Lets assume that we're talking about PGP/GPG keys, and you've uploaded your public key for signing to one of the main PGP/GPG key servers.
If you're curious how to revoke a certificate, here's a Guide to Revoking PGP/GPG Certificates.
With those assumptions in mind:
Will all things I have signed in the past with those subkeys be
considered "invalid"?
Yes. As long as the software is checking certificates for revocation anything signed in the past will be considered signed with a revoked certificate. It does not stop anyone from viewing a document, or reading an email. It's now at the user's discretion to trust the information or not.
Will the person who stole my keys be able to sign whatever he wants,
assuming the person doing the validating hasn't updated their keyring
in a while and doesn't know that the old signing keypair has been
revoked?
If the attacker has your private key then they can sign data as if it were from you. Once the certificate is marked as revoked in the keyserver anything the attacker signs will also come up as signed by a revoked certificate. Again, it's up to the user to verify the data, and decide to trust it or not.
Are there other dangers resulting from compromised signing keys that I
need to be aware of?
Signing keys can be used for user identification/verification. Let's say your company uses your signing keys to identify you on their network, and provide you with privileged access. Compromised certificates that aren't revoked can now get into your company's network, and gain access as you.
All of this is contingent on the software used for verification actually checking if a certificate is revoked, and using a keyserver. There are various opinions of this one way or the other.
Adam Langley has written an interesting article on revocation checking.
