Switch to posix_spawn on Apple targets in SystemNative_ForkAndExecProcess

[Copilot]

Description

Uses posix_spawn instead of fork/exec in SystemNative_ForkAndExecProcess on macOS (excluding MacCatalyst and tvOS).

• Guard: #if defined(__APPLE__) && !defined(TARGET_MACCATALYST) && !defined(TARGET_TVOS), placed as the first code block in the function
• Credential fallback: When setCredentials is true, falls through to the existing fork/exec path since macOS posix_spawn does not support setuid/setgid
• Signal handling: Sets POSIX_SPAWN_SETSIGDEF (reset all handlers to default) and POSIX_SPAWN_SETSIGMASK (empty mask, unblock all signals) for parity with the fork path
• FD redirection: Uses posix_spawn_file_actions_adddup2 for stdin/stdout/stderr, skipping when fd is -1
• Working directory: Calls posix_spawn_file_actions_addchdir_np directly (always available on supported macOS versions, no HAVE_ constant)
• Scoped out: No POSIX_SPAWN_CLOEXEC_DEFAULT (separate PR), no create_suspended, no create_new_process_group

[Copilot]

Pull request overview

This PR updates SystemNative_ForkAndExecProcess to use posix_spawn on Apple targets (intended for macOS per description) as an alternative to the existing fork/exec implementation when credentials don’t need to be set.

Changes:

• Add Apple-only posix_spawn fast path (when setCredentials is false), including working-directory and stdio redirection setup.
• Configure spawn attributes for signal defaults and signal mask behavior.
• Add <spawn.h> include for Apple builds.

[Copilot]

The posix_spawn signal-default setup resets all signals to SIG_DFL via sigfillset. This diverges from the existing fork path which preserves SIG_IGN handlers and skips signals like SIGKILL/SIGSTOP when adjusting handlers. To preserve behavior and avoid invalid entries in the sigdefault set, build the sigdefault set based on the current handlers (only signals with custom handlers), and exclude non-overridable signals.

[Copilot]

The posix_spawn path sets the child signal mask to an empty set (unblocks everything). The existing fork/vfork path restores the parent’s pre-fork mask (old_signal_set) in the child before exec. To keep parity, capture the current thread signal mask in the parent and pass that to posix_spawnattr_setsigmask instead of forcing an empty mask.

Suggested change

	// Set the child's signal mask to empty (unblock all signals)
	sigset_t no_signals;
	sigemptyset(&no_signals);
	if ((result = posix_spawnattr_setsigmask(&attr, &no_signals)) != 0)
	{
	// Set the child's signal mask to match the parent's current mask
	sigset_t current_mask;
	int sigmaskResult = pthread_sigmask(0, NULL, &current_mask);
	if (sigmaskResult != 0)
	{
	int saved_errno = sigmaskResult;
	posix_spawnattr_destroy(&attr);
	errno = saved_errno;
	return -1;
	}
	if ((result = posix_spawnattr_setsigmask(&attr, &current_mask)) != 0)
	{

[Copilot]

On several error returns in the posix_spawn fast path (e.g., access failure, posix_spawnattr_init failure, or later setup failures), *childPid is left unchanged. The existing fork path sets all out args (including *childPid = -1) on any failure. For consistent caller behavior, ensure *childPid is set to -1 on every failure return in this block.

[Copilot]

The fork path skips dup2 when the provided fd already equals STDIN_FILENO/STDOUT_FILENO/STDERR_FILENO. Here, posix_spawn_file_actions_adddup2 is called even when stdinFd == STDIN_FILENO (etc.). For parity (and to avoid any platform-specific EINVAL behavior for no-op dup2 actions), add the same fd != STD*_FILENO checks before adding the spawn file actions.

Suggested change

	if ((stdinFd != -1 && (result = posix_spawn_file_actions_adddup2(&file_actions, stdinFd, STDIN_FILENO)) != 0)
	|| (stdoutFd != -1 && (result = posix_spawn_file_actions_adddup2(&file_actions, stdoutFd, STDOUT_FILENO)) != 0)
	|| (stderrFd != -1 && (result = posix_spawn_file_actions_adddup2(&file_actions, stderrFd, STDERR_FILENO)) != 0))
	if ((stdinFd != -1 && stdinFd != STDIN_FILENO && (result = posix_spawn_file_actions_adddup2(&file_actions, stdinFd, STDIN_FILENO)) != 0)
	|| (stdoutFd != -1 && stdoutFd != STDOUT_FILENO && (result = posix_spawn_file_actions_adddup2(&file_actions, stdoutFd, STDOUT_FILENO)) != 0)
	|| (stderrFd != -1 && stderrFd != STDERR_FILENO && (result = posix_spawn_file_actions_adddup2(&file_actions, stderrFd, STDERR_FILENO)) != 0))

[Copilot]

The __APPLE__ guard here also includes iOS/watchOS targets (it only excludes MacCatalyst and tvOS). That doesn’t match the PR description (“on macOS”) and could inadvertently enable this posix_spawn path on platforms where Process/exec support is intentionally limited. Consider using a macOS-specific define (e.g., TARGET_OSX/TARGET_OSX && !TARGET_MACCATALYST) or explicitly excluding TARGET_IOS/TARGET_WATCHOS as appropriate for this repo’s Apple target macros.