Just expose the ones that bionic historically leaked.
Also, many of the M_* constants in <math.h> are actually POSIX.
Change-Id: I6275df84c5866b872b71f1c8ed14e2aada12b793
We don't support anything other than Clang and GCC, and we don't support
GCC earlier than 4.9.
Move the various synonyms for __attribute__(__whatever__) together.
Fix a __STDC__VERSION__ (for __STDC_VERSION__) typo.
Drop support for BSD _ANSI_SOURCE and _C99_SOURCE; there's enough confusing
nonsense here already, and plenty of other ways to ask for obsolete standards.
There are plenty more problems here -- what I really want to do is rationalize
our treatment of __STDC_VERSION__ -- but let's get some of this easy stuff
out of the way first.
Bug: https://code.google.com/p/android/issues/detail?id=194631
Change-Id: I7526b9770fdc01f8a4667781b65e2fb08287b20b
http://clang.llvm.org/docs/AttributeReference.html#nonnull
_Nonnull is similar to the nonnull attribute in that it will instruct
compilers to warn the user if it can prove that a null argument is
being passed. Unlike the nonnull attribute, this annotation indicated
that a value *should not* be null, not that it *cannot* be null, or
even that the behavior is undefined. The important distinction is that
the optimizer will perform surprising optimizations like the
following:
void foo(void*) __attribute__(nonnull, 1);
int bar(int* p) {
foo(p);
// The following null check will be elided because nonnull
// attribute means that, since we call foo with p, p can be
// assumed to not be null. Thus this will crash if we are called
// with a null pointer.
if (src != NULL) {
return *p;
}
return 0;
}
int main() {
return bar(NULL);
}
Note that by doing this we are no longer attaching any sort of
attribute for GCC (GCC doesn't support attaching nonnull directly to a
parameter, only to the function and naming the arguments
positionally). This means we won't be getting a warning for this case
from GCC any more. People that listen to warnings tend to use clang
anyway, and we're quickly moving toward that as the default, so this
seems to be an acceptable tradeoff.
Change-Id: Ie05fe7cec2f19a082c1defb303f82bcf9241b88d
Future API levels aren't known (e.g. 25 could be a maintenance release
of N that doesn't contain any bionic updates), so use a placeholder
macro that we can find and replace with the actual API level before each
release.
Bug: http://b/28178111
Change-Id: I667fe53ea1ac49b64135170fc30d5dbe9df94e29
Some symbols appeared at different times between 32 and 64 bit. Add a
macro to represent this.
Bug: http://b/28178111
Change-Id: I0aa46d9da3c7301b60df0416bce252f0f37b7b36
Add an __UNAVAILABLE macro, and use it for several functions which lack
implementations, but need to have visible declarations to be reexported
in the C++ standard library.
Bug: http://b/28178111
Change-Id: Ia4ae0207bbfcb7baa61821f0ef946257b019c0db
It's useful to have the legacy inlines compile by themselves, both to
make header unification easier, and to ensure that the inline versions
match the regular declarations. Notably, this wasn't true for
sigismember, which took a const sigset_t* in the regular header, and
sigset_t* in the inline version.
Bug: http://b/28178111
Change-Id: Id8a3b7dcb1bfa61eed93c9fb50d3192744f8bef5
__size_mul_overflow generates warning under following compilation envrionment:
-OX -D_FORTIFY_SOURCE=2 (X=1, 2, 3)
For example:
echo '#include <stdio.h>' | \
prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9/bin/arm-linux-androideabi-gcc \
-I bionic/libc/arch-arm/include \
-I bionic/libc/include \
-I bionic/libc/kernel/uapi \
-I bionic/libc/kernel/common \
-I bionic/libc/kernel/uapi/asm-arm \
-I bionic/libm/include \
-I bionic/libm/include/arm \
-I bionic/libc/include \
-Werror \
-O1 \
-D_FORTIFY_SOURCE=2 \
-c \
-x c \
-
bionic/libc/include/stdio.h:360:13: error: '__size_mul_overflow' is
static but used in inline function 'fread' which is not static [-Werror]
if (__size_mul_overflow(size, count, &total)) {
^
C99 - 6.7.4
"An inline definition of a function with external linkage shall not contain
a definition of a modifiable object with static storage duration, and shall
not contain a reference to an identifier with internal linkage."
As standard does not require compiler to determine when it is safe to
reference an internal function in an external inline function, but instead
delegalizes such reference as a whole, gcc throws a warning for such code
under C99 compilation. Warning produced by libc header is inhereted widely
and strips the option of using -Werror to track code sanity.
Replace static inline specifier with gnu89 extern inline. Latter "is used
only for inlining. In no case is the function compiled on its own", which
is slightly different from former semantically, but should produce the same
result here.
Change-Id: I6a3374498e5499d110e54468cf9d0d67d2debbe2
In particular, we don't need to record the peculiarities of every
version of GCC ever shipped. It just makes this file harder to follow.
Change-Id: Ie9035d78eae86b4aed9dff3576c6f54e268aaced
A __size_mul_overflow utility is used to take advantage of the checked
overflow intrinsics in Clang and GCC (>= 5). The fallback for older
compilers is the optimized but less than ideal overflow checking pattern
used in OpenBSD.
Change-Id: Ibb0d4fd9b5acb67983e6a9f46844c2fd444f7e69
libchrome uses __USE_XOPEN2K8 to decide whether futimens is
available. That's perhaps not the best idea, but there are other
cases where we defined the same feature macros as glibc to aid
portability.
Change-Id: Ie6e04cb181d88698d618e7dbd26cd347a6bf076c
I still don't think we can make stdio's fseeko and ftello work, but we can
have everything else, and very few programs use fseeko/ftello (and they can
just refrain from using _FILE_OFFSET_BITS and be no worse off than they are
today).
Bug: 11865851
Change-Id: Ic3cb409aae6713f4b345de954bcc4241fcd969ec
clang don't support warning attribute. Replacing warning attriubte with
deprecated attribute can achieve the same behavior whether compiled by
gcc or clang.
Bug: 19340053
Change-Id: I064432b81cf55212458edbc749eb72dc15a810fb
All these inlines were turned in to out of line definitions in L.
This brings us a step closer to being able to just use the current
bionic headers for the NDK, rather than having many old versions of
them.
Change-Id: Ie010bc727d78d3742abc577c70f6578db2e68625
Otherwise the gcc compiler warning doesn't show up.
Add -Wno-error to fortify related tests. Fortify related tests
are expected to be examples of bad programs, and in many
cases shouldn't compile cleanly. Rewriting them to compile
cleanly isn't feasible nor desirable.
Bug: 17784968
Change-Id: I93bececa7444d965f18c7c27d46e7abce5c49a02
Otherwise the gcc compiler warning doesn't show up.
Delete some unittests. These unittests no longer compile cleanly
using -Wall -Werror, and rewriting them to compile cleanly
isn't feasible.
Bug: 17784968
Change-Id: I9bbdc7b6a1c2ac75754f5d0f90782e0dfae66721
This showed up as open_memstream not being visible in <stdio.h>
if only _GNU_SOURCE was defined.
Bug: 17361504
Change-Id: I38f9843f4e6ee770a6325ad50f779bda5495ffca
This way it's a lot harder for us to screw up (since we should always
be including <sys/cdefs.h> anyway).
Bug: 14659579
Change-Id: I23070fff3296b0d1c683bb5e3a6e214146327d53
Fix and use __RENAME (and lose ___RENAME --- two underscores should be
enough for anybody). This was the point of this change, because I want
to use __RENAME to support the two basename variants and the two
strerror_r variants.
Lose a bunch of macros that weren't being used.
Lose three dead files from the DNS code.
Change-Id: I3ef645c566b16a52217bc2e68c7d54b37c7c9522
Requested by Google Breakpad, but seems to be assumed to be defined
in various places in the AOSP tree already; iputils, wpa_supplicant,
et cetera.
Change-Id: I1f7833c98e0af4c77e49744c08b8239061c9a571
libunwind has #define inline /* empty */ which breaks our fortified headers.
glibc uses __inline but our BSD-derived headers often override that. __inline__
is the third alternative understood by GCC that -- as far as I know -- neither
the C library itself nor third-party code tries to mess with.
Bug: 12871594
Change-Id: I6677e70ea531bb7d4c46021b43af760d4ad8ecf7
This is a better solution than the old __warn_references because it's
a compile-time rather than link-time warning, it doesn't rely on something
that doesn't appear to be supported by gold (which is why you only used
to see these warnings on mips builds), and the errors refer to the exact
call site(s) rather than just telling you which object file contains a
reference to the bad function.
This is primarily so we can build bionic for aarch64; building libc.so
caused these warnings to fire (because link time is the wrong time) and
warnings are errors.
Change-Id: I5df9281b2a9d98b164a9b11807ea9472c6faa9e3
Also fix the signature of usleep, and the definition of useconds_t which
should be unsigned, as the 'u' in its name implies.
This patch also cleans up the existing FreeBSD hacks by moving the libm
stuff from <sys/cdefs.h> to a libm-private header, and adding comments
about the hacks we use to build FreeBSD source.
Change-Id: Ibe5067a380502df94a0a3a7901969b35411085b6
Introduce __bos0 as a #define for __builtin_object_size((s), 0).
This macro is intended to be used for places where the standard
__bos macro isn't appropriate.
memcpy, memmove, and memset deliberately use __bos0. This is done
for two reasons:
1) I haven't yet tested to see if __bos is safe to use.
2) glibc uses __bos0 for these methods.
Change-Id: Ifbe02efdb10a72fe3529dbcc47ff647bde6feeca
In 829c089f83, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
Define __errordecl and replace __attribute__((__error__("foo")))
with __errordecl. Make sure __errordecl is a no-op on clang, as it
generates a compile time warning.
Change-Id: Ifa1a2d3afd6881de9d479fc2adac6737871a2949
Add support for fortify source level 2 to strncpy.
This will enable detection of more areas where strncpy
is used inappropriately. For example, this would have detected
bug 8727221.
Move the fortify_source tests out of string_test.cpp, and
put it into fortify1_test.cpp.
Create a new fortify2_test.cpp file, which copies all
the tests in fortify1_test.cpp, and adds fortify_source level
2 specific tests.
Change-Id: Ica0fba531cc7d0609e4f23b8176739b13f7f7a83
Also add a more intention-revealing guard so we don't have loads of
places checking whether our inlining macro is defined.
Change-Id: I168860cedcfc798b07a5145bc48a125700265e47
Also update the x86 asm.h to support this; we need it for libm assembler
anyway.
Also clean up the _FBSDID hack in <sys/cdefs.h>.
Change-Id: Iababd977b8110ec022bf7c93f4d62ece47630e7c
This brings us up to date with FreeBSD HEAD, fixes various bugs, unifies
the set of functions we support on ARM, MIPS, and x86, fixes "long double",
adds ISO C99 support, and adds basic unit tests.
It turns out that our "long double" functions have always been broken
for non-normal numbers. This patch fixes that by not using the upstream
implementations and just forwarding to the regular "double" implementation
instead (since "long double" on Android is just "double" anyway, which is
what BSD doesn't support).
All the tests pass on ARM, MIPS, and x86, plus glibc on x86-64.
Bug: 3169850
Bug: 8012787
Bug: https://code.google.com/p/android/issues/detail?id=6697
Change-Id: If0c343030959c24bfc50d4d21c9530052c581837
This patch updates the C library headers to provide ucontext_t
definitions for three architectures.
+ Fix <signal.h> to always define 'struct sigcontext'.
The new declarations are announced with new macros defined in
<sys/cdefs.h> in order to make it easier to adapt client code
that already defines its own, incompatible, versions of the
structures seen here.
http://code.google.com/p/android/issues/detail?id=34784
Change-Id: Ie78c48690a4ce61c50593f6c39639be7fead3596
