Missed this when we added the new C23 binary output to the printf()
family.
Also fix %X to use "0X" instead of "0x" and add missing tests.
Test: used by new LD_SHOW_AUXV functionality
Change-Id: I6623b92acec7daf534536697de0f87352a2653ad
Talking futher to the person doing the glibc risc-v ifunc work, they
clarified that glibc _is_ passing hwcap as the first argument, and the
null pointer is actually the second argument.
https://sourceware.org/pipermail/libc-alpha/2023-August/150967.html
So since our whole purpose here was source compatibility, let's do what
they're actually doing, and let's add some tests. I've also added a test
that __riscv_hwprobe() works from an ifunc resolver because that's one
place where it might well be used. That said, one other thing that came
out of the discussion is that I actually went away and looked at a
sample of top apps to see how many are using ifuncs currently. The
result? Zero. So although this _might_ be interesting long term
(especially if clang gets riscv64 FMV), I think we've done more than we
need to with riscv64 ifuncs for now!
Test: ran locally, both dynamic and static tests
Change-Id: Ie2044d9f4e47c32c00ad381f045c537f4df38b08
This list has diverged between cts/ and bionic/. Instead of having to
maintain the list, let's just make cts/ inherit the one from bionic.
Bug: 296832150
Test: atest bionic-unit-tests CtsBionicTestCases
Change-Id: I271668e83aed239107b9129dfb707f03bae47cfa
Also fix a __has_include() that was copy & pasted without modification
from a different test.
Test: treehugger
Change-Id: Iafceb331a95ec788596ffdad60aa2202b692e589
Under some circumstances, it's possible to fail the enable allocation
limit android_mallopt call. Increase the total allowed time for the
function to complete.
In addition, if the enable fails, allow another limit call to succeed
in the future.
Finally, change the limit test to use _exit instead of exit.
Bug: 291672185
Test: Ran limit test thousands of times.
Test: Forced the limit to fail and verified the second call passes.
Change-Id: I0948e6fd97231a7538b9b82b76f0a207386681b1
We've had these backward all this time. The relevant quote is in a
code comment in the implementation, but the first call after
completely decoding a code point that requires a surrogate pair should
return the number of bytes decoded by the most recent call, and the
second call should return -3 (if only C had given those some named
constants that might have been more obviously wrong).
Bug: https://issuetracker.google.com/289419882
Test: Fixed the test, tests run against glibc and musl to confirm
Change-Id: Idabf01075b1cad35b604ede8d676d6f0b1dc91e6
Same as in uchar_test.cpp: glibc implements a much older unicode
standard which allows these.
Bug: None
Test: this is a test
Change-Id: Iead5eb01d391be85a7b1a034ea9e7f8828e81cdb
Same as the previous change for the uchar tests: the tests are wrong
to match bionic's wrong implementation. Fix the test to encode the bug
for now while I get the tests into good shape, then I'll be back to
fix the bugs and remove the test differences.
Bug: None
Test: this is a test
Change-Id: I1123660994f755f8bac1f2656f6890d5a43310b3
glibc immediately dereferences the locale passed to all wcsto*_l
functions, even if it won't be used, and even if it's
LC_GLOBAL_LOCALE, which isn't a pointer to valid memory.
Bug: None
Test: this is the test
Change-Id: Ia307cbd6a5c5b4b904c978a03e6d06c1cef6ceed
Change a test to use a signal that does not trigger a tombstone.
Also changed the gwp_asan_integration.DISABLED_assert_gwp_asan_enabled
test to inherit from the SilentDeathTest to prevent tombstones
being generated.
Test: Ran tests and no tombstones generated.
Change-Id: I0f104704829dde692aa515a63dea1c6971278c29
A few death tests are not set to silence tombstones, so fix
all of those occurrences.
Test: Ran all death tests and no tombstones generated.
Change-Id: If2b54b1a3432edbd54076439d40527d966607f70
The set_allocation_limit_multiple_threads test could fail every
once in a while. So rewrite slightly so that the tests wait until
all of the threads are running before letting them start.
I also refactored the code to use std::thread instead of the raw
pthread functions.
Bug: 291672185
Test: Ran the test thousdands of times.
Change-Id: Ia0bdef93d58e0ff8266e551ed4a32e14ff829581
These all appear to be either musl bugs or underspecified corners of
the C standard, so rather than verify the musl behavior I've just
disabled the body of the test for musl.
Now that this is skipped, all the uchar tests are passing for bionic,
glibc, and musl.
Bug: None
Test: None
Change-Id: Icf88ef42e9b750ab45ba76bf8112967b00e72a9f
Doesn't do anything for bionic (which is why this has gone unnoticed),
but it does change the locale for glibc and musl. After this patch,
all these tests pass on glibc. musl is still failing in
uchar.start_state, which I haven't finished investigating.
This should probably be a test fixture so it's harder to forget, but
there are a handful of tests here which don't call setlocale until
part way through the tests, and I'm not certain if that was attempting
to test some non-obvious behavior, or if that was just an accident. I
don't want to change that test behavior before understanding it
better, so this will do for now.
Bug: None
Test: ./tests/run-on-host.sh 64 --gtest_filter="uchar.*"
Test: ./tests/run-on-host.sh glibc --gtest_filter="uchar.*"
Test: ./tests/run-on-host.sh musl --gtest_filter="uchar.*"
Change-Id: Ib781a41893f021e336e67281070932f41f792318
This one forgot to set its locale, so it was passing on glibc (because
the sequence here wasn't valid in its default locale) and failing on
musl, both for the wrong reasons.
Bug: None
Test: ./tests/run-on-host.sh 64 --gtest_filter="uchar.*"
Test: ./tests/run-on-host.sh glibc --gtest_filter="uchar.*"
Test: ./tests/run-on-host.sh musl --gtest_filter="uchar.*"
Change-Id: Ic6bcd1836ba23c7010e2cde673a3beca73778021
Musl was treating 0xf0 as a valid character in its default locale. I
didn't dig into whether that was a musl bug or whether it was actually
translating whatever extended ASCII character that was into the
correct code point (tbh I don't know what the rule there is either).
Bug: None
Test: ./tests/run-on-host.sh 64 --gtest_filter="uchar.*"
Test: ./tests/run-on-host.sh glibc --gtest_filter="uchar.*"
Test: ./tests/run-on-host.sh musl --gtest_filter="uchar.*"
Change-Id: I0845fdee9a016ad67ccff3716129ff29f83a63d7
Also actually assign a bool to it. I'd originally written a #define
and apparently forgot to fix the value. I'm a bit surprised that clang
didn't complain.
Bug: None
Test: ./tests/run-on-host.sh 64 --gtest_filter="uchar.*"
Test: ./tests/run-on-host.sh glibc --gtest_filter="uchar.*"
Test: ./tests/run-on-host.sh musl --gtest_filter="uchar.*"
Change-Id: Iac46bc9c48fd70853d5c447e812e25e617281d2b
While looking at the disassembly for the epoll stuff I noticed that this
expands to quite a lot of code that the compiler can't optimize out for
LP64 (because it doesn't know that the "copy the argument into a local
and then use the local" bit isn't important).
There are two obvious options here. Something like this:
```
int signalfd64(int fd, const sigset64_t* mask, int flags) {
return __signalfd4(fd, mask, sizeof(*mask), flags);
}
int signalfd(int fd, const sigset_t* mask, int flags) {
#if defined(__LP64__)
return signalfd64(fd, mask, flags);
#else
SigSetConverter set = {.sigset = *mask};
return signalfd64(fd, &set.sigset64, flags);
#endif
}
```
Or something like this:
```
int signalfd64(int fd, const sigset64_t* mask, int flags) {
return __signalfd4(fd, mask, sizeof(*mask), flags);
}
#if defined(__LP64__)
__strong_alias(signalfd, signalfd64);
#else
int signalfd(int fd, const sigset_t* mask, int flags) {
SigSetConverter set = {};
set.sigset = *mask;
return signalfd64(fd, &set.sigset64, flags);
}
#endif
```
The former is slightly more verbose, but seems a bit more obvious, so I
initially went with that. (The former is more verbose in the generated
code too, given that the latter expands to _no_ code, just another symbol
pointing to the same code address.)
Having done that, I realized that slight changes to the interface would
let clang optimize away most/all of the overhead for LP64 with the only
preprocessor hackery being in SigSetConverter itself.
I also pulled out the legacy bsd `int` conversions since they're only
used in two (secret!) functions, so it's clearer to just have a separate
union for them. While doing so, I suppressed those functions for
riscv64, since there's no reason to keep carrying that mistake forward.
posix_spawn() is another simple case that doesn't actually benefit from
SigSetConverter, so I've given that its own anonymous union too.
Test: treehugger
Change-Id: Iaf67486da40d40fc53ec69717c3492ab7ab81ad6
Same as the earlier fix for mbrtoc16. Other implementations support
the older RFC, bionic supports the new one.
Bug: None
Test: ./tests/run-on-host.sh glibc --gtest_filter="uchar.*"
Change-Id: I9e85a9ae53aaaa112a76665063acd2bd856b26cf
glibc and musl both interpreted the spec differently than we did
(better, imo) for the return value of a zero-length conversion. Fix
the test to handle that.
Also converted the test from ASSERT to EXPECT to reduce the number of
builds needed to find failures.
Bug: None
Test: ./tests/run-on-host.sh glibc --gtest_filter="uchar.*"
Change-Id: Id74364040ce3b0e21bacd78f70467053cc8a6058
Also split that case out into a separate test to avoid complicating
the test for the common cases.
Bug: None
Test: ./tests/run-on-host.sh glibc --gtest_filter="uchar.mbrtoc16"
Change-Id: If7e50f659ad99ee9bab8847fc7320c7bbd629c5d
The obsolete mips header rides again!
The most interesting part of this change is that I've removed the hack
that meant that all system call wrappers starting with `__` defaulted to
being hidden symbols. That's no longer useful given our linker scripts,
and it actively got in the way here because the public libc symbol
actually starts with `__` in glibc, and it would be weird and annoying
for developers if we chose a different name.
Test: strace
Change-Id: I230479787895e8e34f566ade36346a8241eea998
The hidden pointer makes this trickier than the usual incantation, so
leave some copy & paste lying around for anyone trying to work this out.
Test: treehugger
Change-Id: I26e94bf7a74ce3e43de587edc52ab63e36d1d86b
This works (by reading /etc/localtime) on NetBSD, but not on Android
since we have no such file. Fix that by using our equivalent system
property instead.
Also s/time zone/timezone/ in documentation and comments. We've always
been inconsistent about this (as is upstream in code comments and
documentation) but it seems especially odd now we expose a _type_ that
spells it "timezone" to talk of "time zone" even as we're describing
that type and its associated functions.
Bug: https://github.com/chronotope/chrono/issues/499
Test: treehugger
Change-Id: I142995a3ab4deff1073a0aa9e63ce8eac850b93d
This new mallopt cause statistics of the allocator to be printed in
the log.
Add a stats print for jemalloc.
This is designed to be used as part of a dumpsys meminfo --XXXX
option so that it's easier to get information about apps that
have an unusual memory footprint.
Test: Unit tests pass.
Test: Ran on a device using jemalloc and verified log data.
Test: Ran on a device using scudo and verified log data.
Change-Id: I6fa44ce619c064b2596fbbb478c231994af94f4c
* Rationale
The question often comes up of how to use multiple time zones in C code.
If you're single-threaded, you can just use setenv() to manipulate $TZ.
toybox does this, for example. But that's not thread-safe in two
distinct ways: firstly, getenv() is not thread-safe with respect to
modifications to the environment (and between the way putenv() is
specified and the existence of environ, it's not obvious how to fully
fix that), and secondly the _caller_ needs to ensure that no other
threads are using tzset() or any function that behaves "as if" tzset()
was called (which is neither easy to determine nor easy to ensure).
This isn't a bigger problem because most of the time the right answer
is to stop pretending that libc is at all suitable for any i18n, and
switch to icu4c instead. (The NDK icu4c headers do not include ucal_*,
so this is not a realistic option for most applications.)
But what if you're somewhere in between? Like the rust chrono library,
for example? What then?
Currently their "least worst" option is to reinvent the entire wheel and
read our tzdata files. Which isn't a great solution for anyone, for
obvious maintainability reasons.
So it's probably time we broke the catch-22 here and joined NetBSD in
offering a less broken API than standard C has for the last 40 years.
Sure, any would-be caller will have to have a separate "is this
Android?" and even "is this API level >= 35?" path, but that will fix
itself sometime in the 2030s when developers can just assume "yes, it
is", whereas if we keep putting off exposing anything, this problem
never gets solved.
(No-one's bothered to try to implement the std::chrono::time_zone
functionality in libc++ yet, but they'll face a similar problem if/when
they do.)
* Implementation
The good news is that tzcode already implements these functions, so
there's relatively little here.
I've chosen not to expose `struct state` because `struct __timezone_t`
makes for clearer error messages, given that compiler diagnostics will
show the underlying type name (`struct __timezone_t*`) rather than the
typedef name (`timezone_t`) that's used in calling code.
I've moved us over to FreeBSD's wcsftime() rather than keep the OpenBSD
one building --- I've long wanted to only have one implementation here,
and FreeBSD is already doing the "convert back and forth, calling the
non-wide function in the middle" dance that I'd hoped to get round to
doing myself someday. This should mean that our strftime() and
wcsftime() behaviors can't easily diverge in future, plus macOS/iOS are
mostly FreeBSD, so any bugs will likely be interoperable with the other
major mobile operating system, so there's something nice for everyone
there!
The FreeBSD wcsftime() implementation includes a wcsftime_l()
implementation, so that's one stub we can remove. The flip side of that
is that it uses mbsrtowcs_l() and wcsrtombs_l() which we didn't
previously have. So expose those as aliases of mbsrtowcs() and
wcsrtombs().
Bug: https://github.com/chronotope/chrono/issues/499
Test: treehugger
Change-Id: Iee1b9d763ead15eef3d2c33666b3403b68940c3c
wfN: Specifies that a following b, d, i, o, u, x, or X conversion specifier applies to a fastest minimum-width integer argument with a specific width where N is a positive decimal integer with no leading zeros (the argument will have been promoted according to the integer promotions, but its value shall be converted to the unpromoted type); or that a following n conversion specifier applies to a pointer to a fastest minimum-width integer type argument with a width of N bits. All fastest minimum-width integer types (7.22.1.3) defined in the header <stdint.h> shall be supported. Other supported values of N are implementation-defined.
Bug: b/271903607
Test: adb shell
Change-Id: Iaa1f6d87251144de0b763672ca93f23272880ad1
Although the existing annotations were strictly true (see
https://github.com/android/ndk/issues/1888#issuecomment-1581773348 for
the gory details), given the Play Store requirement that 32-bit code
must have a 64-bit version, it's not obviously useful to offer a
function for 32-bit before 64-bit.
Test: treehugger
Change-Id: I8ca11b874c26dfaa632690f510cb5409d95012e9
wN: Specifies that a following b, d, i, o, u, x, or X conversion specifier applies to an integer argument with a specific width where N is a positive decimal integer with no leading zeros (the argument will have been promoted according to the integer promotions, but its value shall be converted to the unpromoted type); or that a following n conversion specifier applies to a pointer to an integer type argument with a width of N bits. All minimum-width integer types (7.22.1.2) and exact-width integer types (7.22.1.1) defined in the header <stdint.h> shall be supported. Other supported values of N are implementation-defined.
Bug: b/271903607
Test: adb shell
Change-Id: I595fd2ac7bc40d9fb7f1935b39933a6cc068eeff
Discussion of this during my recent minor cleanup convinced me that we
should just remove __RENAME_LDBL. There's no obvious benefit to being
able to build something for 32-bit if you can't build the same code for
64-bit, given that most new hardware (and entire verticals such as Auto)
are 64-bit-only, and the Play Store requires any app with 32-bit code to
also ship 64-bit code.
Test: treehugger
Change-Id: I1c5503b968ca66925d7bd125bd3630c41ec1bfd0
The only remaining differences between vfprintf.cpp and vfwprintf.cpp
after this are the wide/narrow conversions for %c, %m, and %s. I've used
"chars" and "bytes" for the named constants for the directions because
(a) I find -1 and 1 pretty confusing and (b) although "narrow" is the
obvious opposite of "wide", only Windows actually moved to wide
characters, so "narrow" (aka "multibyte", and probably "utf8") is the
default/normal case. Even though C confuses bytes and characters via its
`char` type, "bytes" versus "chars" seems like the appropriate
terminology (and it's what Java/Python use).
Also improve the swprintf tests assertion so failures are readable.
Test: treehugger
Change-Id: Ife8f70f65ec28d96058a7d68df353945524835d2
This reduces the amount of boilerplate for these tests, and ensures that
we have a corresponding swprintf() test for every snprintf() test
(except the handful where it doesn't make sense; we have no FORTIFY for
the wide-character routine, for example).
Test: treehugger
Change-Id: I14091683494bbb414f1a72bddc9835b86ff62526
Jens Gustedt suggested a better implementation last year on the musl
mailing list: https://www.openwall.com/lists/musl/2022/11/19/1
It means the constants are sparse, but in return it means we can add
future constants and they'll be backward compatible. (Sadly you'll need
to be on API level 35 before you can use anything but TIME_UTC.)
I doubt this will ever matter, because everyone should just stick to
clock_gettime()/clock_getres() anyway, and anyone who does have a
legitimate use for timespec_get() and timespec_getres() probably needs
to support non-Linux and so can't use any clocks that aren't in ISO C
anyway. But given that we don't _have_ to paint ourselves into a corner
here, we may as well take the opportunity to not do so.
Test: strace
Change-Id: I293d32fcbcf7f6703564dac0978ae2a10192a482
This is the one openlog() flag that toybox uses. We should probably try
to unify toybox's POSIX logger and Android-specific log at some point,
and this will help.
Also fix our behavior with an empty format string, noticed while adding
tests.
Test: treehugger
Test: adb shell logger -s foo
Change-Id: Ic027e78a460be3db83cc4c6f9946c9efa22be6e1
wfN: Specifies that a following b, d, i, o, u, x, or X conversion specifier applies to a fastest minimum-width integer argument with a specific width where N is a positive decimal integer with no leading zeros (the argument will have been promoted according to the integer promotions, but its value shall be converted to the unpromoted type); or that a following n conversion specifier applies to a pointer to a fastest minimum-width integer type argument with a width of N bits. All fastest minimum-width integer types (7.22.1.3) defined in the header <stdint.h> shall be supported. Other supported values of N are implementation-defined.
Bug: b/271903607
Test: adb shell
Change-Id: Ida36d5a50af2a46fd04cb5fe039793d8872f9f3b
Although this breaks job control in several shells (including mksh),
this has been broken since the initial commit and no-one's noticed until
now.
Bug: https://github.com/android/ndk/issues/1878
Test: treehugger
Change-Id: Id7c4805965c5e5847db99b57df1af13355adcc22
57b8fc957a
changes the way overflows are tracked: now compiler builtins
are used instead of manual arithmetics. But as int_fast32_t on
64-bit Android takes 8 bytes, new logic behaves differently.
See time_test.cpp changes for more details.
Changes were applied using following commands:
1) Checkout tzcode repo
2) Prepare patches for all tzcode file using
git diff 2022a 2023a -- <file-name> > <file-name-patch>
3) Apply these patches to files in bionic using
patch -p1 <file-name> <file-name-patch>
Bug: 279742606
Test: CtsBionicTestCases
Test: CtsLibcoreTestCases
Test: CtsLibcoreOjTestCases
Test: atest toybox-tests
Change-Id: I7772a90538b8185bdd2f4be6e9d1740c95509d6c
When annotating the netinet directory aosp/2552567, we realize the
argment s for vsnprintf family can be null only if the buffer size is 0.
So we correct them and add some tests to verify our assumption.
Bugs: b/245972273
Test: adb shell
Change-Id: I51063286272be0daee0d7c1453a374b1f5674481
Nothing to see here --- you'll want to keep using POSIX clock_gettime()
and clock_getres() instead. But portable code might use this eventually,
and it's trivial, so let's add it anyway.
(The whole "zero as an error return" precluding the direct use of
Linux's CLOCK_ constants is what really makes this a terrible API ---
we're going to have to add explicit translation any time they add a
new base.)
Test: treehugger
Change-Id: Iddb6cbe67b67b2b10fdd8b5ee654896d23deee47
Someone uploaded --no-verify, and now I'm being asked to change the
NOTICE file. Instead, let's just use the existing BSD header for 2023,
since we've been trying to keep the tests BSD licensed anyway.
Test: treehugger
Change-Id: I4a5b1a50c65bebaaa3015634b67868b3b7a7ce32
Since we need a page-aligned allocation for a thread stack, explicitly
ask for one. (Scudo happens to just give us one anyway for an allocation
this large, but 32-bit jemalloc does not.)
Bug: http://b/277598913
Test: treehugger
(cherry picked from https://android-review.googlesource.com/q/commit:18e335b3da7ae1afd74055cbe7f0d85541863691)
Merged-In: I41eeb6aadb6a22bf5d9619e768e5e0a76617f747
Change-Id: I41eeb6aadb6a22bf5d9619e768e5e0a76617f747
Since we need a page-aligned allocation for a thread stack, explicitly
ask for one. (Scudo happens to just give us one anyway for an allocation
this large, but 32-bit jemalloc does not.)
Bug: http://b/277598913
Test: treehugger
Change-Id: I41eeb6aadb6a22bf5d9619e768e5e0a76617f747
wN: Specifies that a following b, d, i, o, u, x, or X
conversion specifier applies to an integer argument with
a specific width where N is a positive decimal integer with
no leading zeros
Bug: b/271903607
Test: adb shell
Change-Id: I688f6cefeb2e5c8325b007a59935a46f4116ac29
This isn't a very helpful way to say "realpath() failed":
```
bionic/tests/dlfcn_test.cpp:(1006) Failure in test dlfcn.dladdr_libc
Value of: realpath("/system/lib64/" "hwasan/libc.so", libc_realpath) == libc_realpath
Actual: false
Expected: true
```
Bug: http://b/278795547
Test: treehugger
Change-Id: I1078ab4a675b956327f2578086a1a5e7d8a2928b
Contrary to the old comment, POSIX says nothing about whether or not
tmpfile() respects $TMPDIR, and it's significantly more useful on
Android if it does (because there's no shared /tmp that everyone can
write to).
Bug: https://issuetracker.google.com/36991167
Test: treehugger
Change-Id: I3cc45adff167420f100c8ed1c63cba1ea67e9f70
Musl #defines utmp to utmpx, which causes the tests in utmp_test.cpp
to collide with the ones in utmpx_test.cpp. Skip the utmp_test.cpp
when building for musl.
Test: m USE_HOST_MUSL=true
Change-Id: Ie05ddf6e1fd8c3bcc687d2537c19b6ab70ab8d67
This mode instructs the linker to search for libraries in hwasan
subdirectories of all library search paths. This is set up to contain a
hwasan-enabled copy of libc, which is needed for HWASan programs to
operate. There are two ways this mode can be enabled:
* for native binaries, by using the linker_hwasan64 symlink as its
interpreter
* for apps: by setting the LD_HWASAN environment variable in wrap.sh
Bug: 276930343
Change-Id: I0f4117a50091616f26947fbe37a28ee573b97ad0
The recent header nullability additions and the corresponding source
cleanup made me notice that we're missing a couple of actions that most
of the other implementations have. They've also been added to the _next_
revision of POSIX, unchanged except for the removal of the `_np` suffix.
They're trivial to implement, the testing is quite simple too, and
if they're going to be in POSIX soon, having them accessible in older
versions of Android via __RENAME() seems useful. (No-one else has shipped
the POSIX names yet.)
Bug: http://b/152414297
Test: treehugger
Change-Id: I0d2a1e47fbd2e826cff9c45038928aa1b6fcce59
Now <utmpx.h> isn't any more useful on Android than <utmp.h> is, but it
is POSIX, and -- importantly -- we can implement it with just a header
file, so code can use it on every existing API level.
macOS does indeed only have the <utmpx.h> functions (although it does
still have the <utmp.h> header!), so potentially portable code might
want <utmpx.h> on Android. (glibc/musl both have both headers.)
Bug: https://github.com/landley/toybox/pull/213
Test: treehugger
Change-Id: Iaa88167708182009a63e2e1a15f11186b251ed02
While these tests were running, other native processes would get torture GWP-ASan. This can lead to OOMs.
Bug: 273904016
Change-Id: Ia813a73bfc1c379633be022dbf4b7d567069c731
Test: atest bionic-unit-tests (in presubmit)
This test was flaky because there was no synchronization between the end
of the test function scope and the jumper threads, resulting in a racy
use-after-scope when accessing the thread array. Fix it by joining the
threads before leaving the test function scope.
Replace the thread array access, which can race with the store to the
thread array in the main thread, with an access to a pre-initialized
variable, which acts as a kind of enforcement that the threads are done
before leaving the test.
Bug: 227390656
Change-Id: Icfbb0d7cae66c12e5ce31072c34529e3c5fdf563
We don't support running threads on a tagged stack. Untagging SP may
lead to accesses to the stack via a non-SP register, which will be tag
checked, and the check will fail. And indeed that's exactly what the
__bionic_clone function does in its first instruction. Fix the problem by
disabling HWASan and MTE stack tagging on CloneStartRoutine, and remove
the call to untag_address, as it is unnecessary.
Bug: 273807460
Change-Id: I94cc56c816897531c0113c856b54ec41b4aab874
The strerror_buf is way too large, so instead of using a separate
buffer for just this string, reuse the already existing buffer.
Increase the buffer size to cover the maximum errno string.
Add a unit test to verify that none of the errno values are cut off
in the async_safe_format_buffer function when passing %m.
Bug: 274474681
Test: New unit test passes.
Test: Changing the buffer to a small value and verify that the test fails.
Change-Id: I4cb4652709582a8a6b958e12de5d923ec950e6b6
clang-r487747 gets too clever and removes the store, even if it is
declared as volatile. Set optnone to prevent the compiler optimizing out
the store.
Test: atest CtsBionicTestCases
Bug: 271214588
Change-Id: I14a537ecd4657ee3f510ff531313bd9d56f22f47
This is a new mallopt option that will force purge absolutely
everything no matter how long it takes to purge.
Wrote a unit test for the new mallopt, and added a test to help
verify that new mallopt parameters do not conflict with each other.
Modified some benchmarks to use this new parameter so that we can
get better RSS data.
Added a new M_PURGE_ALL benchmark.
Bug: 243851006
Test: All unit tests pass.
Test: Ran changed benchmarks.
Change-Id: I1b46a5e6253538108e052d11ee46fd513568adec
Bug: 267386540
Test: All unit tests pass on normal build.
Test: All GWP ASan tests are skipped under hwasan.
Change-Id: I6d6860090b62e7187cf947de0a9bc30d00330554
A new TLS variable was added to HWASan RT in the new toolchain and
this tests needs to be adjusted. Skipping for now.
Bug: 271243811
Change-Id: Ie6664a9ac350624e8e963a36e4248d0d051bc8c1
The gwp_asan_integration.malloc_tests_under_torture test fails
when trying to run the malloc.zeroed* tests. So skip these
tests in that config.
Bug: 267386540
Test: All tests pass in hwasan and normal config.
Change-Id: I8edce28ee21eeecbcc9afb7db4ffdb6371a914b0
GWP-ASan stress tests can take a while, especially under HWASan.
Bug: 238585984
Test: sleep(100) in one of the tests, and then 'atest bionic-unit-tests'
Merged-In: Ibd983da1c8fd06cffed756cf3b24523f4671d49e
Change-Id: Ibd983da1c8fd06cffed756cf3b24523f4671d49e
(cherry picked from commit 1f3c8d688c)
If this is a low ram device, then do not run these tests. Otherwise,
verify that memory returned from the allocator is zero.
Bug: 171429763
Bug: 264539505
Bug: 265431478
Test: New unit tests pass on scudo.
Test: New unit tests fail on original jemalloc.
Test: New unit tests pass on jemalloc that always zeroes memory.
Test: New unit tests are skipped on low ram device.
Test: Ran unit tests atest CtsBionicTestCases in above scenarios.
Change-Id: Id62ab74f649c0f7c14a951235fe79972926ecec0
Even though glibc has mallopt, there is no way to guarantee that
we use an invalid argument. Since this test is only really useful
for bionic, only run it on bionic.
Test: Ran glibc and verified the test is skipped.
Change-Id: If991e8804b21c83f3d7e3b15a0b60e48da331567
Many clang-analyzer-unix.Malloc warnings from this file
are leaks after test failure and we can ignore them.
Clang-tidy cannot compile this file within 90 second
time limit most of the time, which makes maintaining
it free of clang-tidy warnings impractical.
Bug: 259995529
Test: presubmit; make tidy-bionic-tests_subset
Change-Id: I532c761744b0400dec33363a3235f81ac7fbbb30
* changes:
Expose unwinder APIs in NDK stubs for R and up.
Use abi::__cxa_demangle declared in cxxabi.h
__cxa_atexit_test: declare __cxa_atexit and __cxa_finalize
After updating libc++, they're no longer declared in cxxabi.h, so the
test must declare them locally.
8bd0dc5bfe
Temporarily use a return type of "int" to avoid a Clang error about
conflicting return types.
Bug: http://b/175635923
Test: treehugger
Change-Id: I16ba3dc8cc84cc18ee7fbfe9d2e3fa0cd4eefeae
The libtest_empty.so was built by the "libtest_empty" build rule, and
the other files are copies of that with small edits made by the toybox
hexedit tool. I worked out what to edit in each case from a combination
of "what does the name imply?" and "what does a diff of the xxd output
of the corresponding two arm64 files show?".
I failed to produce a working (by which I mean "failing") local-tls
file despite my best efforts. I'm not sure what exactly it was about the
gold-generated files we didn't like, because the commentary implies that
this would be problematic:
39: 0000000000000004 4 TLS LOCAL DEFAULT 12 tls_var_2
But it loads without complaint.
Test: ran locally
Change-Id: I3b9b2b4db1f8827243541cf13380c6ceb840f123
We'll want to come back to this once either Zcmp's push/pop instructions
or V's vector loads/stores are available. But for now, we have no >64b
stores.
But at least this builds.
Test: treehugger
Change-Id: I9503e890cacb198f4ba987bfc92f6eff21c290b0
This commit disables MemtagNoteTest#SEGV when running
on native bridge.
Bug: http://b/242170715
Test: run arm64 Bionic tests on T Emulator
Change-Id: I8ae99c5ba22f09a8d7e751f8bb4938894abe231f
This commit disables MemtagNoteTest#SEGV when running
on native bridge.
Bug: http://b/242170715
Test: run arm64 Bionic tests on T Emulator
Change-Id: I8ae99c5ba22f09a8d7e751f8bb4938894abe231f
The PRNG seeder daemon is introduced in TM-QPR2 which can lead to
breakage running Android 13 CTS tests depending on when the platform
and CTS tests are built.
Fix: 253185870
Test: run cts --module CtsBionicTestCases
Change-Id: I94fa0aa2f32b09222aee08891e7643bf14d1a204
riscv64 hates nans. From the spec: "Except when otherwise stated, if the
result of a floating-point operation is NaN, it is the canonical NaN.
The canonical NaN has a positive sign and all significand bits clear
except the MSB, a.k.a. the quiet bit."
This broke our tests here because the float-to-double instruction isn't
one of the "otherwise stated" cases, so it turns -nanf() into +nan().
The sign manipulation instructions are "otherwise stated" cases, though,
so as long as we avoid a conversion we're fine. And we didn't actually
_need_ a float here (pretty much by definition, since varargs means you
always end up with a double anyway), so we can just simplify things and
switch to using doubles directly to fix the tests.
Test: bionic-unit-tests-static
Change-Id: I13aa452dd6cc8708275f7676b37fc772b37a7b32
This is mainly just to match what we have for arm64.
The test failures before and after this change are all for the long
double variant, which this change doesn't touch. (The problem there is
that clang is calling `__fixtfdi` for the cast in lrintl(), but that
doesn't respect the current rounding mode, which lrintl() is required
to do. `#pragma STDC FENV_ACCESS ON` doesn't fix this, so there's going
to be some llvm work needed to fix this.)
I've replaced the ASSERTs with EXPECTs in the relevant test to ensure
we're checking all the other assertions despite the `long double`
failures.
Test: bionic-unit-tests-static
Change-Id: Ia24bf21619631b6f8b3b607d30536011bb4cd826
Musl doesn't export __SIGRTMIN, and it is being removed from the
Android wrappers to avoid accidentally referencing bionic's
reserved signals when compiling against musl.
Bug: 190084016
Test: m USE_HOST_MUSL=true host-native -k
Change-Id: I342666a17abc31bbc57b383b5cc881c2752886f7
Group riscv64 with arm/arm64, and allow for the fact that there's no
FE_DENORMAL in the riscv64 spec.
Test: fenv.*
Change-Id: Ibf188bcedffd092a7ef1555fa2762e249e1f9845
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: m
Change-Id: I02cf117f67bda74516e4de8cd6f4c05efdb9a85b
I haven't found this explicitly stated anywhere, but it's how our
existing implementations behave, and it seems obviously implied by
the word "entire" in POSIX's claim that fenv_t "Represents the entire
floating-point environment".
Test: treehugger
Change-Id: Ic8fc993775b4ded57dc88766a7d24d0954f3b56d
(And all other new architectures.)
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
Change-Id: Iceb2dd16c738302624980179788c4a2e68b797ed
I've never been able to repro the flake myself (in hundreds of thousands
of runs), but it's certainly possible that a byte of the cookie is
already zero. So let's invert the byte we plan to corrupt rather than
set it to zero.
Bug: http://b/202948861
Test: treehugger
Change-Id: Iccd552fe302d6c01e376819d23c11a308e03acdb
(cherry picked from commit 23ce50c172)
Upstream musl libc defines sysinfo.uptime as unsigned long, while the
kernel and glibc define it as long. Cast it to long for the
comparision.
Bug: 190084016
Test: bionic-unit-tests-glibc
Change-Id: Ib322472d512a9a7474a936e33f35523e1dc995d9
I've never been able to repro the flake myself (in hundreds of thousands
of runs), but it's certainly possible that a byte of the cookie is
already zero. So let's invert the byte we plan to corrupt rather than
set it to zero.
Bug: http://b/202948861
Test: treehugger
Change-Id: Iccd552fe302d6c01e376819d23c11a308e03acdb
At the time I added <stdio_ext.h>, I just added what was on the man
page (which matched glibc), not realizing that musl and glibc had
slightly different functionality in their headers.
The toybox maintainer came up with a legitimate use case for this, for
which there is no portable workaround, so I'm adding it here. I'm not
adding the other functions that are in musl but not glibc for lack of a
motivating use case.
Bug: http://lists.landley.net/htdig.cgi/toybox-landley.net/2022-April/020864.html
Test: treehugger
Change-Id: I073baa86ff0271064d4e2f20a584d38787ead6b0
This tests cover stack tagging setup in response to NT_MEMTAG_STACK and
vfork and longjmp support.
Bug: b/174878242
Test: fvp_mini with ToT LLVM
SANITIZE_TARGET="memtag_heap"
SANITIZE_TARGET="memtag_heap,memtag_stack"
Change-Id: I7fee03d901092d9428d86a6fab6bef4e2e3b51eb
Coming to C23 via WG14 N2630.
This one is a little interesting, because it actually changes existing
behavior. Previously "0b101" would be parsed as "0", "b", "101" by these
functions. I'm led to believe that glibc plans to actually have separate
versions of these functions for C23 and pre-C23, so callers can have the
behavior they (implicitly) specify by virtue of which -std= they compile
with. Android has never really done anything like that, and I'm pretty
sure app developers have more than enough to worry about with API levels
without having to deal with the cartesian product of API level and C
standard.
Therefore, my plan A is "if you're running on Android >= U, you get C23
behavior". My plan B in the (I think unlikely) event that that actually
causes trouble for anyone is "if you're _targeting_ Android >= U, you
get C23 behavior". I don't think we'd actually want to have two versions
of each of these functions under any circumstances --- that seems by far
the most confusing option.
Test: treehugger
Change-Id: I0bbb30315d3fabd306905ad1484361f5d8745935
Coming to C23 via WG14 N2630, and already in glibc.
We're still missing clang support for %b and %B in format string checking,
but it's probably easier to fix this first. (Apparently GCC already has
support because of glibc.)
Test: treehugger
Change-Id: Ie8bfe4630d00c50e1d047d6756a7f799205356db
The FILE::_read function pointer takes an int rather than a size_t, so
we need to be careful to break large reads up for it.
fwrite() hasn't (yet) been optimized in this way, so it's immune for
now, but add the corresponding write test anyway.
Seeking already uses a off64_t function pointer where possible, so I
don't think there's anything more to be done there.
No other function pointers in FILE are relevant.
Bug: https://issuetracker.google.com/240139009
Test: treehugger
Change-Id: Ife2537e10f178bb0d980719592539f4b00b67031
It came up on the musl mailing list that there's not actually any need
to iterate over the directory entries:
https://www.openwall.com/lists/musl/2022/07/27/1
This lets us reuse the code for "online" processors in the
implementation of "configured" processors. The question of whether
"configured" should correspond to Linux's "possible" or "present" isn't
obvious to me, but the distinction seems unlikely to matter on mobile
devices anyway, and that's a trivial change should it ever be needed.
Plus the motivating argument from the person who brought this up was
that callers asking for "configured" processors are probably asking for
an upper bound, which sounds convincing to me.
Test: treehugger
Change-Id: I0d4e13538dc6b09a6dba520d9ac24f436906f7c0
For correct %z output tzcode requires tm struct to be modified by
mktime call or be output of localtime. But as TM_ZONE is null, we
are comparing against +0000.
See https://mm.icann.org/pipermail/tz/2022-July/031674.html
Europe/Lisbon test is added to confirm that current implementation
deviates from libc specification and uses more than just tm_isdst
to find out a time zone's offset.
Bug: 239128167
Test: adb shell /data/nativetest64/bionic-unit-tests-static/bionic-unit-tests-static
Test: adb shell /data/nativetest/bionic-unit-tests-static/bionic-unit-tests-static
Change-Id: Ic27775c840467c4e9ef55bc730a313709372314b
tzdata now has transitions up to the year 2100. Added test to make
sure that dates beyond that are handled properly too.
Bug: 25413083
Test: see system/timezone CL
Change-Id: I02ea04b2c5cfb47bde5fb05f108113901ea33a39
GWP-ASan stress tests can take a while, especially under HWASan.
Bug: 238585984
Test: sleep(100) in one of the tests, and then 'atest bionic-unit-tests'
Change-Id: Ibd983da1c8fd06cffed756cf3b24523f4671d49e
This reverts commit 4e013233b8.
Issue was in unexpected returned fd and errno value combination.
See comments in bionic.cpp and time_test.cpp.
Bug: 236967833
Fix: 236967833
Test: atest CtsBionicTestCases
Test: atest toybox-tests
Change-Id: I51b3e1527ff16b2a6ea4d6fedf8102019f7fd896
Adds persistent sysprops for test infra usage, and adds the tests for
the sysprops.
The test does some fancy flocking in order to restore any existing
GWP-ASan sysprop usage in the test cleanup.
Bug: 236738714
Test: atest bionic-unit-tests
Change-Id: I8956296d39c98ce8c7dd0a703b240530d8ad48db
Upstream has renamed tzsetlcl to tzset_unlocked. As bionic's
implementation of tzset_unlock differs from upstream, these changes were
skipped.
Also, upstream has removed constants (SECSPERMIN, etc) from tzfile.h. As
they are used in strptime.c, I've decided to leave them in tzfile.h and
to not bring them into strptime.c.
HAVE_TZNAME and USG_COMPAT flags semantics were updated, thus setting
their values to 2 in Android.bp file. See
1a27ec76bc
* 4742526b7e
and 0e8f0b06ac
were picked up, which are not part of 2022a.
Changes were applied using following commands:
1) Checkout tzcode repo
2) Prepare patches for all tzcode file using
git diff 2016g 2021e -- <file-name> > <file-name-patch>
3) Apply these patches to files in bionic using
patch -p1 <file-name> <file-name-patch>
Bug: 25413083
Test: CtsLibcoreTestCases
Test: CtsLibcoreOjTestCases
Test: CtsBionicTestCases
Change-Id: I9aba4cbeab30171a32f94d20c8e4057804a4c01f
With memtag_stack, each function is responsible for cleaning up
allocation tags for its stack frame. Allocation tags for anything below
SP must match the address tag in SP.
Both vfork and longjmp implement non-local control transfer which
abandons part of the stack without proper cleanup. Update allocation
tags:
* For longjmp, we know both source and destination values of SP.
* For vfork, save the value of SP before exit() or exec*() - the only
valid ways of ending the child process according to POSIX - and reset
tags from there to SP-in-parent.
This is not 100% solid and can be confused by a number of hopefully
uncommon conditions:
* Segmented stacks.
* Longjmp from sigaltstack into the main stack.
* Some kind of userspace thread implementation using longjmp (that's UB,
longjmp can only return to the caller on the current stack).
* and other strange things.
This change adds a sanity limit on the size of the tag cleanup. Also,
this logic is only activated in the binaries that carry the
NT_MEMTAG_STACK note (set by -fsanitize=memtag-stack) which is meant as
a debugging configuration, is not compatible with pre-armv9 CPUs, and
should not be set on production code.
Bug: b/174878242
Test: fvp_mini with ToT LLVM (more test in a separate change)
Change-Id: Ibef8b2fc5a6ce85c8e562dead1019964d9f6b80b
Musl doesn't have close_range, skip the test.
Bug: 190084016
Test: m USE_HOST_MUSL=true host-native
Change-Id: I7ed485f2d0ec08358c856430b7c4c45fbe45a39f
This test tried to be lazy and test both getmntent() and getmntent_r()
in the same test, but that led to an implicit assumption that /proc
isn't the first mount returned.
This new version is quite a bit more thorough than the old. It does
assume that the mount list doesn't change while the test is running, but
that seems like a reasonable assumption to make during CTS?
Bug: https://issuetracker.google.com/230228681
Test: treehugger
Change-Id: I5c5f0b86ae1c4df9a2ce69d48e1c3accb42c687b
(cherry picked from commit 1e393b0699)
This test tried to be lazy and test both getmntent() and getmntent_r()
in the same test, but that led to an implicit assumption that /proc
isn't the first mount returned.
This new version is quite a bit more thorough than the old. It does
assume that the mount list doesn't change while the test is running, but
that seems like a reasonable assumption to make during CTS?
Bug: https://issuetracker.google.com/230228681
Test: treehugger
Change-Id: I5c5f0b86ae1c4df9a2ce69d48e1c3accb42c687b
See:
https://man7.org/linux/man-pages/man2/close_range.2.html
Note: 'man close_range' documents 'flags' as unsigned int,
while glibc unistd.h as just 'int'. Picking 'int' to match glibc,
though it probably doesn't matter.
BYPASS_INCLUSIVE_LANGUAGE_REASON=man is a cli command
Test: TreeHugger
Bug: 229913920
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1e2d1c8edc2ea28922d60f3ce3e534a784622cd1
Original change: https://android-review.googlesource.com/c/platform/bionic/+/2073947
Change-Id: Id15a4a4e86f6bb05378ec1f775fb07693bd9fbda
Ignore-AOSP-First: this is an automerge
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
(cherry picked from commit 0f46547800)
There are other options here (see the code comment for details), but
this is the least effort/least disruptive for now.
Bug: 228898932, 227498625
Test: treehugger
Change-Id: I33be6fbfc022238de2f1846a69af1e712a9d6391
(cherry picked from commit bb1cc5a82c)
This tests PROT_MTE semantics, so we should disable HWASan.
Test: atest CtsBionicTestCases on flame_hwasan
Bug: 230048274
Bug: 230047253
Bug: 230456730
Change-Id: Ibc59b959d0b8353915629919c5d466a21dbe1c5a
This patch introduces GWP-ASan system properties and environment
variables to control the internal sampling rates of GWP-ASan. This can
be used for:
1. "Torture testing" the system, i.e. running it under an extremely
high sampling rate under GWP-ASan.
2. Increasing sampling remotely to allow further crash report
collection of rare issues.
There are three sets of system properites:
1. libc.debug.gwp_asan.*.system_default: Default values for native
executables and system apps.
2. libc.debug.gwp_asan.*.app_default: Default values for non-system
apps, and
3. libc.debug.gwp_asan.*.<basename/app_name>: Default values for an
individual app or native process.
There are three variables that can be changed:
1. The allocation sampling rate (default: 2500) - using the environment
variable GWP_ASAN_SAMPLE_RATE or the libc.debug.gwp_asan.sample_rate.*
system property.
2. The process sampling rate (default: 128 for system apps/processes, 1
for opted-in apps) - using the environment variable
GWP_ASAN_PROCESS_SAMPLING or the libc.debug.gwp_asan.process_sampling.*
system property,
3. The number of slots available (default: 32) - using the environment
variable GWP_ASAN_MAX_ALLOCS or the libc.debug.gwp_asan.max_allocs.*
system property.
If not specified, #3 will be calculated as a ratio of the default
|2500 SampleRate : 32 slots|. So, a sample rate of "1250" (i.e. twice as
frequent sampling) will result in a doubling of the max_allocs to "64".
Bug: 219651032
Test: atest bionic-unit-tests
Change-Id: Idb40a2a4d074e01ce3c4e635ad639a91a32d570f
If a process is failing due to out of memory, some code calls
android_set_abort_message with a nullptr. Specifically, the libc++
library std::terminate can call do this. In this case, put a
null in the abort message.
Test: Call with nullptr and verify the code does not crash.
Test: Modified crasher to set an abort message and set a null abort
Test: message. Ran both, verified the abort message displays in
Test: first case, and doesn't display in the second case.
Change-Id: Ia9250f47e4537853ce93bbb20b35915a78caa502
There are other options here (see the code comment for details), but
this is the least effort/least disruptive for now.
Bug: http://b/227498625
Test: treehugger
Change-Id: I33be6fbfc022238de2f1846a69af1e712a9d6391
This is important for enabling the error about unsupported TLS
relocations to local symbols. The fast path tends to skip this error,
because it fails during lookup_symbol(). Add a test for this error.
I didn't see a performance regression in the linker_relocation
benchmark.
Bug: http://b/226978634
Test: m bionic-unit-tests
Change-Id: Ibef9bde2973cf8c2d420ecc9e8fe2c69a5097ce2
This is exactly what it is testing for.
Original warning:
bionic/tests/stdio_test.cpp:370:47: error: '%n' specifier not supported on this platform [-Werror,-Wformat]
EXPECT_DEATH(snprintf(buf, sizeof(buf), "a %n b", &i), "%n not allowed on Android");
~^
Test: presubmit
Bug: 219872355
Change-Id: I6e378722b2d681cf64f4cf31ef000bd28203b00d
The kernel MTE mode auto-upgrade feature (see mte_tcf_preferred) allows
silent auto-upgrade of Async MTE mode to Asymm or Sync depending on the
OS settings. Relax the tests to allow either Sync or Async faults when
requesting Async mode, and only Sync faults when requesting Sync.
Also tighten the MTENote test to check that both system allocator and
prctl are off when MTE is disabled.
Bug: 214622342
Test: bionic-unit-tests on fvp with all variations of
/sys/devices/system/cpu/cpu*/mte_tcf_preferred=(async|asymm|sync)
Change-Id: I77a92789d6b330742d00b08c9f0fecc3a6c8fca6
Bug: http://b/218788252
IR verifier too strict for ifunc resolver that accept parameters. This
is only exposed with Thin LTO. The error is:
IFunc resolver has incorrect type
i32 ()* @_Z5hwcapv
Test: mmma GLOBAL_THINLTO=true bionic
Change-Id: Ifed4041ee8557ba1a5eb7a5a82f54b5ca5c79161
Bug: http://b/218788252
Even though a resolver can return any pointer, LLVM IR verifier now
checks that the resolver returns a pointer to the ifunc's function type.
Test: m GLOBAL_THINLTO=true libtest_ifunc_variable_impl.so
Change-Id: I7d87ffcf50bab1d61b01328907e036c51feb6a0f
dup2(2) is a no-op if the new and old fds are equal, but it's pretty
clear that any useful caller in the posix_spawn(3) context wants us to
clear O_CLOEXEC even if we don't actually "move" the fd.
Bug: https://www.austingroupbugs.net/view.php?id=411
Test: treehugger
Change-Id: I5ce1a1f9216df5afd295cc9e35b84527873e9541
