The previous versions of the scripts did a lot of redundant changes
and were hard to follow.
I rewrote most of update_all.py so that it's clear about what's going on.
I updated clean_header.py to change the cleanupFile function so that
there is no magic about where the destination file is going to wind up.
Now the caller specifies the final location.
I updated utils.py so that if you are trying to do an update in one
location, but your lunch target is from another location, it causes
an error.
Bug: 35726570
Change-Id: Ic5a44d90c2774a627eecde34c0c403bc925a497c
Test: Ran the updater and verified it works properly.
Test: Verified that doing an update in one tree to another tree
Test: fails.
Apparently that "backdoor" is no longer needed - the proper way is
to reinitialize properties:
https://android-review.googlesource.com/#/c/181794/24/tests/system_properties_test.cpp
Also removes mentions of libnativehelper test (it no longer uses
__system_property_area__) and removes useless "extern" declaration
(actual use was removed long ago).
Test: refactoring CL, existsing tests still pass
BUG=21852512
BUG=34114501
Change-Id: I2223cab2fcb671ea180ad4470a7aba5c9cd20bd8
__system_property_set sometimes produces broken_pipe error
when trying to write a property.
This change improves error messages and uses writev() instead
of sequence of send() calls.
Bug: http://b/35381074
Test: bionic-unit-tests --gtest_filter=prop*
Change-Id: I7a5b169c015db4e6b720370e58662de8206d1086
This seemed to be the only place in bionic where a fence on a
performance-critical path could be easily replaced by a stronger
load/store order constraint. Do so.
On x86 this should generate the same code either way. Based on
microbenchmarks of the relevant ARM instructions, this is currently
performance-neutral in this kind of context. But in the future, the
newly generated acquire loads should give us a performance benefit.
Test: Booted AOSP
Change-Id: I7823e11d6ae4fd58e0425244c293262e2320fd81
Running this periodically and checking in the results is not working
out, since the result is just that I'm having to spend a lot of time
cleaning up the headers every time I need to update them in the NDK.
Run the versioner as part of the build instead. This way bionic
header changes behave like the rest of the NDK headers and will
affect NDK builds in the platform *immediately*.
Remove the preupload hook for the versioner since it's part of the
normal build now.
The versioner's dependencies directory needs to be moved because
soong won't let us try to do things outside our module's directory
(in this case libc).
Unfortunately this means we need to build the versioner for Darwin,
because we now need it to perform a platform build.
Test: make checkbuild
Bug: None
Change-Id: Icdab8a962354d9e945072dc3f806baea376c8db4
Thread local buffers were using pthread_setspecific for storage with
lazy initialization. pthread_setspecific shares TLS slots between the
linker and libc.so, so thread local buffers being initialized in a
different order between libc.so and the linker meant that bad things
would happen (manifesting as snprintf not working because the
locale was mangled)
Bug: http://b/20464031
Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests
everything passes
Test: /data/nativetest/bionic-unit-tests/bionic-unit-tests
thread_local tests are failing both before and after (KUSER_HELPERS?)
Test: /data/nativetest64/bionic-unit-tests-static/bionic-unit-tests-static
no additional failures
Change-Id: I9f445a77c6e86979f3fa49c4a5feecf6ec2b0c3f
The default locale is POSIX, not C.UTF-8. POSIX explicitly states
that MB_CUR_MAX is 1 for the POSIX locale:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/stdlib.h.html
Test: Made change in the NDK, built libc++ against it, ran NDK libc++
tests.
Bug: None
Change-Id: Ic2f6f96aa4a7f20d619030f41323831d01002715
So far this is the only issue we've hit in vendor code, and we've hit
it several times already. Rather than try to fix bullhead (the current
problem), let's just admit that the special case of 0 is a lot less
worrying.
Also fix the test expectations to correspond to the new abort message.
Bug: http://b/35455349 (crashes on 0)
Bug: http://b/35622944 (tests)
Test: ran tests
Change-Id: Iec57011fa699a954ebeaec151db2193e36d1ef35
Historically we had part of the linker licensed under BSD and
another part under Apache 2 license. This commit makes all the
linker code licensed under BSD license.
Test: m
Change-Id: I11b8163ae75966b5768d3fe992679de376106515
The deprecated headers have always had only the POSIX definition
available (and it's always been available). With the unified headers
as they are now, we actually make it unavailable for C++ users (C++
implies _GNU_SOURCE) targeting below M. Adding this guard means that
pre-M users will still at least get the POSIX one.
It's not great that moving to M as your target API will actually
change the signature of your strerror_r, but I don't see a better
option here (not until we have the compatibility library, anyway).
Test: make checkbuild
Bug: None
Change-Id: I2d15702467533a826c4ec10fd973ee929d2b562a
The comment isn't helpful as-is. Provide some clarifying information.
Test: code compiles. No functional changes.
Change-Id: I5267e0bc68857fdc8a4b3384a2a1b0d37693ee6e
Another release, another attempt to remove the global thread list.
But this time, let's admit that it's not going away. We can switch to using
a read/write lock for the global thread list, and to aborting rather than
quietly returning ESRCH if we're given an invalid pthread_t.
This change affects pthread_detach, pthread_getcpuclockid,
pthread_getschedparam/pthread_setschedparam, pthread_join, and pthread_kill:
instead of returning ESRCH when passed an invalid pthread_t, if you're
targeting O or above, they'll abort with the message "attempt to use
invalid pthread_t".
Note that this doesn't change behavior as much as you might think: the old
lookup only held the global thread list lock for the duration of the lookup,
so there was still a race between that and the dereference in the caller,
given that callers actually need the tid to pass to some syscall or other,
and sometimes update fields in the pthread_internal_t struct too.
(This patch replaces such users with calls to pthread_gettid_np, which
at least makes the TOCTOU window smaller.)
We can't check thread->tid against 0 to see whether a pthread_t is still
valid because a dead thread gets its thread struct unmapped along with its
stack, so the dereference isn't safe.
Taking the affected functions one by one:
* pthread_getcpuclockid and pthread_getschedparam/pthread_setschedparam
should be fine. Unsafe calls to those seem highly unlikely.
* Unsafe pthread_detach callers probably want to switch to
pthread_attr_setdetachstate instead, or using
pthread_detach(pthread_self()) from the new thread's start routine
rather than doing the detach in the parent.
* pthread_join calls should be safe anyway, because a joinable thread
won't actually exit and unmap until it's joined. If you're joining an
unjoinable thread, the fix is to stop marking it detached. If you're
joining an already-joined thread, you need to rethink your design.
* Unsafe pthread_kill calls aren't portably fixable. (And are obviously
inherently non-portable as-is.) The best alternative on Android is to
use pthread_gettid_np at some point that you know the thread to be
alive, and then call kill/tgkill directly.
That's still not completely safe because if you're too late, the tid
may have been reused, but then your code is inherently unsafe anyway.
Bug: http://b/19636317
Test: ran tests
Change-Id: I0372c4428e8a7f1c3af5c9334f5d9c25f2c73f21
In order to implement android::base::WaitForProperty well, we need a way to
wait not for *any* property to change (__system_property_wait_any), but to
specifically wait for the property represented by a given `prop_info` to
change.
The android::base::WaitForProperty implementation, like attempts to cache
system properties in the past, also needs a way to keep serials and values
in sync, but the existing functions don't provide a cheap way to get a
consistent snapshot. Change the __system_property_read_callback callback's
type to include the serial corresponding to the given value.
Add a test, slightly clean up some of the existing tests (and name them to
include the names of the functions they're testing, in our usual style).
Bug: http://b/35201172
Test: ran tests
Change-Id: Ibc8ebe2e88eef1e333a1bd3dd7f68135f1ba7fb5
This is a way to avoid loading multiple libc.so
when non-default namespace search path includes
/system/lib. This is used by some art tests.
Bug: http://b/26833548
Test: m -j32 test-art-target-run-test-004-JniTest
Change-Id: I919d3a0560bd3c9ac19df21a235641a667f0f017
pass_object_size(N) forwards the result of __builtin_object_size(param,
N) to a function. So, a function that looks like:
size_t foo(void *const p __pass_object_size) { return __bos0(p); }
int bar = foo(baz);
would effectively be turned into
size_t foo(void *const p, size_t sz) { return sz; }
int bar = foo(baz, __bos(baz)); // note that this is not __bos0
This is bad, since if we're using __bos0, we want more relaxed
objectsize checks.
__bos0 should be more permissive than __bos in all cases, so this
change Should Be Fine™.
This change also makes GCC and clang share another function's
implementation (recv). I just realized we need to add special
diagnostic-related overloads bits for clang to it, but I can do that in
another patch.
Bug: None
Test: Bullhead builds and boots; CtsBionicTestCases passes.
Change-Id: I6818d0041328ab5fd0946a1e57321a977c1e1250
This change removes the kuser_helper note from building automatically
with any binary but leaves the note.
Also fixes a typo in the note.
Original patch adding the note:
Ib8366e2a0810092b71381d57dee4bdaa56369a24
Bug: 34815073
Test: Manual - Note is no longer added to binaries
Change-Id: Ieb81f9d9127d1f8a522434a31c696d743238e2a5
This patch adds clang-style FORTIFY to Bionic. For more information on
FORTIFY, please see https://goo.gl/8HS2dW . This implementation works
for versions of clang that don't support diagnose_if, so please see the
"without diagnose_if" sections. We plan to swap to a diagnose_if-based
FORTIFY later this year (since it doesn't really add any features; it
just simplifies the implementation a lot, and it gives us much prettier
diagnostics)
Bug: 32073964
Test: Builds on angler, bullhead, marlin, sailfish. Bionic CTS tests
pass on Angler and Bullhead.
Change-Id: I607aecbeee81529709b1eee7bef5b0836151eb2b
Since removing the global thread is hard, let's take the different
groups of functions individually.
The existing code was racy anyway, because the thread might still be
on the list but have exited (leaving tid == 0).
Bug: http://b/19636317
Test: ran tests
Change-Id: Icc0986ff124d5f9b8a653edf718c549d1563973b
isnan was a function in POSIX in 1997, but changed to a macro only in 2004
to align with the C standard. isinf wasn't in POSIX until 2004, where it
appeared as a macro only (but other C libraries already had it as a
function).
Now the C++ standard has added ::isnan and ::isinf functions with different
signatures from the historical ones, so we need to move our historical cruft
out of the way.
We'll keep the implementations for backwards compatibility.
Bug: http://b/34724220
Test: ran tests
Change-Id: Id665f0344af6fe6ed245106e60231f4ef2027f41
gerrit still hasn't sent out the mail asking for this in an earlier code
review...
Bug: http://b/33926793
Test: builds and boots.
Change-Id: I080de633e50e47f9a052211d47da96b971b16424
glibc gives the `struct ipc64_perm` fields `key` and `seq` double-underscore
names. strace refers to the fields by those names, and there's no obvious
reason not to go along with this.
Bug: N/A
Test: built strace 4.15 with a hacked NDK
Change-Id: I8b2b0f75363349d99edaecda50fe897ee0fa0c65
No-one is directly upgrading from pre-K to O...
Also move more implementation details out of the header file.
Bug: http://b/33926793
Test: boots
Change-Id: I7a0936acbb1cea8a3b2cd6797ec53ba7e4a050f3
Bug: 33746484
Bug: 34370523
Test: Successfully boot with original service and property contexts.
Test: Successfully boot with split serivce and property contexts.
Test: Incremental build works on sailfish (reported in b/34370523)
Test: adb sideload works with aosp updater (reported in b/34370523)
Change-Id: Idf24856193032a8bc89ec384a72451e578a9d5ac
Signed-off-by: Sandeep Patil <sspatil@google.com>
ADF isn't a candidate for upstreaming and isn't (directly) usable from
unprivileged NDK code, so it makes more sense to keep video/adf.h as a
private header inside libadf, where it'll still be usable by HWC
implementations without shipping in the NDK.
libadf exports its entire include/ directory, so this shouldn't have any
impact on HWC implementations that already link against libadf.
Test: mmm system/core/adf/libadf
Test: /data/nativetest64/adf-unit-tests/adf-unit-tests (on Nexus 9)
Change-Id: I6573f539cfd7fc65433237d0b115b8b7b2728133
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Provide stub for unused but needed symbol __find_icu_symbol
which is not included to libc_nomalloc.a.
Test: mm and boot
Change-Id: I57ca09c990556d1d401e2f4a75bc49b61b4cd85d
A kernel change is going in for 64bit arm to disable kuser_helper vector
pages for 32bit processes. This change adds a special elf note to
all arm32 binaries built with bionic. This note tells the kernel to
load the kuser_helper vector page for the process.
Bug: 33689037
Test: Manual - Phone boots, 32bit binaries have the notes, 64bit
binaries do not.
Change-Id: Ib8366e2a0810092b71381d57dee4bdaa56369a24
Test: Built arm, arm64, x86, x86_64 targets.
Test: Booted on angler, and ran bionic unit tests (32 bit and 64 bit).
Change-Id: I14a8dcbea11b41f83431eabed6590cd25af07b1d
Bug: http://b/31532493
These internal API structures are never actually used anywhere that
would change behavior because it is "packed", so it is safe to remove.
Test: Builds correctly with the latest toolchain.
Change-Id: I5431992d840777605be75ab91dc21158d6d22c26
Trying to send even 0 bytes to closed socket leads to
broken pipe error. Sometimes property service is just
quick enough and closes the socket between send(valuelen)
and send(value) in the case where valuelen is 0.
Bug: http://b/34670529
Test: adb reboot 20 times and make sure phone service did not fail
Test: run bionic-unit-tests --gtest_filter=prop*
Change-Id: I96f90ca6fe1790614e7efd3015bffed1ef1e9040
This change introduces new __system_property_read_callback
method to use in place of deprecated __system_property_read
__system_property_set() and get() should just work but now
do not have limit on system property names.
Bug: http://b/33926793
Test: boot device, run adb shell propget
Test: boot device with old version of init (protocol v1)
Test: run bionic-unit-tests --gtest_filter=prop*
Change-Id: I619fb5a7e27a272aac30011579665f6160888bc7
The following files will be added.
- /vendor/default.prop for default prop overrides from vendor
partition.
- /odm/default.prop for default prop overrides from odm partition.
- /odm/build.prop for build prop overrides from odm partition.
Test: tested default/build prop files with enabling early mount, but
didn't test files of odm partition because odm partition doesn't
exist now.
Bug: 34116668
Change-Id: Ia99895a0afcdc522463d95b2f3e2841dcf2e3516
Policy library which exports an autogenerated policy from SYSCALLS.TXT
blocking any other calls.
Test: Generate policy, install onto Sailfish, check boots, Chrome runs,
calls are blocked.
Bug: 32313202
Change-Id: Ib590704e50122f077eeae26561eb9b0a70386551
android_filesystem_config.h comes from a directory outside bionic/libc
so it can't be referenced directly, add it as a source file through
a filegroup module.
Bug: 34283327
Test: builds
Test: libc rebuilds after touch system/core/include/private/android_filesystem_config.h
Change-Id: I90f6b7b25b70842b8619d558074449f13e6e6b03
These functions are supposed to be used only by the
property service.
__system_property_find_nth is deprecated and no longer part
of NDK. Call to this function will result in abort for apps
targeting Android O.
Bug: http://b/34114501
Test: bionic-unit-tests --gtest_filter=prop*
Change-Id: I9846965bf248e2ddf45cd7b293618245bbd87145
Bug: 33746484
Test: Successfully boot with original service and property contexts.
Test: Successfully boot with split serivce and property contexts.
Change-Id: Id1acb8c4273c6f93396e8cf7a063571a2bf08786
Signed-off-by: Sandeep Patil <sspatil@google.com>
Another release, another attempt to fix this bug.
This change affects pthread_detach, pthread_getcpuclockid,
pthread_getschedparam/pthread_setschedparam, pthread_join, and pthread_kill:
instead of returning ESRCH when passed an invalid pthread_t, they'll now SEGV.
Note that this doesn't change behavior as much as you might think: the old
lookup only held the global thread list lock for the duration of the lookup,
so there was still a race between that and the dereference in the caller,
given that callers actually need the tid to pass to some syscall or other,
and sometimes update fields in the pthread_internal_t struct too.
We can't check thread->tid against 0 to see whether a pthread_t is still
valid because a dead thread gets its thread struct unmapped along with its
stack, so the dereference isn't safe.
Taking the affected functions one by one:
* pthread_getcpuclockid and pthread_getschedparam/pthread_setschedparam
should be fine. Unsafe calls to those seem highly unlikely.
* Unsafe pthread_detach callers probably want to switch to
pthread_attr_setdetachstate instead, or using pthread_detach(pthread_self())
from the new thread's start routine rather than doing the detach in the
parent.
* pthread_join calls should be safe anyway, because a joinable thread won't
actually exit and unmap until it's joined. If you're joining an
unjoinable thread, the fix is to stop marking it detached. If you're
joining an already-joined thread, you need to rethink your design.
* Unsafe pthread_kill calls aren't portably fixable. (And are obviously
inherently non-portable as-is.) The best alternative on Android is to
use pthread_gettid_np at some point that you know the thread to be alive,
and then call kill/tgkill directly. That's still not completely safe
because if you're too late, the tid may have been reused, but then your
code is inherently unsafe anyway.
If we find too much code is still broken, we can come back and disable
the global thread list lookups for anything targeting >= O and then have
another go at really removing this in P...
Bug: http://b/19636317
Test: N6P boots, bionic tests pass
Change-Id: Ia92641212f509344b99ee2a9bfab5383147fcba6
Don't allow processes to read the contents of the directory
/dev/__properties__. This is an implementation detail of the properties
system that processes shouldn't be concerned with.
Test: Device boots and no problems reading individual properties.
Test: ls -la /dev/__properties__ fails
Change-Id: I00130fe4529525935654bff91e3cc59253b86e26
Stream-mode detection for L1 in A7-core is failing for
non cache-line-size (non 64 byte) aligned addresses.
This leads to destination data getting cached unnecessarily.
This A7 issue is confirmed by ARM
This issue is solved by aligning destination address to 64 byte before
entering the loop in memcpy routine.
Though we get lower score for micro_bench memcpy when L1 cache is bypassed,
it is desirable since it avoids unnecessary eviction of other process data
from L1 which is good for overall system performance.
Higher micro_bench memcpy numbers for < 64byte alignment shows good numbers
but this is at the cost of L1 cache pollution. During memcpy/memset,
unnecessary data is filled in L1 cache, this causes eviction of other
process data from L1.
For example during msmset(0), L1 cache gets filled with 0s which should be
avoided.
Additionally, there is another issue with cortex A7 that impacts performance
for all alignments / all Android Wear versions:
Store Buffer on A7 is 32 byte which limits the 32-byte back to back stores.
In the current implementation back to back 32bytes writes is causing CPU stalls.
This issue can be solved by interleaved Loads and Stores.
This helps in avoiding CPU stalls during memcpy by utilizing efficiently the
A7 internal load and store buffers.
Change-Id: Ie5f12f2bb5d86f627686730416279057e4f5f6d0
280236537e factored the pthread types out
so that they could be in both <sys/types.h> and <pthread.h>.
Bug: N/A
Test: builds
Change-Id: Ie649c938ec8be1c59a0e4ef777f425550f8d4539
To support upcoming disk usage calculation optimizations, this change
creates a new GID for each app that will be used to mark its cached
data. We're allocating these unique GIDs so that we can use
quotactl() to track cached data on a per-app basis.
Test: builds, boots, tests pass
Bug: 27948817
Change-Id: Ic00c39ccedc23d5d43988029e9921679126f8f2d
Other C libraries don't have this, and it doesn't make sense on Android
anyway.
Bug: N/A
Test: builds
Change-Id: Iebc490698d620b5baec5f9a7ad5e1a0a1323d16c
Some of the function pointer types were wrong, and x86 cares if you
say `int` when you meant `int8_t` (because it feels at liberty to
leave the top bits dirty and ignore them, both sides need to agree
which they're dealing with).
Also slightly improve the wcstoimax and wcstoumax tests, since my
investigation started there.
Bug: http://b/33451822
Test: tests pass on x86, arm, and arm64
Change-Id: I553193962f0cb993666f9f8e415990bba5b669e1
This is to prevent situations when libgcc.a calls into incorrect
implementation of dl_iterate_phdr.
Bug: http://b/27106625
Test: build && run bionic-unit-tests --getst_filter=dl*:Dl*
Change-Id: I4cba8c4a156f91f17ba3d95c39cb80f9b70c9d8f
