :skip => [:listeners, :pid])
+    self.orig_app = app
+  end
+
+  # Runs the thing.  Returns self so you can run join on it
+  def start
+    BasicSocket.do_not_reverse_lookup = true
+
+    # inherit sockets from parents, they need to be plain Socket objects
+    # before they become Kgio::UNIXServer or Kgio::TCPServer
+    inherited = ENV['UNICORN_FD'].to_s.split(/,/).map do |fd|
+      io = Socket.for_fd(fd.to_i)
+      set_server_sockopt(io, listener_opts[sock_name(io)])
+      IO_PURGATORY << io
+      logger.info "inherited addr=#{sock_name(io)} fd=#{fd}"
+      server_cast(io)
+    end
+
+    config_listeners = config[:listeners].dup
+    LISTENERS.replace(inherited)
+
+    # we start out with generic Socket objects that get cast to either
+    # Kgio::TCPServer or Kgio::UNIXServer objects; but since the Socket
+    # objects share the same OS-level file descriptor as the higher-level
+    # *Server objects; we need to prevent Socket objects from being
+    # garbage-collected
+    config_listeners -= listener_names
+    if config_listeners.empty? && LISTENERS.empty?
+      config_listeners << Unicorn::Const::DEFAULT_LISTEN
+      init_listeners << Unicorn::Const::DEFAULT_LISTEN
+      START_CTX[:argv] << "-l#{Unicorn::Const::DEFAULT_LISTEN}"
+    end
+    config_listeners.each { |addr| listen(addr) }
+    raise ArgumentError, "no listeners" if LISTENERS.empty?
+
+    # this pipe is used to wake us up from select(2) in #join when signals
+    # are trapped.  See trap_deferred.
+    init_self_pipe!
+
+    # setup signal handlers before writing pid file in case people get
+    # trigger happy and send signals as soon as the pid file exists.
+    # Note that signals don't actually get handled until the #join method
+    QUEUE_SIGS.each { |sig| trap_deferred(sig) }
+    trap(:CHLD) { |_| awaken_master }
+    self.pid = config[:pid]
+
+    self.master_pid = $$
+    build_app! if preload_app
+    maintain_worker_count
+    self
+  end
+
+  # replaces current listener set with +listeners+.  This will
+  # close the socket if it will not exist in the new listener set
+  def listeners=(listeners)
+    cur_names, dead_names = [], []
+    listener_names.each do |name|
+      if ?/ == name[0]
+        # mark unlinked sockets as dead so we can rebind them
+        (File.socket?(name) ? cur_names : dead_names) << name
+      else
+        cur_names << name
+      end
+    end
+    set_names = listener_names(listeners)
+    dead_names.concat(cur_names - set_names).uniq!
+
+    LISTENERS.delete_if do |io|
+      if dead_names.include?(sock_name(io))
+        IO_PURGATORY.delete_if do |pio|
+          pio.fileno == io.fileno && (pio.close rescue nil).nil? # true
+        end
+        (io.close rescue nil).nil? # true
+      else
+        set_server_sockopt(io, listener_opts[sock_name(io)])
+        false
+      end
+    end
+
+    (set_names - cur_names).each { |addr| listen(addr) }
+  end
+
+  def stdout_path=(path); redirect_io($stdout, path); end
+  def stderr_path=(path); redirect_io($stderr, path); end
+
+  def logger=(obj)
+    Unicorn::HttpRequest::DEFAULTS["rack.logger"] = @logger = obj
+  end
+
+  # sets the path for the PID file of the master process
+  def pid=(path)
+    if path
+      if x = valid_pid?(path)
+        return path if pid && path == pid && x == $$
+        if x == reexec_pid && pid =~ /\.oldbin\z/
+          logger.warn("will not set pid=#{path} while reexec-ed "\
+                      "child is running PID:#{x}")
+          return
+        end
+        raise ArgumentError, "Already running on PID:#{x} " \
+                             "(or pid=#{path} is stale)"
+      end
+    end
+    unlink_pid_safe(pid) if pid
+
+    if path
+      fp = begin
+        tmp = "#{File.dirname(path)}/#{rand}.#$$"
+        File.open(tmp, File::RDWR|File::CREAT|File::EXCL, 0644)
+      rescue Errno::EEXIST
+        retry
+      end
+      fp.syswrite("#$$\n")
+      File.rename(fp.path, path)
+      fp.close
+    end
+    @pid = path
+  end
+
+  # add a given address to the +listeners+ set, idempotently
+  # Allows workers to add a private, per-process listener via the
+  # after_fork hook.  Very useful for debugging and testing.
+  # +:tries+ may be specified as an option for the number of times
+  # to retry, and +:delay+ may be specified as the time in seconds
+  # to delay between retries.
+  # A negative value for +:tries+ indicates the listen will be
+  # retried indefinitely, this is useful when workers belonging to
+  # different masters are spawned during a transparent upgrade.
+  def listen(address, opt = {}.merge(listener_opts[address] || {}))
+    address = config.expand_addr(address)
+    return if String === address && listener_names.include?(address)
+
+    delay = opt[:delay] || 0.5
+    tries = opt[:tries] || 5
+    begin
+      io = bind_listen(address, opt)
+      unless Kgio::TCPServer === io || Kgio::UNIXServer === io
+        IO_PURGATORY << io
+        io = server_cast(io)
+      end
+      logger.info "listening on addr=#{sock_name(io)} fd=#{io.fileno}"
+      LISTENERS << io
+      io
+    rescue Errno::EADDRINUSE => err
+      logger.error "adding listener failed addr=#{address} (in use)"
+      raise err if tries == 0
+      tries -= 1
+      logger.error "retrying in #{delay} seconds " \
+                   "(#{tries < 0 ? 'infinite' : tries} tries left)"
+      sleep(delay)
+      retry
+    rescue => err
+      logger.fatal "error adding listener addr=#{address}"
+      raise err
+    end
+  end
+
+  # monitors children and receives signals forever
+  # (or until a termination signal is sent).  This handles signals
+  # one-at-a-time time and we'll happily drop signals in case somebody
+  # is signalling us too often.
+  def join
+    respawn = true
+    last_check = Time.now
+
+    proc_name 'master'
+    logger.info "master process ready" # test_exec.rb relies on this message
+    if ready_pipe
+      ready_pipe.syswrite($$.to_s)
+      ready_pipe.close rescue nil
+      self.ready_pipe = nil
+    end
+    begin
+      reap_all_workers
+      case SIG_QUEUE.shift
+      when nil
+        # avoid murdering workers after our master process (or the
+        # machine) comes out of suspend/hibernation
+        if (last_check + timeout) >= (last_check = Time.now)
+          murder_lazy_workers
+        else
+          # wait for workers to wakeup on suspend
+          master_sleep(timeout/2.0 + 1)
+        end
+        maintain_worker_count if respawn
+        master_sleep(1)
+      when :QUIT # graceful shutdown
+        break
+      when :TERM, :INT # immediate shutdown
+        stop(false)
+        break
+      when :USR1 # rotate logs
+        logger.info "master reopening logs..."
+        Unicorn::Util.reopen_logs
+        logger.info "master done reopening logs"
+        kill_each_worker(:USR1)
+      when :USR2 # exec binary, stay alive in case something went wrong
+        reexec
+      when :WINCH
+        if Process.ppid == 1 || Process.getpgrp != $$
+          respawn = false
+          logger.info "gracefully stopping all workers"
+          kill_each_worker(:QUIT)
+          self.worker_processes = 0
+        else
+          logger.info "SIGWINCH ignored because we're not daemonized"
+        end
+      when :TTIN
+        respawn = true
+        self.worker_processes += 1
+      when :TTOU
+        self.worker_processes -= 1 if self.worker_processes > 0
+      when :HUP
+        respawn = true
+        if config.config_file
+          load_config!
+        else # exec binary and exit if there's no config file
+          logger.info "config_file not present, reexecuting binary"
+          reexec
+        end
+      end
+    rescue Errno::EINTR
+    rescue => e
+      logger.error "Unhandled master loop exception #{e.inspect}."
+      logger.error e.backtrace.join("\n")
+    end while true
+    stop # gracefully shutdown all workers on our way out
+    logger.info "master complete"
+    unlink_pid_safe(pid) if pid
+  end
+
+  # Terminates all workers, but does not exit master process
+  def stop(graceful = true)
+    self.listeners = []
+    limit = Time.now + timeout
+    until WORKERS.empty? || Time.now > limit
+      kill_each_worker(graceful ? :QUIT : :TERM)
+      sleep(0.1)
+      reap_all_workers
+    end
+    kill_each_worker(:KILL)
+  end
+
+  private
+
+  # list of signals we care about and trap in master.
+  QUEUE_SIGS = [ :WINCH, :QUIT, :INT, :TERM, :USR1, :USR2, :HUP,
+                 :TTIN, :TTOU ]
+
+  # defer a signal for later processing in #join (master process)
+  def trap_deferred(signal)
+    trap(signal) do |sig_nr|
+      if SIG_QUEUE.size < 5
+        SIG_QUEUE << signal
+        awaken_master
+      else
+        logger.error "ignoring SIG#{signal}, queue=#{SIG_QUEUE.inspect}"
+      end
+    end
+  end
+
+  # wait for a signal hander to wake us up and then consume the pipe
+  # Wake up every second anyways to run murder_lazy_workers
+  def master_sleep(sec)
+    IO.select([ SELF_PIPE[0] ], nil, nil, sec) or return
+    SELF_PIPE[0].kgio_tryread(11)
+  end
+
+  def awaken_master
+    SELF_PIPE[1].kgio_trywrite('.') # wakeup master process from select
+  end
+
+  # reaps all unreaped workers
+  def reap_all_workers
+    begin
+      wpid, status = Process.waitpid2(-1, Process::WNOHANG)
+      wpid or return
+      if reexec_pid == wpid
+        logger.error "reaped #{status.inspect} exec()-ed"
+        self.reexec_pid = 0
+        self.pid = pid.chomp('.oldbin') if pid
+        proc_name 'master'
+      else
+        worker = WORKERS.delete(wpid) and worker.tmp.close rescue nil
+        m = "reaped #{status.inspect} worker=#{worker.nr rescue 'unknown'}"
+        status.success? ? logger.info(m) : logger.error(m)
+      end
+    rescue Errno::ECHILD
+      break
+    end while true
+  end
+
+  # reexecutes the START_CTX with a new binary
+  def reexec
+    if reexec_pid > 0
+      begin
+        Process.kill(0, reexec_pid)
+        logger.error "reexec-ed child already running PID:#{reexec_pid}"
+        return
+      rescue Errno::ESRCH
+        self.reexec_pid = 0
+      end
+    end
+
+    if pid
+      old_pid = "#{pid}.oldbin"
+      prev_pid = pid.dup
+      begin
+        self.pid = old_pid  # clear the path for a new pid file
+      rescue ArgumentError
+        logger.error "old PID:#{valid_pid?(old_pid)} running with " \
+                     "existing pid=#{old_pid}, refusing rexec"
+        return
+      rescue => e
+        logger.error "error writing pid=#{old_pid} #{e.class} #{e.message}"
+        return
+      end
+    end
+
+    self.reexec_pid = fork do
+      listener_fds = LISTENERS.map { |sock| sock.fileno }
+      ENV['UNICORN_FD'] = listener_fds.join(',')
+      Dir.chdir(START_CTX[:cwd])
+      cmd = [ START_CTX[0] ].concat(START_CTX[:argv])
+
+      # avoid leaking FDs we don't know about, but let before_exec
+      # unset FD_CLOEXEC, if anything else in the app eventually
+      # relies on FD inheritence.
+      (3..1024).each do |io|
+        next if listener_fds.include?(io)
+        io = IO.for_fd(io) rescue next
+        IO_PURGATORY << io
+        io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
+      end
+      logger.info "executing #{cmd.inspect} (in #{Dir.pwd})"
+      before_exec.call(self)
+      exec(*cmd)
+    end
+    proc_name 'master (old)'
+  end
+
+  # forcibly terminate all workers that haven't checked in in timeout
+  # seconds.  The timeout is implemented using an unlinked File
+  # shared between the parent process and each worker.  The worker
+  # runs File#chmod to modify the ctime of the File.  If the ctime
+  # is stale for >timeout seconds, then we'll kill the corresponding
+  # worker.
+  def murder_lazy_workers
+    WORKERS.dup.each_pair do |wpid, worker|
+      stat = worker.tmp.stat
+      # skip workers that disable fchmod or have never fchmod-ed
+      stat.mode == 0100600 and next
+      (diff = (Time.now - stat.ctime)) <= timeout and next
+      logger.error "worker=#{worker.nr} PID:#{wpid} timeout " \
+                   "(#{diff}s > #{timeout}s), killing"
+      kill_worker(:KILL, wpid) # take no prisoners for timeout violations
+    end
+  end
+
+  def spawn_missing_workers
+    (0...worker_processes).each do |worker_nr|
+      WORKERS.values.include?(worker_nr) and next
+      worker = Worker.new(worker_nr, Unicorn::TmpIO.new)
+      before_fork.call(self, worker)
+      WORKERS[fork {
+        ready_pipe.close if ready_pipe
+        self.ready_pipe = nil
+        worker_loop(worker)
+      }] = worker
+    end
+  end
+
+  def maintain_worker_count
+    (off = WORKERS.size - worker_processes) == 0 and return
+    off < 0 and return spawn_missing_workers
+    WORKERS.dup.each_pair { |wpid,w|
+      w.nr >= worker_processes and kill_worker(:QUIT, wpid) rescue nil
+    }
+  end
+
+  # if we get any error, try to write something back to the client
+  # assuming we haven't closed the socket, but don't get hung up
+  # if the socket is already closed or broken.  We'll always ensure
+  # the socket is closed at the end of this function
+  def handle_error(client, e)
+    msg = case e
+    when EOFError,Errno::ECONNRESET,Errno::EPIPE,Errno::EINVAL,Errno::EBADF
+      Unicorn::Const::ERROR_500_RESPONSE
+    when HttpParserError # try to tell the client they're bad
+      Unicorn::Const::ERROR_400_RESPONSE
+    else
+      logger.error "Read error: #{e.inspect}"
+      logger.error e.backtrace.join("\n")
+      Unicorn::Const::ERROR_500_RESPONSE
+    end
+    client.kgio_trywrite(msg)
+    client.close
+    rescue
+      nil
+  end
+
+  # once a client is accepted, it is processed in its entirety here
+  # in 3 easy steps: read request, call app, write app response
+  def process_client(client)
+    r = @app.call(env = @request.read(client))
+
+    if 100 == r[0].to_i
+      client.write(Unicorn::Const::EXPECT_100_RESPONSE)
+      env.delete(Unicorn::Const::HTTP_EXPECT)
+      r = @app.call(env)
+    end
+    # r may be frozen or const, so don't modify it
+    @request.response_headers? or r = [ r[0], nil, r[2] ]
+    http_response_write(client, r)
+  rescue => e
+    handle_error(client, e)
+  end
+
+  # gets rid of stuff the worker has no business keeping track of
+  # to free some resources and drops all sig handlers.
+  # traps for USR1, USR2, and HUP may be set in the after_fork Proc
+  # by the user.
+  def init_worker_process(worker)
+    QUEUE_SIGS.each { |sig| trap(sig, nil) }
+    trap(:CHLD, 'DEFAULT')
+    SIG_QUEUE.clear
+    proc_name "worker[#{worker.nr}]"
+    START_CTX.clear
+    init_self_pipe!
+    WORKERS.values.each { |other| other.tmp.close rescue nil }
+    WORKERS.clear
+    LISTENERS.each { |sock| sock.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) }
+    worker.tmp.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
+    after_fork.call(self, worker) # can drop perms
+    worker.user(*user) if user.kind_of?(Array) && ! worker.switched
+    self.timeout /= 2.0 # halve it for select()
+    build_app! unless preload_app
+  end
+
+  def reopen_worker_logs(worker_nr)
+    logger.info "worker=#{worker_nr} reopening logs..."
+    Unicorn::Util.reopen_logs
+    logger.info "worker=#{worker_nr} done reopening logs"
+    init_self_pipe!
+  end
+
+  # runs inside each forked worker, this sits around and waits
+  # for connections and doesn't die until the parent dies (or is
+  # given a INT, QUIT, or TERM signal)
+  def worker_loop(worker)
+    ppid = master_pid
+    init_worker_process(worker)
+    nr = 0 # this becomes negative if we need to reopen logs
+    alive = worker.tmp # tmp is our lifeline to the master process
+    ready = LISTENERS
+
+    # closing anything we IO.select on will raise EBADF
+    trap(:USR1) { nr = -65536; SELF_PIPE[0].close rescue nil }
+    trap(:QUIT) { alive = nil; LISTENERS.each { |s| s.close rescue nil } }
+    [:TERM, :INT].each { |sig| trap(sig) { exit!(0) } } # instant shutdown
+    logger.info "worker=#{worker.nr} ready"
+    m = 0
+
+    begin
+      nr < 0 and reopen_worker_logs(worker.nr)
+      nr = 0
+
+      # we're a goner in timeout seconds anyways if alive.chmod
+      # breaks, so don't trap the exception.  Using fchmod() since
+      # futimes() is not available in base Ruby and I very strongly
+      # prefer temporary files to be unlinked for security,
+      # performance and reliability reasons, so utime is out.  No-op
+      # changes with chmod doesn't update ctime on all filesystems; so
+      # we change our counter each and every time (after process_client
+      # and before IO.select).
+      alive.chmod(m = 0 == m ? 1 : 0)
+
+      ready.each do |sock|
+        if client = sock.kgio_tryaccept
+          process_client(client)
+          nr += 1
+          alive.chmod(m = 0 == m ? 1 : 0)
+        end
+        break if nr < 0
+      end
+
+      # make the following bet: if we accepted clients this round,
+      # we're probably reasonably busy, so avoid calling select()
+      # and do a speculative non-blocking accept() on ready listeners
+      # before we sleep again in select().
+      redo unless nr == 0 # (nr < 0) => reopen logs
+
+      ppid == Process.ppid or return
+      alive.chmod(m = 0 == m ? 1 : 0)
+
+      # timeout used so we can detect parent death:
+      ret = IO.select(LISTENERS, nil, SELF_PIPE, timeout) and ready = ret[0]
+    rescue Errno::EINTR
+      ready = LISTENERS
+    rescue Errno::EBADF
+      nr < 0 or return
+    rescue => e
+      if alive
+        logger.error "Unhandled listen loop exception #{e.inspect}."
+        logger.error e.backtrace.join("\n")
+      end
+    end while alive
+  end
+
+  # delivers a signal to a worker and fails gracefully if the worker
+  # is no longer running.
+  def kill_worker(signal, wpid)
+    Process.kill(signal, wpid)
+    rescue Errno::ESRCH
+      worker = WORKERS.delete(wpid) and worker.tmp.close rescue nil
+  end
+
+  # delivers a signal to each worker
+  def kill_each_worker(signal)
+    WORKERS.keys.each { |wpid| kill_worker(signal, wpid) }
+  end
+
+  # unlinks a PID file at given +path+ if it contains the current PID
+  # still potentially racy without locking the directory (which is
+  # non-portable and may interact badly with other programs), but the
+  # window for hitting the race condition is small
+  def unlink_pid_safe(path)
+    (File.read(path).to_i == $$ and File.unlink(path)) rescue nil
+  end
+
+  # returns a PID if a given path contains a non-stale PID file,
+  # nil otherwise.
+  def valid_pid?(path)
+    wpid = File.read(path).to_i
+    wpid <= 0 and return
+    Process.kill(0, wpid)
+    wpid
+    rescue Errno::ESRCH, Errno::ENOENT
+      # don't unlink stale pid files, racy without non-portable locking...
+  end
+
+  def load_config!
+    loaded_app = app
+    logger.info "reloading config_file=#{config.config_file}"
+    config[:listeners].replace(init_listeners)
+    config.reload
+    config.commit!(self)
+    kill_each_worker(:QUIT)
+    Unicorn::Util.reopen_logs
+    self.app = orig_app
+    build_app! if preload_app
+    logger.info "done reloading config_file=#{config.config_file}"
+  rescue StandardError, LoadError, SyntaxError => e
+    logger.error "error reloading config_file=#{config.config_file}: " \
+                 "#{e.class} #{e.message} #{e.backtrace}"
+    self.app = loaded_app
+  end
+
+  # returns an array of string names for the given listener array
+  def listener_names(listeners = LISTENERS)
+    listeners.map { |io| sock_name(io) }
+  end
+
+  def build_app!
+    if app.respond_to?(:arity) && app.arity == 0
+      if defined?(Gem) && Gem.respond_to?(:refresh)
+        logger.info "Refreshing Gem list"
+        Gem.refresh
+      end
+      self.app = app.call
+    end
+  end
+
+  def proc_name(tag)
+    $0 = ([ File.basename(START_CTX[0]), tag
+          ]).concat(START_CTX[:argv]).join(' ')
+  end
+
+  def redirect_io(io, path)
+    File.open(path, 'ab') { |fp| io.reopen(fp) } if path
+    io.sync = true
+  end
+
+  def init_self_pipe!
+    SELF_PIPE.each { |io| io.close rescue nil }
+    SELF_PIPE.replace(Kgio::Pipe.new)
+    SELF_PIPE.each { |io| io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) }
+  end
+end
+