Commit graph

53 commits

Author SHA1 Message Date
Elliott Hughes
11859d467c Be more strict about using invalid pthread_ts.
Another release, another attempt to remove the global thread list.

But this time, let's admit that it's not going away. We can switch to using
a read/write lock for the global thread list, and to aborting rather than
quietly returning ESRCH if we're given an invalid pthread_t.

This change affects pthread_detach, pthread_getcpuclockid,
pthread_getschedparam/pthread_setschedparam, pthread_join, and pthread_kill:
instead of returning ESRCH when passed an invalid pthread_t, if you're
targeting O or above, they'll abort with the message "attempt to use
invalid pthread_t".

Note that this doesn't change behavior as much as you might think: the old
lookup only held the global thread list lock for the duration of the lookup,
so there was still a race between that and the dereference in the caller,
given that callers actually need the tid to pass to some syscall or other,
and sometimes update fields in the pthread_internal_t struct too.

(This patch replaces such users with calls to pthread_gettid_np, which
at least makes the TOCTOU window smaller.)

We can't check thread->tid against 0 to see whether a pthread_t is still
valid because a dead thread gets its thread struct unmapped along with its
stack, so the dereference isn't safe.

Taking the affected functions one by one:

    * pthread_getcpuclockid and pthread_getschedparam/pthread_setschedparam
      should be fine. Unsafe calls to those seem highly unlikely.

    * Unsafe pthread_detach callers probably want to switch to
      pthread_attr_setdetachstate instead, or using
      pthread_detach(pthread_self()) from the new thread's start routine
      rather than doing the detach in the parent.

    * pthread_join calls should be safe anyway, because a joinable thread
      won't actually exit and unmap until it's joined. If you're joining an
      unjoinable thread, the fix is to stop marking it detached. If you're
      joining an already-joined thread, you need to rethink your design.

    * Unsafe pthread_kill calls aren't portably fixable. (And are obviously
      inherently non-portable as-is.) The best alternative on Android is to
      use pthread_gettid_np at some point that you know the thread to be
      alive, and then call kill/tgkill directly.

      That's still not completely safe because if you're too late, the tid
      may have been reused, but then your code is inherently unsafe anyway.

Bug: http://b/19636317
Test: ran tests
Change-Id: I0372c4428e8a7f1c3af5c9334f5d9c25f2c73f21
2017-02-13 17:59:29 -08:00
David James
a187a6f12e Merge "Revert "Remove the global thread list."" 2017-02-02 02:46:40 +00:00
Elliott Hughes
7484c21c4c Revert "Remove the global thread list."
This reverts commit b0e8c565a6.

Breaks swiftshader (http:/b/34883464).

Change-Id: I7b21193ba8a78f07d7ac65e41d0fe8516940a83b
2017-02-02 02:41:38 +00:00
Elliott Hughes
9b9d4ebc8b Merge "Remove the global thread list." 2017-02-01 16:16:41 +00:00
Elliott Hughes
ea87716696 localtime_r(3) should act as if it calls tzset(3).
See code comment.

Bug: http://b/31339449
Test: ran tests & benchmarks
Change-Id: I6b6a63750ef41664dc4698207e6a53e77cc28cdf
2017-01-11 14:56:04 -08:00
Elliott Hughes
b0e8c565a6 Remove the global thread list.
Another release, another attempt to fix this bug.

This change affects pthread_detach, pthread_getcpuclockid,
pthread_getschedparam/pthread_setschedparam, pthread_join, and pthread_kill:
instead of returning ESRCH when passed an invalid pthread_t, they'll now SEGV.

Note that this doesn't change behavior as much as you might think: the old
lookup only held the global thread list lock for the duration of the lookup,
so there was still a race between that and the dereference in the caller,
given that callers actually need the tid to pass to some syscall or other,
and sometimes update fields in the pthread_internal_t struct too.

We can't check thread->tid against 0 to see whether a pthread_t is still
valid because a dead thread gets its thread struct unmapped along with its
stack, so the dereference isn't safe.

Taking the affected functions one by one:

* pthread_getcpuclockid and pthread_getschedparam/pthread_setschedparam
  should be fine. Unsafe calls to those seem highly unlikely.

* Unsafe pthread_detach callers probably want to switch to
  pthread_attr_setdetachstate instead, or using pthread_detach(pthread_self())
  from the new thread's start routine rather than doing the detach in the
  parent.

* pthread_join calls should be safe anyway, because a joinable thread won't
  actually exit and unmap until it's joined. If you're joining an
  unjoinable thread, the fix is to stop marking it detached. If you're
  joining an already-joined thread, you need to rethink your design.

* Unsafe pthread_kill calls aren't portably fixable. (And are obviously
  inherently non-portable as-is.) The best alternative on Android is to
  use pthread_gettid_np at some point that you know the thread to be alive,
  and then call kill/tgkill directly. That's still not completely safe
  because if you're too late, the tid may have been reused, but then your
  code is inherently unsafe anyway.

If we find too much code is still broken, we can come back and disable
the global thread list lookups for anything targeting >= O and then have
another go at really removing this in P...

Bug: http://b/19636317
Test: N6P boots, bionic tests pass
Change-Id: Ia92641212f509344b99ee2a9bfab5383147fcba6
2017-01-07 14:16:46 -08:00
Elliott Hughes
12443702c2 Add regression test for http://b/31938693.
Bug: http://b/31938693
Bug: https://code.google.com/p/android/issues/detail?id=225132
Test: this is a test
Change-Id: I858962a1dcd56d555a4836a7bfbdf92d5c3042f6
2016-10-19 16:02:31 -07:00
Elliott Hughes
47126edb90 Fix time.mktime_EOVERFLOW for LP32.
Times before 1901-12-13 *underflow* on LP32, making the year 1900 a bad
choice for success case.

Bug: http://b/31305222
Change-Id: I20d4885c80b57707225580db044abc8948a55fdc
2016-09-06 13:34:15 -07:00
Elliott Hughes
f8ebaa4985 Fix mktime's errno behavior.
Don't touch errno on success, do set it to EOVERFLOW (the only allowed errno
value according to POSIX: http://pubs.opengroup.org/onlinepubs/9699919799/functions/mktime.html)
on failure.

Bug: http://b/30477946
Change-Id: Ia915c7b9c3bfcd2f9025530cf5b068fe4dd4fd9e
2016-08-12 16:28:36 -07:00
Elliott Hughes
0a610d00fe Upgrade to tzcode-2016f.
No significant changes other than a default implementation of strftime_l.

Change-Id: I6edd2c03e5e7559f012c0c87d43f7109d641d3ca
2016-07-29 14:04:17 -07:00
Chih-Hung Hsieh
62e3a078aa Fix google-explicit-constructor warnings.
Bug: 28341362
Change-Id: I84effbdfa1b9b39328a909b7f70fe17e7ee316c8
2016-05-03 12:08:05 -07:00
Greg Hackmann
d15dfb2ff5 clock_nanosleep: add CLOCK_THREAD_CPUTIME_ID special case
POSIX makes "the CPU-time clock of the calling thread" (i.e.,
CLOCK_THREAD_CPUTIME_ID) a special case which returns EINVAL instead of
ENOTSUP.

However, the clock_nanosleep syscall treats this clock just like any
other, and returns -EOPNOTSUPP to indicate an unimplemented nanosleep
handler.  So we need to handle this ourselves in userspace.

This change fixes the LTP clock_nanosleep01 testcase.

Change-Id: If3bed940d276834bcd114d8c17f96197e9384711
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2016-03-28 10:29:16 -07:00
Elliott Hughes
43f7c87565 Add a test for snprintf on a PTHREAD_STACK_MIN-sized stack.
This is a common thing for people to want to do, snprintf requires
a lot of stack for itself, and PTHREAD_STACK_MIN should be usable
for realistic code.

Change-Id: Ib09cfb4e0beec1c69ee0944c3ea4c5d03a94c491
2016-02-05 11:18:41 -08:00
Elliott Hughes
33697a0c43 Factor out the waiting for children in bionic tests.
Change-Id: I4a1e51b6920b33dc892d447f5bd6d10f1cb2704a
2016-01-26 13:13:52 -08:00
Elliott Hughes
a9cac4c87a Fix strftime if tm_zone is null.
Upstream tzcode said "On platforms with tm_zone, strftime.c now assumes it
is not NULL". Which is fine for any struct tm generated by tzcode, but not
necessarily true of a struct tm constructed by arbitrary code. In particular,
Netflix on Nexus Player was failing to start because they format "%Z" with
a struct tm whose tm_zone is null (the other fields are valid, but, yeah,
that's probably not intentional).

glibc takes a null tm_zone to mean "the current time zone", so let's do that
too. (Historically Android would use the empty string, and POSIX doesn't
clarify which of this is the appropriate behavior when tm_zone is null.)

Bug: http://b/25170306
Change-Id: Idbf68bfe90d143aca7dada8607742905188b1d33
2015-11-12 16:51:31 -08:00
Yabin Cui
857336809e am 0660be89: am a6a12a78: am 0fdcdd00: Merge "Fix flaky test time.timer_settime_0." into lollipop-mr1-cts-dev
* commit '0660be899f2d907dedbcb643315b73e652ec9510':
  Fix flaky test time.timer_settime_0.
2015-08-11 19:32:20 +00:00
Yabin Cui
a6a12a7804 am 0fdcdd00: Merge "Fix flaky test time.timer_settime_0." into lollipop-mr1-cts-dev
* commit '0fdcdd0067af88e7deef73070d0861ceb9f53c37':
  Fix flaky test time.timer_settime_0.
2015-08-11 18:56:43 +00:00
Yabin Cui
bf572d91b5 Fix flaky test time.timer_settime_0.
It fixes the problem reported in https://code.google.com/p/android/issues/detail?id=182395.

Change-Id: Ie16aa04095dac08a62dd0d4c50e763b36526624c
2015-08-11 11:25:02 -07:00
Yabin Cui
1df44bd0a4 am cb060759: am 8beb0c34: am b245bc75: am 0f455612: Merge "Fix flaky test of timer_create_multiple in L." into lollipop-mr1-cts-dev
* commit 'cb0607590341ed2512a55015e66e19e7f7db3723':
  Fix flaky test of timer_create_multiple in L.
2015-06-19 20:29:49 +00:00
Yabin Cui
8beb0c34da am b245bc75: am 0f455612: Merge "Fix flaky test of timer_create_multiple in L." into lollipop-mr1-cts-dev
* commit 'b245bc750021ce6d220e71625fca66620cdd1f05':
  Fix flaky test of timer_create_multiple in L.
2015-06-19 18:55:51 +00:00
Yabin Cui
d1ade7ce02 Don't use TIMER_ABSTIME in time_test.
If TIMER_ABSTIME is used in timer_settime(), the timer is always fired
immediately, which is not the intent of the tests.

Change-Id: I76047dbeb2bdded272ee6d028630b53bfd7d8514
2015-06-19 00:54:34 +00:00
Yabin Cui
410c1adf5f Fix flaky test of timer_create_multiple in L.
Bug: 20677618
Change-Id: I0cb5faf77edce042b10611543180f3e2e73d3d05
2015-06-18 16:19:02 -07:00
Yabin Cui
fd20a8c2d6 resolved conflicts for merge of 473d96c0 to lmp-mr1-ub-dev
Change-Id: I48269218b152054d527d9257d40490b54205140f
2015-05-20 13:36:56 -07:00
Yabin Cui
5c0996a969 Fix timer flaky test in lollipop-mr1-cts-dev.
It is partically cherry-pick from https://android-review.googlesource.com/#/c/123410/.
And as lollipop-mr1-cts-dev still uses stlport, <stdatomic.h> is used instead of <atomic>.

Bug: 20677618
Change-Id: I952a6fd074facc4227c955fecf3ecbfbbaec4193
2015-05-08 13:12:01 -07:00
Christopher Ferris
64a8698809 Modify test to avoid race condition.
automerge: 3da136a

* commit '3da136aa47e2d1608b98abb2580f024b36f92831':
  Modify test to avoid race condition.
2015-05-04 16:45:13 +00:00
Yabin Cui
95f1ee235a Change on handling of SIGEV_THREAD timers.
1. Don't prevent calling callback when SIGEV_THREAD timers are disarmed by timer_settime.
As in POSIX standard: The effect of disarming or resetting a timer with pending
expiration notifications is unspecified. And glibc didn't prevent in this situation, so I
think it is fine to remove the support.
2. Still prevent calling callback when SIGEV_THREAD timers are deleted by timer_delete.
As in POSIX standard: The disposition of pending signals for the deleted timer is unspecified.
However, glibc handles this (although that is not perfect). And some of our tests in
time_test.cpp depend on this feature as described in b/18039727. so I retain the support.
3. Fix some flaky test in time_test.cpp, and make "time*" test pass on bionic-unit-tests-glibcxx.

Bug: 18263854

Change-Id: I8ced184eacdbfcf433fd81b0c69c38824beb8ebc
2015-04-15 17:36:01 -07:00
Christopher Ferris
3da136aa47 Modify test to avoid race condition.
There is a possible race if a timer is set to trigger at nearly the same
time as it is set. Since nobody uses the timers like this, modify the test
so this doesn't happen. The race that this can provoke has been fixed in
aosp.

Bug: 19423618
Change-Id: I21084c99da5ae46f404936d673dae6bad7c82caa
2015-02-18 17:45:50 -08:00
Yabin Cui
d5c652756b support _POSIX_CPUTIME
Bug: 18490039
Change-Id: I01fa83b48e1b908de1f227b6e4f98e280bcd50ee
2014-11-26 17:14:50 -08:00
Satoru Takeuchi
154e2026c8 libc: Fix mktime returns an uncorrect time in empty TZ case
The mktime API returned an uncorrect time when TZ is set as empty.
A timezone UTC/GMT+0 should be implied in the empty case. However
mktime keeps previous information about timezone. If mktime was called
with a timezone which has DST before, the "defaulttype" member of
"state" structure wouldn't be 0. Then it would be used next time,
even though UTC/GMT+0 doesn't have DST.

Added initialization of the "defaulttype" in the empty TZ case.

Change-Id: Ic480c63c548c05444134e0aefb30a7b380e3f40b
2014-11-14 18:13:07 -08:00
Christopher Ferris
62d84b1935 Fix race condition in timer disarm/delete.
When setting a repeat timer using the SIGEV_THREAD mechanism, it's possible
that the callback can be called after the timer is disarmed or deleted.
This happens because the kernel can generate signals that the timer thread
will continue to handle even after the timer is supposed to be off.

Add two new tests to verify that disarming/deleting doesn't continue to
call the callback.

Modify the repeat test to finish more quickly than before.

Refactor the Counter implementation a bit.

Bug: 18039727

(cherry pick from commit 0724132c32)

Change-Id: I135726ea4038a47920a6c511708813b1a9996c42
2014-10-22 13:20:39 -07:00
Christopher Ferris
0724132c32 Fix race condition in timer disarm/delete.
When setting a repeat timer using the SIGEV_THREAD mechanism, it's possible
that the callback can be called after the timer is disarmed or deleted.
This happens because the kernel can generate signals that the timer thread
will continue to handle even after the timer is supposed to be off.

Add two new tests to verify that disarming/deleting doesn't continue to
call the callback.

Modify the repeat test to finish more quickly than before.

Refactor the Counter implementation a bit.

Bug: 18039727
Change-Id: I73192c915cdacf608521b1792c54e5af14a34907
2014-10-21 18:31:02 -07:00
Haruki Hasegawa
1816025684 Add clock_settime and clock_nanosleep.
Add the missing prototypes, fix the existing prototypes to use clockid_t
rather than int, fix clock_nanosleep's failure behavior, and add simple
tests.

Bug: 17644443
Bug: https://code.google.com/p/android/issues/detail?id=77372
Change-Id: I03fba369939403918abcabae9551a7123953d780
Signed-off-by: Haruki Hasegawa <h6a.h4i.0@gmail.com>
2014-10-13 17:04:10 -07:00
Alex Van Brunt
8d0b2dbf21 Reimplement clock(3) using clock_gettime(3)
Unlike times(), clock_gettime() is implemented as a vDSO on many architectures.
So, using clock_gettime() will return a more accurate time and do so with less
overhead because it does have the overhead of calling into the kernel.

It is also significantly more accurate because it measures the actual time in
nanoseconds rather than the number of ticks (typically 1 millisecond or more).

Bug: 17814435
Change-Id: Id4945d9f387330518f78669809639952e9227ed9
2014-10-03 18:54:28 -07:00
Elliott Hughes
04303f5a8a Add semaphore tests, fix sem_destroy.
Bug: https://code.google.com/p/android/issues/detail?id=76088
Change-Id: I4a0561b23e90312384d40a1c804ca64ee98f4066
2014-09-19 17:37:06 -07:00
Elliott Hughes
f4c948a9e9 Move the meat of <features.h> into <sys/cdefs.h>.
This way it's a lot harder for us to screw up (since we should always
be including <sys/cdefs.h> anyway).

Bug: 14659579
Change-Id: I23070fff3296b0d1c683bb5e3a6e214146327d53
2014-08-19 11:18:20 -07:00
Elliott Hughes
708c112054 Start hiding "private/bionic_time.h".
Bug: 15765976

(cherry picked from commit 905e6d58aa)

Change-Id: Ic7435308e8b521886f42ac7bf59531924921ea67
2014-07-25 15:24:57 -07:00
Elliott Hughes
905e6d58aa Start hiding "private/bionic_time.h".
Bug: 15765976
Change-Id: Ibd9cf07067ec8dffe9fda6c3d498d4ab90708220
2014-07-25 12:03:51 -07:00
Elliott Hughes
3002131da3 Use VDSO for clock_gettime(2) and gettimeofday(2).
Bug: 15387103

(cherry picked from commit 625993dfbb)

Change-Id: I0e156d7049ba1495902259071a96936592e74025
2014-07-16 15:15:53 -07:00
Elliott Hughes
625993dfbb Use VDSO for clock_gettime(2) and gettimeofday(2).
Bug: 15387103
Change-Id: Ifc3608ea65060c1dc38120b10b6e79874f182a36
2014-07-16 14:27:43 -07:00
Dan Albert
7a39094465 Revert "Removes bionic's dependence on stlport"
This reverts commit 4d35da1df8.

Change-Id: Ie9a2620441edb55dbc5949e13a4b913ea4e66797
2014-05-19 23:46:51 +00:00
Dan Albert
4d35da1df8 Removes bionic's dependence on stlport
Only affects tests/benchmarks. Confirmed passing on arm.

Change-Id: If158e23e8cd06e7597ef6f3c9376f6799b467e62
2014-05-19 11:33:14 -07:00
Elliott Hughes
329103d3e2 Don't use so much stack in tzcode.
Bug: 14313703
Bug: https://code.google.com/p/android/issues/detail?id=61130
Change-Id: Id9b240fce20d4a6f2660792070e02b2b5f287655
2014-04-25 21:51:26 -07:00
Elliott Hughes
efbdb53f84 Remove a non-standard turd: strtotimeval.
Change-Id: I1b1e40746cb573e3fb73a5276969b40c5da36d15
2014-04-07 15:17:19 -07:00
Calin Juravle
4bfaf462f0 Added strtotimeval tests.
Change-Id: I3dfd3647a8494490a2d549bdb915968063a7fb99
2014-03-26 17:57:48 +00:00
Christopher Ferris
753ad778bc Fix deadlock in timer_delete.
If the callback function for a timer did a timer_delete, the function
would never return. The problem was that the timer_delete function would try
to wait until the timer thread has finished. Waiting for yourself to finish
doesn't work very well.

Bug: 13397340
Change-Id: Ica123a5bafbc8660c8a4a909e5c2dead55ca429d
2014-03-20 20:47:45 -07:00
Elliott Hughes
3e3409af0f Add system/extras strftime and strptime tests.
Change-Id: I889c58f6e2e27b99cf6328a8671858d2e5feaa4e
2014-03-10 18:19:03 -07:00
Brian Carlstrom
be1d91dedc Add includes for waitpid
(cherry picked from commit f07c5dd9ab63f2e8ba736107bd4b69bbd8829c9f)

Change-Id: I7a765fd7a3a5f8f29a703f6a591c4fd8df4ebf1c
2014-03-08 15:09:43 -08:00
Elliott Hughes
4b558f50a4 Rewrite the POSIX timer functions.
This is a much simpler implementation that lets the kernel
do as much as possible.

Co-authored-by: Jörgen Strand <jorgen.strand@sonymobile.com>
Co-authored-by: Snild Dolkow <snild.dolkow@sonymobile.com>
Change-Id: Iad19f155de977667aea09410266d54e63e8a26bf
2014-03-07 16:49:46 -08:00
Christopher Ferris
f04935c85e Make sure that the same tests are on all platforms.
In order to be able to generate a list of tests for cts, the same set of
tests must exist across all platforms. This CL adds empty tests where a
test was conditionally compiled out.

This CL creates a single library libBionicTests that includes all of
the tests found in bionic-unit-tests-static.

Also fix a few missing include files in some test files.

Tested by running and compiling the tests for every platform and
verifying the same number of tests are on each platform.

Change-Id: I9989d4bfebb0f9c409a0ce7e87169299eac605a2
2014-02-06 20:12:21 -08:00
Elliott Hughes
0c40152767 Fix the time unit tests for systems with 64-bit time_t.
Change-Id: I29df50b25d022c1c00906e71b612defa58e46e81
2013-10-18 16:21:54 -07:00