This patch cleans up our standard headers by moving most of the FORTIFY
cruft out in to its own sandbox. In order to include the *_chk and
*_real declarations, you can either enable FORTIFY, or `#define
__BIONIC_DECLARE_FORTIFY_HELPERS`.
Both sys/select.h and strings.h are explicitly ignored by this patch.
Both of these files have very small __BIONIC_FORTIFY blocks, and don't
define any actual FORTIFY'ed functions (just macros, and 3 *_chk
functions).
This patch also makes the versioner ignore the FORTIFY implementation
headers, since we're guaranteed to pick the FORTIFY'ed headers up when
looking at the regular headers. (...Not to mention that making the
FORTIFY'ed headers freestanding would be annoying to do and maintain for
~no benefit).
We bake the knowledge of where FORTIFY headers live directly into the
versioner. We could go with a more general approach (e.g. adding an -X
IGNORED_FILE flag that tells the versioner to ignore
$HEADER_PATH/$IGNORED_FILE), but we'd then have to repeat that for every
test, every manual invocation of the versioner, etc. for no benefit
that's obvious to me.
Bug: 12231437
Test: m checkbuild on bullhead internal master + CtsBionicTestCases. no
new errors.
Change-Id: Iffc0cc609009b33d989cdaddde0a809282131a5b
We had several bugs filed saying "if I set _FILE_OFFSET_BITS=64 when
targeting an API < L, various functions are missing". Instead of
saying "yes, they are", we quietly just modified the header files to
expose the non-64-bit variants. This makes no sense. We can't just say
"oh, yeah, we don't have a version of this function that agrees with
your calling code about how large off_t is, but here's a version that
doesn't: I'm sure it'll be fine".
_FILE_OFFSET_BITS=64 on Android LP32 has always been a game of chance,
but that game should be "are all the functions my code needs available
at compile time?", not "will my code actually work at run time?".
Bug: https://github.com/android-ndk/ndk/issues/449
Bug: https://github.com/android-ndk/ndk/issues/442
Bug: https://github.com/android-ndk/ndk/issues/333
Bug: https://github.com/android-ndk/ndk/issues/332
Bug: https://github.com/android-ndk/ndk/issues/324
Test: builds
Change-Id: Ib095251d3e21e77ed50cc3575388107fecec4ecd
Without this, setting __FILE_OFFSET_BITS to 64 and targeting pre-L
made these functions entirely unavailable.
Bug: https://github.com/android-ndk/ndk/issues/333
Test: builds
Change-Id: Id17ae3c070f8b2650a9bc9aa2aa2e92c5fcdf4ad
pass_object_size(N) forwards the result of __builtin_object_size(param,
N) to a function. So, a function that looks like:
size_t foo(void *const p __pass_object_size) { return __bos0(p); }
int bar = foo(baz);
would effectively be turned into
size_t foo(void *const p, size_t sz) { return sz; }
int bar = foo(baz, __bos(baz)); // note that this is not __bos0
This is bad, since if we're using __bos0, we want more relaxed
objectsize checks.
__bos0 should be more permissive than __bos in all cases, so this
change Should Be Fine™.
This change also makes GCC and clang share another function's
implementation (recv). I just realized we need to add special
diagnostic-related overloads bits for clang to it, but I can do that in
another patch.
Bug: None
Test: Bullhead builds and boots; CtsBionicTestCases passes.
Change-Id: I6818d0041328ab5fd0946a1e57321a977c1e1250
This patch adds clang-style FORTIFY to Bionic. For more information on
FORTIFY, please see https://goo.gl/8HS2dW . This implementation works
for versions of clang that don't support diagnose_if, so please see the
"without diagnose_if" sections. We plan to swap to a diagnose_if-based
FORTIFY later this year (since it doesn't really add any features; it
just simplifies the implementation a lot, and it gives us much prettier
diagnostics)
Bug: 32073964
Test: Builds on angler, bullhead, marlin, sailfish. Bionic CTS tests
pass on Angler and Bullhead.
Change-Id: I607aecbeee81529709b1eee7bef5b0836151eb2b
This wasn't an array of pointers, it was an array of structs.
Unfortunately we need a complete type to index into the struct for
stdin/stdout/stderr, so add a phony struct that matches the size and
alignment of `struct __sFILE`. This property is guaranteed by the
static_asserts in libc/bionic/struct_file_test.cpp.
Test: mma
Bug: http://b/30465923
Change-Id: I8ce851dd64a261703bb44f9b5cd23b7caff4dd68
__STDC_VERSION__ isn't defined for __cplusplus, so we've been removing
such checks. Some got missed.
Stop defining __func__ and just use the __PRETTY_FUNCTION__ GCC extension
in <assert.h>. Also fix the #if there so that C++ gets __assert2 rather
than __assert, and rewrite the cast to work with -I rather than -isystem.
Also remove __restrict and just always use the __restrict GCC extension.
Add a trivial test for <assert.h>.
Bug: http://b/30353757
Change-Id: Ie49bb417976293d3a9692b516e28fe3c0ae0a6d9
Test: ran bionic unit tests.
Various things:
* work around -Wnullability-completeness.
* use C++ casts in C++ and C casts in C.
* stop using attributes clang doesn't support (such as `warning`).
* remove duplicate definitions of XATTR_CREATE and XATTR_REPLACE.
Change-Id: I07649e46275b28a23ca477deea119fe843999533
Just expose the ones that bionic historically leaked.
Also, many of the M_* constants in <math.h> are actually POSIX.
Change-Id: I6275df84c5866b872b71f1c8ed14e2aada12b793
Our fopen/freopen/tmpfile are already always O_LARGEFILE, but let's add
the aliases for _LARGEFILE_SOURCE compatibility.
Bug: http://b/24807045
Change-Id: I5d99b3ef3c9f27ce70f13313f6a92e96c7f21f80
A __size_mul_overflow utility is used to take advantage of the checked
overflow intrinsics in Clang and GCC (>= 5). The fallback for older
compilers is the optimized but less than ideal overflow checking pattern
used in OpenBSD.
Change-Id: Ibb0d4fd9b5acb67983e6a9f46844c2fd444f7e69
I still don't think we can make stdio's fseeko and ftello work, but we can
have everything else, and very few programs use fseeko/ftello (and they can
just refrain from using _FILE_OFFSET_BITS and be no worse off than they are
today).
Bug: 11865851
Change-Id: Ic3cb409aae6713f4b345de954bcc4241fcd969ec
clang don't support warning attribute. Replacing warning attriubte with
deprecated attribute can achieve the same behavior whether compiled by
gcc or clang.
Bug: 19340053
Change-Id: I064432b81cf55212458edbc749eb72dc15a810fb
If we lose the #ifndef, the compiler will tell us if the definitions
of SEEK_SET and friends ever get out of sync.
Change-Id: I357cabec7c9cd451c604342344f210bba20fb6bc
Various C and C++ standards explicitly say that stdin/stdout/stderr
should be macros, but glibc makes them global variables too. This
means it's possible to write code that uses those names as locals,
but that code (toybox being an example) won't build on bionic.
If we'd done this earlier, we could have hidden __sF for LP64, but
it's too late now.
Change-Id: I90cf8c73f52b66e1760b8fa2e135b9f9f9651230
__open_2() is used by the fortify implementation of open(2) in
fcntl.h, and as such needs an unmangled C name. For some reason
(inlining?), this doesn't cause problems at the default optimization
level, but does for -O0.
The rest of these didn't cause build failures, but they look suspect
and probably will, we just haven't caught them yet.
Bug: 17784968
Change-Id: I7391a7a8999ee204eaf6abd14a3d5373ea419d5b
Fix and use __RENAME (and lose ___RENAME --- two underscores should be
enough for anybody). This was the point of this change, because I want
to use __RENAME to support the two basename variants and the two
strerror_r variants.
Lose a bunch of macros that weren't being used.
Lose three dead files from the DNS code.
Change-Id: I3ef645c566b16a52217bc2e68c7d54b37c7c9522
We don't want GCC's fixincludes to touch our <stdio.h> because we
want to support multiple platform versions with one toolchain. Give
them a nice easy unambiguous string to look for.
Bug: http://code.google.com/p/android/issues/detail?id=73728
Change-Id: I15cb9a2c9eb0a44b0965dc2139f224f2b6e68ea1
