The buffer filled in by strerror_r needs to stay in scope while
it is pointed to by str.
Bug: 273807460
Change-Id: I494ca8b8aca2b28ec2f0f3da72d845db99633553
This is a new mallopt option that will force purge absolutely
everything no matter how long it takes to purge.
Wrote a unit test for the new mallopt, and added a test to help
verify that new mallopt parameters do not conflict with each other.
Modified some benchmarks to use this new parameter so that we can
get better RSS data.
Added a new M_PURGE_ALL benchmark.
Bug: 243851006
Test: All unit tests pass.
Test: Ran changed benchmarks.
Change-Id: I1b46a5e6253538108e052d11ee46fd513568adec
clang-r487747 added stack protector capability to check noreturn calls.
This caused the system to boot loop. Turn off the new capabilities as a
temporary workaround.
Test: build and boot
Change-Id: I62c912619dfdd2384672d504ce5d52330bf2a102
If the 'j' command is used here,it cannot always be called.
The 'tail' command is used here, let the compiler decide
which instruction to use,when the call distance is less
than 1M, it will be compiled into 'j' command, and when
the distance is greater than 1M, it will be compiled
into 'aupic' and 'jr' command.
Test: llvm-objdump -d
Change-Id: I53d8aa7f54b9c4c96fce491487dcba7b63348219
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
Don't assume that a `j` will always be in range. Let the toolchain
come up with the shortest sequence that will actually work.
Test: llvm-objdump -d
Change-Id: I497a68ecae434aad173c2b1c8024aed3756b8440
the "tail" command is used here, let the compiler decide
which instruction to use. when the call distance is less
than 1M, it will be compiled into "jr" command, and when
the distance is greater than 1M, it will be compiled
into "aupic" and "jr" command.
Test: make libc
Change-Id: I80d099d25c7cc2439a297d8afc65abeb5a7a360c
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
Guarding the definitions of registers with `#if definded(__USE_GNU)`.
This resolves a name conflict with the mesa3d library when
Virgl is enabled.
Test: launch_cvd -console=true -guest_enforce_security=false\
--gpu_mode=drm_virgl
Change-Id: I4402500eff74e26343700c099dd397b8a19a5ee3
Upstream made a change similar to our %s change, so we don't need that
difference any more. (But they didn't seem interested in our GNU
extensions, even though they're sensible ones that just ensure symmetry
between strftime() and strptime().)
Bug: http://b/167569813
Test: treehugger
Change-Id: I1d86d69c87b51719f0583341fafa7802869cd37e
Writing an assembly file can reduce several
assembly instructions, and compare it through
the disassembly of this file
Test: make libc
Change-Id: Ifdcc9c76742cc95b2ad9e3c14fac4796c36e12e6
Signed-off-by: caowencheng <caowencheng@eswincomputing.com>
Using %m is slightly less code, and means that perror() wouldn't touch
the strerror buffer in TLS. Doesn't matter, but noticed while I was
looking at this for another reason, and since it's _less_ code...
Test: treehugger
Change-Id: I99d31a5c326962958ad843ec4da2c3cc3b93b048
These are just one-liners, and the _FLOCK() macro seemed to me more
obscure than just inlining it (especially because there are only four
call sites total, so it's not like anyone's going to see that macro very
often).
Also add the missing CHECK_FP() calls. I don't expect this to break
anything, but if it does we can add a target API level check.
Test: treehugger
Change-Id: Ifa1a39d5d9eee46cca783acbe9ec3b3a1e6283d9
There's negative value to explicitly calling out Linux and ELF here,
when Android -- and especially this project -- is always both anyway.
No functional change.
Test: treehugger
Change-Id: Ic7514d74a5b5f6f06e64c46486c12773995076cd
The next NDK to take these headers only supports API 21 and later.
Note that this change leaves the _implementation_ of these functions
behind, so that any old apps calling these APIs should continue to work,
you just can't (without declaring the functions yourself) write new ones
that do (and declaring the functions yourself would only work on LP32
anyway, so that's not going to get you very far in 2023).
Test: treehugger
Change-Id: Ie03514e4215b40f6e9feaa6e4bf5df5b16dc8d59
The next NDK to take these headers only supports API 21 and later, but
even if it didn't --- there is no inline!
Test: treehugger
Change-Id: Ibb194e1cbf0a8551bff863d940d92c35ed06a1e1
The next NDK to take these headers only supports API 21 and later, so
clean up some of the trivial cruft.
Test: treehugger
Change-Id: Ib735a776d244cc82858f2ed629dd63a54dbaf650
The next NDK to take these headers only supports API 21 and later, so
clean up some of the trivial cruft.
This doesn't include the remaining "legacy inlines", since they're a bit
more complicated. I'll remove those in later changes.
Test: treehugger
Change-Id: I94c32f6393dd3ae831165917303ea591222baa0d
API level 19 is no longer supported by the NDK.
While I'm here, let's remove the duplicated structure defintion (as
we've already done for `struct stat`).
Test: treehugger
Change-Id: I9d8286f9e7ba803f3131b6dcb0486ff1b0f9d5d1
Get bsearch and other baremetal-compatible functions from NetBSD.
Bug: 249723852
Bug: 262344886
Test: -
Change-Id: Idd90188ae13c84ed35af8f1475370cec0fe8cdbb
These cause great confusion, so explicitly point out that apps can't use
one, and probably want the other.
Bug: https://github.com/android/ndk/issues/1255
Test: N/A
Change-Id: I287e820dc45a8446e3c72c9a2e4007db76828e3b
These are system calls where the "good" names are camped by
implementations that only work for 16-bit ids, and you need to say "32"
on LP32 to get sensible behavior.
Noticed when disabling CONFIG_UID16 in the kernel.
Bug: http://b/266732373
Test: llvm-objdump -d
Change-Id: Ib1b5822b030c4f86df755b129ec7b435a7f77cd3
This mode allows an android_mallopt(M_INITIALIZE_GWP_ASAN, ...) to turn
on the recoverable, sampled mode. This is the intended mode for
non-system apps that don't specify the gwpAsanMode in Android U.
Bug: 247012630
Test: Patch the zygote to use this option, launch an app with
gwpAsanMode unspecified, trigger a use-after-free, assert the app uses
the recoverable mode.
Change-Id: I701e10f44b2e2694789cc5ec6f0af4bc0c55b9e4
GWP-ASan's recoverable mode was landed upstream in
https://reviews.llvm.org/D140173.
This mode allows for a use-after-free or a buffer-overflow bug to be
detected by GWP-ASan, a crash report dumped, but then GWP-ASan (through
the preCrashReport() and postCrashReportRecoverableOnly() hooks) will
patch up the memory so that the process can continue, in spite of the
memory safety bug.
This is desirable, as it allows us to consider migrating non-system apps
from opt-in GWP-ASan to opt-out GWP-ASan. The major concern was "if we
make it opt-out, then bad apps will start crashing". If we don't crash,
problem solved :). Obviously, we'll need to do this with an amount of
process sampling to mitigate against the 70KiB memory overhead.
The biggest problem is that the debuggerd signal handler isn't the first
signal handler for apps, it's the sigchain handler inside of libart.
Clearly, the sigchain handler needs to ask us whether the crash is
GWP-ASan's fault, and if so, please patch up the allocator. Because of
linker namespace restrictions, libart can't directly ask the linker
(which is where debuggerd lies), so we provide a proxy function in libc.
Test: Build the platform, run sanitizer-status and various test apps
with recoverable gwp-asan. Assert that it doesn't crash, and we get a
debuggerd report.
Bug: 247012630
Change-Id: I86d5e27a9ca5531c8942e62647fd377c3cd36dfd
In some cases, the nullability of the pointer argument is too
complicated. Developers have better check relevant manuals or
code before annotating.
Bugs: b/245972273
Test: None
Change-Id: I3589a5080b267d1766cc8ed99868129ac16e4012
Some operations wind up allocating then freeing a significant
amount of memory. So after those operations, do a purge so that
the RSS of the process is not artificially inflated.
Bug: 262321164
Test: Ran unit tests.
Test: Verified after this change, the RSS does not go up after running
Test: am dumpheap -n <PID>.
Change-Id: I08477f8ce12c06fd2a068f536a81f4a577d619e2
This patch doesn't *enable* the SVE optimized routines, but it does let
us see if switching them to ifuncs will cause any app compat issues, so
that we can more easily use the optimized routines in future.
Test: treehugger
Change-Id: Ic5fe570bd21687da397b48127bf688f7ec68dd0c
The MTE-compatible routines are now faster than the incompatible ones,
so they merged them upstream.
I've left the ifunc boilerplate on the assumption that I'll be back
later to enable the new SVE variants.
Test: treehugger
Change-Id: Ic894bfb350b9aa70e307bca1c4978624b3e5f4fd
It makes sense that callers to getauxval() should have to pay for a
search --- that's exactly what they're asking for. But it seems silly
and unfair for the same to be true of sysconf() --- that's just an
implementation detail. Call getpagesize() directly instead.
Test: treehugger
Change-Id: I327adc55ace73bc6da68c4b34bf829d377bcbd1a
Using the long option names might not fit in the malloc debug option
property since properties have a 92 character limit.
This patch creates new aliases for the original options.
Bug: 264504531
Test: set new options pass
Test: Config unit tests pass.
Change-Id: Id985720f36a2bf0da7b35ff444c2c80eb1fb4363
The clang-analyzer-unix.Malloc and other warnings in these
unit tests are either false positive or in
negative tests that can be ignored.
Bug: 259995529
Test: presubmits; make tidy-bionic-libc_subset
Change-Id: Iddabe613d21d3717ba34f9e4d5bb97436279649f
We swap the 2nd and 3rd arguments to the CallocEntry constructor
to match the order in the cpp file, and match the C calloc convention.
We also fix an invocation of this constructor.
Change-Id: Iebe16d82a74459e5e957c1d9e2cc1aebb15150d0
Test: TreeHugger
This is a no-op but will be used in upcoming scudo changes that allow to
change the buffer size at process startup time, and as such we will no
longer be able to call __scudo_get_ring_buffer_size in debuggerd.
Bug: 263287052
Change-Id: I18f166fc136ac8314d748eb80a806defcc25c9fd
With timestamps, we are able to tell the details of allocator
performance such as the average time for malloc() in different size
class, the potential contention time by examing the overlap between
operations, .etc.
Not all malloc et al. operations are recorded with timestamp. Only
operations relates to memory usage change will have them.
Test: All unit tests pass.
Change-Id: I5c2016246a6f10b221387001bb44778969bb26ae
Add strtol (required by libfdt), which only depends on libc functions
the library already provides or requires.
Bug: 232900974
Test: m pvmfw_bin # with aosp/2314779
Change-Id: I460571b64369c6bf45fef213252f305e978c694d
Add __memcpy_chk (used by BoringSSL) and start documenting the
dependencies that the baremetal environment needs to provide to
successfully link the library.
Bug: 256148034
Bug: 256827715
Test: m pvmfw_bin && atest vmbase_example.integration_test
Change-Id: I0d61f4efc5cc26a95b74870be7cd7eebeeb0bd3a
Linux uapi headers use __packed as an abbreviation for
__attribute__((__packed__)). In the upstream kernel headers this
is defined in linux/compiler_attributes.h, but it is not defined
in the uapi headers. Bionic defines it in sys/cdefs.h, which will
almost always provide the needed definition, but there are uapi
headers that use __packed and do not include any system headers
that would include sys/cdefs.h. Musl's sys/cdefs.h does not
define __packed, which leads to linker errors when __packed is
treated as a variable name.
Replace __packed with __attribute__((__packed__)) when importing
uapi headers to break the dependency on sys/cdefs.h.
Test: m USE_HOST_MUSL=true on oriole-userdebug in internal master
Change-Id: I45f80f4e5aec868b80ce8eb9d757a3e08ae3e1a9
This reverts commit fa0e022b06.
Reason for revert: Appears to be causing crash_dump crashes in Go and/or 32-bit
Bug: 262391724
Change-Id: I3964aa9d6c7005313e6bf95b7e87d6a2ab08b52d
Test: Local revert on wembley
LLVM/rustc compiling no_std code expects a few libc symbols to be
defined (memcpy, memset, memcmp). Previously, we used the arm64 library
directly; instead, make the dependency arch-agnostic by exporting it
from Bionic, making it easier to add more libc functions (that might not
be implemented by the optimized routines), as necessary.
Test: m pvmfw_bin && atest vmbase_example.integration_test
Change-Id: I1d2cc69a25bbb7eddc67357a028b7b79d4909e79
* changes:
Expose unwinder APIs in NDK stubs for R and up.
Use abi::__cxa_demangle declared in cxxabi.h
__cxa_atexit_test: declare __cxa_atexit and __cxa_finalize
We still have local differences, but this minimizes (and documents) them.
Bug: http://b/167569813
Test: treehugger
Change-Id: Ib90e6ccc5ec1224e7ee89224a51b87fc48c9931f
These APIs are exposed in the on-device libc.so's .dynsym table from R
and up (e.g. _Unwind_xxx@@LIBC_R), but they were only available in the
APEX and LLNDK stubs. Expose the symbols from the NDK stubs too so that
the LLVM toolchain build can build a libc++.so that imports the
unwinder from libc.so. (The platform/APEX libc++.so will become a
toolchain prebuilt.)
Eventually this change will also allows apps to use the unwinder from
libc.so rather than linking libunwind.a statically.
Bug: http://b/175635923
Test: treehugger
Change-Id: I7ba9cef9a4727b49dd717e25a0321bf2889694de
We shouldn't need to poke these holes in seccomp now we're building the
sanitizers correctly.
Bug: http://b/229989971
Test: cuttlefish still boots with nothing untoward in the log
Change-Id: I2f9a050a86e670f000f44ad266ffdf404f3a1d1a
Remove copy_file_range(2), preadv2(2), and pwritev2(2), all of which are
now in SYSCALLS.TXT.
Remove semtimedop_time64(2) since it doesn't make any sense to have an
exception for just the 64-bit-time_t-on-LP32 variant of a syscall we
don't even use --- this is the least likely variant of that syscall
to need an exception!
Also clean up the unnecessary foo:foo syntax (you only need the : if you
want the generated stub to have a different name, and here the names
were all identical _and_ the whole point of this file is to list
syscalls that we're not generating stubs for, this was doubly useless),
simplify the signatures to just the types (which is all we need), and
improve some of the commentary.
Test: treehugger
Change-Id: I691b5758a2165be9bbeafdd83f0c64d7eea987e5
Treehugger didn't test 32-bit (and neither, of course, had I), so we
didn't notice until the next day that I'd only added the new check to
the 64-bit codepath. Let's just unify the two, since there's only one
line of meaningful difference.
Bug: http://b/261092827
Test: treehugger
Change-Id: I5178257a76fe24a340b3659c85ad29ed0a7b8b50
This one's a bit simpler, because there is only one upstream memset()
implementation.
Test: treehugger
Change-Id: I2536d0eb72adaacfa6a0e40d2bd29fc833988c16
Outsource this to them, and choose the best of the two options available
based on the hardware we're running on.
Test: treehugger
Change-Id: I2fa7555c971b64a6decca132210e901ffa248efa
These two will stay behind when we move memcpy()/memmove()/memset() over
to arm-optimized-routines (which leaves fortify to us).
Test: treehugger
Change-Id: Ie683f71a5a141263ce3f4e8811df9eaf667584f4
Just to make it clear that there's nothing interesting going on here ---
there's just one user, and the only symbol here is __memcpy().
Test: treehugger
Change-Id: I62d72c43c4c6d30442f05c1e08a0cb1a1ec42a8a
The compiler turns our C wmemmove() into one shift instruction and a
branch, which is plenty for a function no-one uses anyway.
Why don't I just leave this alone, since we already have it? Because I'm
looking at finishing the project of "switch to arm-optimized-routines"
and getting rid of our assembler here, and Arm agrees that this isn't
worth having optimized assembler for in their optimized assembler
project, judging by its absence.
Test: treehugger
Change-Id: I985801241a8cbd7dbda51a447946affb1402effb
I can't find this documented anywhere, other than people observing that
RISC-V appears to behave in this way. See the LLVM commit making a
similar change to similar code, for example: https://reviews.llvm.org/D87579.
Unsatisfying, but it works, and I suspect we're all too far down this
copy & paste hole to get back out now. See also psabi bug
https://github.com/riscv-non-isa/riscv-elf-psabi-doc/issues/18 for
more discussion.
Change-Id: I9e9d60bf859715895370861b2024deeb1d330577
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
It's hard to find the start of the previous instruction for riscv64
(given the C extension), and discussion with the ART folks cast doubt
on the comment's claim that we do this correctly for arm32 anyway.
So, rather than add complexity for riscv64, let's simplify this routine
for everyone. I suspect we could probably get away with just `--ip` for
all architectures, but since it's trivial to at least maintain plausible
alignment, I've stuck with the correct "at least" byte counts instead.
(See the discussion on
https://lists.riscv.org/g/sig-android/topic/detecting_16_bit_vs_32_bit/94813787
for more about riscv64 specifically.)
Test: treehugger
Change-Id: Ie43451d329470b3ece8779d11eb705d24d01c3d7
We don't need this (any more than arm64 does), because riscv64 is too
new to have had a too-small sigset_t, but it's useful for source code
compatibility with code that needs to build on arm32/x86 too.
Test: treehugger
Change-Id: Ied5f64d9094bc7d31c059f82f9e4ffe9b8ca4061
These have been aliases for strtoll() and strtoull() since L, by
accident. We've never exposed them in the headers, and they're unused by
any apps. Let's fix the inconsistency between libc.so and its headers by
removing the aliases.
Bug: https://github.com/android/ndk/issues/1803
Test: treehugger
Change-Id: I87de7831c04b3e450a44e9f0386cacb73793e393
Previously we'd output a diagnostic but just blindly carry on.
Test: ran locally without my previous fix
Change-Id: I99a2411eae5bd72d97b6a4335c699d1e44d7b55a
I don't think we need or want to do this. Most other architectures
don't.
Test: bionic-unit-tests-static
Change-Id: I3ad31926909caf0a37e73ac6cbac1fecd02ea6de
This was allowed implicitly until we moved bionic over to renameat2(2)
because that's all riscv64 has. This restores the status quo for the
other architectures (while keeping everyone using renameat2(2) if they
go via bionic, for consistency).
Bug: http://b/254179267
Test: treehugger
Change-Id: Ib7ebfbf043e1be3eca4b64fdf04ee55d6eb31aed
Due to commit 594844244237091347b62e8fbbc8a2851258db50 (update
stable to r468909b) the path for python3-clang support was moved from
prebuilts/clang/host/linux-x86/clang-stable/lib64/python3/site-packages
to:
prebuilts/clang/host/linux-x86/clang-stable/lib/python3/site-packages
Change the imports to point to the correct place.
Without the change:
Traceback (most recent call last):
File "bionic/libc/kernel/tools/./clean_header.py", line 72, in <module>
import sys, cpp, kernel, glob, os, re, getopt
File "bionic/libc/kernel/tools/cpp.py", line 19, in <module>
import clang.cindex
ModuleNotFoundError: No module named 'clang'
Bug: 254401594
Test: execute clean_headers.py
Signed-off-by: Pat Tjin <pattjin@google.com>
Change-Id: Ibf1423fbe78ee009366e26905c4a09e68ac8ff9b
The ndk sysroot does not include the crt*.o objects, package them
separately for use in the llvm toolchain build.
Test: lunch aosp_riscv64-userdebug && m bionic_sysroot_crt_objects
Change-Id: I0bda12b7979a026441bb67387709ee94b3249b6b
Add riscv64 kernel headers to the ndk sysroot for use by the LLVM
toolchain build. They will not be shipped in the real NDK.
Test: lunch aosp_riscv64-userdebug && m ndk_sysroot
Change-Id: I804e66b56919b84fa5dc03d432ae673ea4f31615
The arch variant of genrule.out will be soon disallowed in soong.
Bug: 253645813
Test: Manually build.
Change-Id: I2d5daa67b4e10f4abddebc98775df18df485843f
The arch variant of genrule.out will be soon disallowed in soong.
Bug: 253645813
Test: Manually build.
Change-Id: Ia07d45195de8c22f18487aef34795279d2962c4c
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: m
Change-Id: I02cf117f67bda74516e4de8cd6f4c05efdb9a85b
Pull the portable C string functions from FreeBSD, and do fairly literal
translations of our existing .S files for the bionic-specific stuff.
Test: treehugger
Change-Id: Id42e5b8a51ed73155be020d74edd7011a2103574
These are sufficiently intertwined that they need to be done together.
riscv64 is our first primary-only architecture, so that required some
changes. The .bp changes are to support this --- we need to only show
the python scripts the architectures they'll actually be using, rather
than showing them everything and ignoring some of the results.
riscv64 is also the first architecture that post-dates the kernel's
64-bit time work, so there's a bit of extra fiddling needed to handle
the __NR3264_ indirection in the uapi headers.
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: local builds for x86-64 and riscv64
Change-Id: I74044744e80b312088f805c44fbd667c9bfcdc69
Actually, we don't want to reuse the kernel struct ucontext because its
uc_mcontext has the wrong type, which means the fields within that end
up with the wrong names. Add the call site that made that evident, and
update <sys/ucontext.h> appropriately.
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
Change-Id: If1d079afef0d5953aa22d9b0e049cfb0119c7718
