It's possible for the main thread to leave the RunTimedTest
function before the waiting thread has had a chance to call e.g.
pthread_cond_timedwait(). In this case, pthread_cond_timedwait()
will access the local variable ts after its lifetime has ended. Fix
the bug by making ts a field of pthread_CondWakeupTest instead. The
lifetime of pthread_CondWakeupTest is tied to that of the waiting
thread via the pthread_join() call.
Found with HWASan + uaccess logging.
Change-Id: Iefe8deb30a367dc518013d741c425b041596b0d3
LLD supports `-z global`, unlike ld.gold, which this was previously a
workaround for.
Test: mm in test dir
Change-Id: I1f621c329accfb31912a19544e34447aff0dfa28
Explicitly test an invalid 5-byte UTF-8 sequence with mbrtoc16(3); the
fact that we weren't testing this was shown by coverage data.
Merge the surrogate pair tests in with their fewer-byte siblings to make
it clearer to a human reader that we've covered both cases.
Clear errno to make assertions about errno more convincing.
Test: treehugger
Change-Id: I485a48cc141f3e52058e2138326f3134d41b2243
This came up with POSIX recently. Doesn't seem like it matters since
everyone's had this wrong for 40 years, but "meh" --- it's a trivial
fix, and it's strictly correct even if nobody needs this, so let's just
do it...
(Geoff Clare pointed out that my app compat concern "what if someone's
relying on this bug to pass flags to the shell?" isn't relevant because
while you can indeed do that, you then can't pass a command!)
Bug: https://austingroupbugs.net/view.php?id=1440
Test: treehugger
Change-Id: I64f6440da55e2dc29d0136ee62007197d2f00d46
This is a KI: https://bugs.llvm.org/show_bug.cgi?id=46488
Bug: 203737712
Test: m GLOBAL_THINLTO=true bionic-unit-tests-static
Change-Id: I950a85f9676136299fc994a800d32e20bf12a8dd
They're in glibc, though not in musl.
Also add basic doc comments to the whole of <sys/uio.h>.
Bug: http://b/203002492
Test: treehugger
Change-Id: Ic607f7f349e5b7c9bf66c25b7bd68f827da530d6
The allocator for the native bridge is not necessarily going to
allocate the slack data.
Bug: 202428612
Test: Ran on non-native bridge and verified test isn't skipped.
Test: Ran on native bridge and verified test is skipped.
Change-Id: Ia1555be0e9f55896af7ca81830605367133c44a1
(cherry picked from commit 7c0ce86a00)
* -Wstatic-in-inline found in
libm/upstream-freebsd/lib/msun/src/s_lround.c
Test: mm in bionic/tests
Bug: 201432564
Bug: 202752322
Change-Id: I4d506fa539ab0de939d85924a5fd9a61644e4fb0
Use cc_genrules to create the dlext test zips needed by the bionic
tests. The genrules aren't visible to Make, and so don't work with
the `required` property. Move all of the dependencies to `data_bins`,
`data_libs` or `data` for helper binaries, shared libraries or
genrule zip files respectively. The `data*` properties copy the
files into the same directory as a test, respecting the
`bionic-loader-test-libs` relative path specified by each, but
does not put each helper binary in its own subdirectory, so update
the paths in each of the tests.
Bug: 200872604
Test: atest CtsBionicTestCases
Test: atest bionic-unit-tests
Test: cts-tradefed run commandAndExit cts -m CtsBionicTestCases
Test: adb push $OUT/data/nativetest/bionic-unit-tests /data/nativetest/ && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Change-Id: Ic4257cb4104ff558326df2363730acd20464b051
clang was configured to force 16 byte alignments on allocations > 8
for 64 bit. Unfortunately, we never updated our alignment test to
verify this behavior. So this finally adds these new restrictions.
In addition, when GWP-ASan is enabled, it will take over allocations
from the native allocator. In order to make sure that GWP-ASan also
obeys these alignment checks, add a test that forces GWP-ASan on and
runs the alignment check test.
Test: Ran unit tests on a flame using scudo (both 32 bit and 64 bit).
Test: Ran unit tests on a flame using jemalloc (both 32 bit and 64 bit).
Change-Id: I87a20b9c2f32b9d207f36437d291ed44247dcbd1
When calling android_mallopt using M_INITIALIZE_GWP_ASAN, nothing
was being returned. Fix this, add a test, and also refactor the
code a bit so dynamic and static share the same code.
Test: Unit tests pass in dynamic and static versions.
Test: Passed using both jemalloc and scudo.
Change-Id: Ibe54b6ccabdbd44d2378892e793df393978bc02b
Musl doesn't define __NR_clock_gettime and __NR_gettimeofday on
32-bit architectures, #define them to __NR_clock_gettime32 and
__NR_gettimeofday_time32 respectively.
Bug: 190084016
Test: m USE_HOST_MUSL=true bionic-unit-tests-glibc
Change-Id: Iec9ba776a94639a4b6a3ad42f18dfdb0e3580f02
Modify bionic unit tests that are built for glibc so that they also
build against musl. They don't all pass though:
With glibc:
2 SLOW TESTS
4 TIMEOUT TESTS
313 FAILED TESTS
YOU HAVE 2 DISABLED TESTS
With musl:
11 SLOW TESTS
11 TIMEOUT TESTS
363 FAILED TESTS
YOU HAVE 2 DISABLED TESTS
Bug: 190084016
Test: m bionic-unit-tests-glibc with musl
Test: atest bionic-unit-tests-static
Test: atest --host bionic-unit-tests-glibc with glibc
Change-Id: I79b6eab04fed3cc4392450df5eef2579412edfe1
Work around the incompatibility between libc++ and !_GNU_SOURCE
by defining a wrapper function around the posix strerror_r in
a file that does not include any libc++ or gtest headers.
Test: bionic-unit-tests-glibc
Change-Id: I6b097079777b5dcd802e295cc566964fe1c01382
The posix spec says strerror_r returns a positive error number, not
-1 and set errno.
Test: bionic-unit-tests-static
Change-Id: I6a12d50d046f9caac299bf3bff63e6c9496c1b6f
Do not assume that tests start with Sync MTE; check the initial setting
and change test logic as appropriate.
Bug: 192480262
Test: bionic-unit-tests with MEMTAG_OPTIONS=(off|sync|async)
Merged-In: Id80301e6426af16f89bd80a7a7ab127b6fd60425
Change-Id: Id80301e6426af16f89bd80a7a7ab127b6fd60425
(cherry picked from commit 53df1f3772)
Do not assume that tests start with Sync MTE; check the initial setting
and change test logic as appropriate.
Bug: 192480262
Test: bionic-unit-tests with MEMTAG_OPTIONS=(off|sync|async)
Change-Id: Id80301e6426af16f89bd80a7a7ab127b6fd60425
We know game developers (and the Games SDK) look at this stuff, so make
a bit more of an effort to ensure it's not completely broken.
Test: treehugger
Change-Id: I20b1c167faa1d9f4f39a94a723dabb848ce34269
This function doesn't return, but it does appear in stack traces. Avoid
using return PAC in this function because we may end up resetting IA,
which may confuse unwinders due to mismatching keys.
Bug: 189808795
Change-Id: I953da9078acd1d43eb7a47fb11f75caa0099fa12
Merged-In: I953da9078acd1d43eb7a47fb11f75caa0099fa12
This function doesn't return, but it does appear in stack traces. Avoid
using return PAC in this function because we may end up resetting IA,
which may confuse unwinders due to mismatching keys.
Bug: 189808795
Change-Id: I953da9078acd1d43eb7a47fb11f75caa0099fa12
The allocator for the native bridge is not necessarily going to
allocate the slack data.
Bug: 189606147
Test: Ran on non-native bridge and verified test isn't skipped.
Test: Ran on native bridge and verified test is skipped.
Change-Id: Ia1555be0e9f55896af7ca81830605367133c44a1
The LD_CONFIG_FILE test needs to match how Bionic was compiled, and
Bionic only enables LD_CONFIG_FILE for debug builds (i.e. ro.build.type
is "user"). ro.debuggable can be forced on without recompiling Bionic.
Bug: http://b/140324381
Bug: http://b/189422994
Test: bionic unit tests
Change-Id: I139059a7f94d15a5447dab292927606a6bcc48ef
(cherry picked from commit 546723b2b8)
The LD_CONFIG_FILE test needs to match how Bionic was compiled, and
Bionic only enables LD_CONFIG_FILE for debug builds (i.e. ro.build.type
is "user"). ro.debuggable can be forced on without recompiling Bionic.
Bug: http://b/140324381
Bug: http://b/189422994
Test: bionic unit tests
Change-Id: I139059a7f94d15a5447dab292927606a6bcc48ef
Turns out that "NSAP" is yet another ISO standard that no-one actually
uses: https://en.wikipedia.org/wiki/NSAP_address
Test: treehugger
Change-Id: I73b4d924a8f4d34e3e2f2da00d0d5529db8e97d1
The test aims to check that the time obtained the VDSO is the "same"
as that obtained via the system call. Unfortunately, time progresses.
Any check involving some fixed tolerance will have some non-zero
probability of failure.
We can instead check that a VDSO time value lies between two system
call times.
Bug: 184819133
Change-Id: Idb9c17b9f612613f6e18a56ee0f256971ddbdf1f
Signed-off-by: Giuliano Procida <gprocida@google.com>
Also delete some fdsan code that attempts to check for the post-fork
state, but never will, because we update the cached pid upon fork.
Bug: http://b/174542867
Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests
Test: treehugger
Change-Id: I9b748dac9de9b4c741897d93e64d31737e52bf8e
The sleep(3) / clock(3) test is sensitive to outliers in the
distribution of CPU consumed by the sleep system call.
This changes the measured quantity to be the mean over 5 samples and
sets the threshold to 10ms.
Bug: 184727758
Change-Id: I20df3b620a5fbf4e58a3ca67306370351ac01d0c
Test: treehugger
Signed-off-by: Giuliano Procida <gprocida@google.com>
arm64 was already being careful, but x86/x86-64 and 32-bit ARM could be
caught by a signal in a state where the stack pointer was mangled.
For 32-bit ARM I've taken care with the link register too, to avoid
potential issues with unwinding.
Bug: http://b/152210274
Test: treehugger
Change-Id: I1ce285b017a633c732dbe04743368f4cae27af85
There's a weird POSIX special case that we implement but don't test.
Found from looking through the coverage data.
Test: treehugger
Change-Id: I74f5f57c4d8062034a3f6e986f9e57091bfc7f7c
This works around buggy applications that read a few bytes past the
end of their allocation, which would otherwise cause a segfault with
the concurrent Scudo change that aligns large allocations to the right.
Because the implementation of
android_set_application_target_sdk_version() lives in the linker,
we need to introduce a hook so that libc is notified when the target
SDK version changes.
Bug: 181344545
Change-Id: Id4be6645b94fad3f64ae48afd16c0154f1de448f
Disable debuggerd for these expected failures.
Also use the usual naming pattern.
Bug: http://b/180605583
Test: check logs
Change-Id: I0254cb658d8a68e963ef59264106de4775e3fedd
I'm assuming this was useful while debugging, but isn't needed now.
Bug: http://b/180605583
Test: check logs
Change-Id: I9d5bb8db60e7709a9a52e29469f7fd1d5a9cb085
We just want to check that SIGFPE is raised, not try to "debug" this
expected behavior.
Bug: http://b/180605583
Test: check logs
Change-Id: I11571e02c4608570e0d406adeabc36186c5bb107
These were creating tombstones and spewing to the log.
You need TEST_F() rather than TEST(), and the modern style is apparently
to use `using` rather than an empty subclass.
Bug: http://b/180605583
Test: run tests, check logcat
Change-Id: I1e639d34854aeff6f042c24643b769a6bcfab877
The existing attempt at a death test wrapper wasn't functional (because
the tests were TEST rather than TEST_F), and the code in that class
doesn't work anyway. Since I don't understand the intent behind the
failing dup2() calls, I've just removed this and replaced it with
BionicDeathTest which we do need to suppress all the debuggerd work
which caused this bug to be filed.
Bug: http://b/180605583
Test: treehugger
Change-Id: I7717f7ae2620452656cf07db299774dadef55766
The example in the bug was 16ms instead of 10ms. Try 20ms?
Bug: http://b/180581857
Test: treehugger
Change-Id: I58302ad576ab5a031124244edef9df733d796c7e
This is undefined behavior, but glibc and macOS are both lenient, and
someone hit this in the wild, so we may as well be lenient too. (The
only cost is that it's now slightly easier to write code that works on
everything except old versions of Android.)
Bug: https://issuetracker.google.com/180598400
Test: treehugger
Change-Id: Ia217169ea6283cc53f4fbf71e5abfa08356c2049
Auto-generate NOTICE files for all the directories, and for each one
individually rather than mixing libc and libm together.
Test: N/A
Change-Id: I7e251194a8805c4ca78fcc5675c3321bcd5abf0a
This reverts commit 315969a67e.
Reason for revert: r407598b has llvm.org/D90898, which should fix the test.
Change-Id: I466e2122a700ba4df9160b57a5d3c94867472615
This has been in the standard since C99, but we've never supported it
before. It's apparently used by SPIRV-Tools.
I tried implementing this the other way (with fcntl(2)) first, but
eventually realized that that's more complicated and gives worse
results. This implementation assumes that /proc is mounted, but so much
of libc relies on that at this point that I don't think there's any
realistic case where the fcntl(2) implementation would be preferable,
and there are many where it's not.
The fact that no-one's mentioned this until now suggests that it's not a
heavily used feature anyway.
I've also replaced AssertCloseOnExec() with a CloseOnExec()
boolean-valued function instead, because it's really annoying getting
assertion failures that don't point you at the test line in question,
and instead point to some common helper code.
Test: treehugger
Change-Id: Ia2e53bf2664a4f782581042054ecd492830e2aed
This timed out the invocation when trying to run all cc_test, excluding it from unit tests.
Change-Id: I67758d5e49b607b7c10052bc193d885d9123bedf
Test: presubmit
Bug: 179092189
* When clang-tidy is called, its checks
gave different diagnostic messages.
Bug: 178534530
Test: mm with WITH_TIDY=1
Change-Id: I5eec8239d5531f88caefca3c4032f9764deb9e09
Introduces new heap-zero-init API. We've realised that it's better to be
able to individually control MTE and heap zero-init. Having
heap-zero-init not be controllable without affecting MTE affects our
ability to turn off heap-zero-init in zygote-forked applications.
Bug: 135772972
Test: On FVP: atest -s localhost:5555 malloc#zero_init \
Test: malloc#disable_mte heap_tagging_level
Change-Id: I8c6722502733259934c699f4f1269eaf1641a09f
During "step 1" of find_libraries, the linker finds the transitive
closure of dependencies, in BFS order. As it finds each library, it
adds the library to its primary namespace (so that, if some other
library also depends on it, find_loaded_library_by_soname can find the
library in the process of being loaded).
LD_PRELOAD libraries are automatically marked DF_1_GLOBAL, and any
DF_1_GLOBAL library is added to every linker namespace. Previously,
this secondary namespace registration happened after step 1. The result
is that across different namespaces, the order of libraries could vary.
In general, a namespace's primary members will all appear before
secondary members. This is undesirable for libsigchain.so, which we
want to have appear before any other non-preloaded library.
Instead, when an soinfo is added to its primary namespace, immediately
add it to all the other namespaces, too. This ensures that the order of
soinfo objects is the same across namespaces.
Expand the dl.exec_with_ld_config_file_with_ld_preload and
dl.exec_with_ld_config_file tests to cover the new behavior. Mark
lib1.so DF_1_GLOBAL and use a "foo" symbol to mimic the behavior of a
signal API interposed by (e.g.) libsigchain.so and a ASAN preload.
Test: bionic unit tests
Bug: http://b/143219447
Change-Id: I9fd90f6f0d14caf1aca6d414b3e9aab77deca3ff
These are available from mallopt() now, and all callers have been
switched over.
Bug: http://b/135772972
Test: treehugger
Change-Id: I90c7a7573b261c27001a2dfd4589b23861ad613b
This flag is required to filter out shared VMAs when compacting memory
using process_madvise.
Test: atest bionic-unit-tests-static
Bug: 173258203
Change-Id: I01fc0cc614b03128a5a9b0a6c8c5c2d829b701f9
The current libunwind.a LLVM prebuilt lacks the special arm64 signal
frame unwinder (https://reviews.llvm.org/D90898), so disable the signal
frame unwinding tests temporarily. (It's not clear who needs this
functionality on Android -- typically crash dumping should use
libunwindstack instead of _Unwind_Backtrace.)
Bug: http://b/153025717
Test: bionic unit tests
Change-Id: I36644dfe4acbedd937768c3aaaad1010099d602c
These were only available internally via android_mallopt(), but they're
likely to be needed by more code in future, so move them into mallopt().
This change leaves the android_mallopt() options for now, but I plan on
coming back to remove them after I've switched the handful of callers
over to mallopt() instead.
Bug: http://b/135772972
Test: treehugger
Change-Id: Ia154614069a7623c6aca85975a91e6a156f04759
Now that the feature guarded by this flag has landed in Linux 5.10
we no longer need the flag, so we can remove it.
Bug: 135772972
Change-Id: I02fa50848cbd0486c23c8a229bb8f1ab5dd5a56f
They're both obsolescent in POSIX.1-2008, and you really shouldn't be
using them, but since we can't actually delete them...
This change makes them both obey $TMPDIR if set, and fall back to
/data/local/tmp otherwise. That's as good as we've managed for anything
else such as tmpfile(3).
Also add some tests.
Bug: http://b/174682340
Test: treehugger
Change-Id: Ieef99dcc2062f84b2b7cbae046787fdfe975e772
These cover the parts of fnmatch() that I think I understand. Missing
FNM_LEADING_DIR because I still haven't understood that yet. All the
descriptions of its behavior that I've seen are slightly (or very)
inconsistent, and it seems like the implementations are genuinely
different too.
Test: treehugger
Change-Id: I1284c406639bef1bfe74db3cad45965c8ab29c2b
- Make it apply to every thread, and thus remove the restriction
that it must be called while the program is single threaded.
- Make it change TCF0 itself (on all threads), instead of requiring
callers to do it themselves, which can be error prone.
And update all of the call sites.
Change the implementation of
android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) to call
android_mallopt(M_SET_HEAP_TAGGING_LEVEL) internally. This avoids
crashes during startup that were observed when the two mallopts
updated TCF0 unaware of each other.
I wouldn't expect there to be any out-of-tree callers at this point,
but it's worth noting that the new interface is backwards compatible
with the old one because it strictly expands the set of situations in
which the API can be used (i.e. situations where there are multiple
threads running or where TCF0 hadn't been updated beforehand).
Bug: 135772972
Change-Id: I7746707898ff31ef2e0af01c4f55ba90b72bef51
Not sure what the problem is yet, and can't guarantee I'll have time to
look this week, so let's disable this for now...
Bug: http://b/172465723
Test: treehugger
Change-Id: I052c2ed876504581cb89e49f1c65c3232d213eb5
A constructor or destructor function with an integral priority is
placed in an .init_array or .fini_array section with the priority
suffixed to the section name:
- __attribute__((constructor)) ==> .init_array
- __attribute__((constructor(42))) ==> .init_array.42
The suffixed init/fini sections appear before the unsuffixed sections,
so the prioritized functions appeared before the __{INIT,FINI}_ARRAY__
symbols and were dropped when the symbols were used.
The (static) linker doesn't recognize priority suffixes on
.preinit_array.
This bug affected .init_array and .fini_array for static executables.
For dynamic executables, only .fini_array was affected, because
.init_array is handled by the dynamic loader instead, which uses
DT_INIT_ARRAY[SZ]. For DSOs, neither is affected, because the two
sections are only handled by the dynamic loader.
This patch also fixes a minor inconsistency where dynamic init/preinit
were passed argc/argv/envp, but static were not.
Bug: http://b/170983066
Test: bionic-unit-tests
Change-Id: I0fffa776e5d9bdb6f8af06b4c1af148236742fef
With native_bridge, native and emulated parts exchange data, including
pointers. If tagging on native architecture is different from tagging on
emulated architecture, all the pointers in the data exchange must be
identified and marshalled, which is hardly feasible.
Disable MTE tests with native_bridge.
Bug: 135772972
Bug: 159352723
Test: bionic-unit-tests --gtest_filter=*mte*
Change-Id: Icba90636173e9e71036def5302c7d0a09dd8873b
(cherry picked from commit ed51fb9a07)
Introduce an android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) API call
that may be used to disable zero- or pattern-init on non-MTE hardware,
or memory tagging on MTE hardware. The intent is that this function
may be called at any time, including when there are multiple threads
running.
Disabling zero- or pattern-init is quite trivial, we just need to set
a global variable to 0 via a Scudo API call (although there will be
some separate work required on the Scudo side to make this operation
thread-safe).
It is a bit more tricky to disable MTE across a process, because
the kernel does not provide an API for disabling tag checking in all
threads in a process, only per-thread. We need to send a signal to each
of the process's threads with a handler that issues the required prctl
call, and lock thread creation for the duration of the API call to
avoid races between thread enumeration and calls to pthread_create().
Bug: 135772972
Change-Id: I81ece86ace916eb6b435ab516cd431ec4b48a3bf
It's possible for malloc to return a pointer that is not going to
crash with __cfi_slowpath. It's possible to modify the cfi code
to avoid this problem, but I'm not convinced that this will be any
better at catching problems. So I'm just modifying the test so that
it will eventually allocate a pointer that does not overlap.
This previous version of the test failed on jemalloc svelte config,
but there is nothing that would not result in a failure on scudo
leading to a failure every once in a while.
Bug: 142556796
Bug: 140079007
Test: cts -m CtsBionicTestCases
Change-Id: Ibf12a286c411e0bdc9f81589f2f66fd0ccd7f07a
(cherrypick of f322483b3f)
A downstream user of bionic has a test that requires the sizes and
offsets of various fields in pthread_internal_t to be consistent
between x86 and arm32, and between x86_64 and arm64, by checking that
the sizes and offsets match hardcoded constants. Since this test often
makes it difficult to update bionic's internal data structures, add
a test to bionic that does the same thing so that we can remove the
downstream test and make it easier to change internal data structures
in bionic.
Change-Id: Id5bd3f9fae00aa3b50d1b1267e782e26fe6c8369
android_filesystem_config.h is found since system/core/include is on
the include path for all projects and contains a symlink to the real
android_filesystem_config.h. This is fragile and the below bug seeks
to remove this symlink and have users correctly depend on
libcutils_headers.
In bionic, libcutils_headers header library cannot be used due to
cyclic dependencies, so it gets the actual include path instead, which
is less bad than depending on the build system injecting the for all
modules.
Bug: 165825252
Test: build
Change-Id: Id43bdea9553b1174ceb3efc2a3ed505888619c62
The test reserves all memory but the minimum required to create a
thread. However, after the thread is created, native_bridge needs more
memory to translate and run the thread function.
This might be prevented by native_bridge preallocating a memory buffer
to be used for translation. But, first, this complication seems to be
needed just for this kind of tests, and, second, it is pretty flaky
regarding changes both in native_bridge and bionic.
Looks better to disable this test with native_bridge.
Bug: 67745607
Bug: 148608153
Bug: 157394871
Test: bionic-unit-tests --gtest_filter=pthread.pthread_create__mmap_failures
Change-Id: I42ce2b5a01a7d9f10d952a5fc7b75d51fa89072a
(cherry picked from commit b4f7aaac5c)
Except they are the same on arm32/arm64, so we hadn't really noticed. x86
and x86-64 are quite different though, presumably by historical accident.
Fix the definitions and add some static asserts.
Bug: https://github.com/android/ndk/issues/1347
Test: treehugger
Change-Id: Ic27b172066cf3443749463b9b73c912d204f9516
I made toybox use strptime %Z recently (so that it can parse the default
POSIX date(1) output), forgetting that bionic's strptime(3) doesn't
support %Z. Neither does glibc, for that matter; the toybox change works
on glibc effectively by accident --- glibc just ignores the next word
when parsing %Z and assumes that the current time zone ($TZ) is
appropriate. Which it is for the only obvious use case of "round trip
date(1) output".
The related %z is potentially quite a bit more useful in general (parsing
any valid RFC822 time zone), though sadly not useful for the toybox case
that prompted.
Every time I touch this file I promise that I'll actually get us back in
sync with upstream, and every time I fail to get round to it. Maybe
2020 or 2021 will finally be the year...
Also add corresponding tests.
Bug: https://b/167455975
Test: treehugger
Change-Id: I13a7fb7e3ad01ae855750b9314d2eec661fe034f
bionic/tests/fortify_test.cpp:207:31: error: format specifies type 'char *' but the argument has type 'void *' [-Werror,-Wformat]
ASSERT_FORTIFY(printf("%s", memchr(myfoo.a, 'a', asize)));
~~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~
Bug: http://b/155835175
Test: atest for bionic
Change-Id: I0fa4e63deadffb7391e66ab834ff11e4f1d6dba6
Mostly from extra test cases, but also:
* Move the fgets size < 0 assertion into fgets.
* Use ELF aliases for strtoq/strtouq rather than duplicating code.
* Don't check uname() succeeded, since it can't fail.
Test: treehugger
Change-Id: I2e6b3b88b0a3eb16bd68be68b9bc9f40d8043291
(Based on proposal at https://sourceware.org/glibc/wiki/ThreadPropertiesAPI)
This includes API to:
- locate static and dynamic TLS
- register thread-exit and dynamic TLS creation/destruction callbacks
Change-Id: Icd9d29a5b2f47495395645e19d3b2c96826f19c8
This is not actually a property that is guaranteed by the bionic
implementation of CFI shadow. Since the gaps between libraries are not
completely inaccessible, it is possible for a stack mapping to sneak in,
which would cause the callback to register in the test library.
This is not a correctness issue in CFI as the actual __cfi_check
callback will reject such address anyway, at a small CPU cost.
Bug: 156218352
Test: CtsBionicTestCases-cfi_test#basic
Change-Id: I8d04fb7132e1eac2a8abfbc48a37c8eac6e25a09
Merged-In: I8d04fb7132e1eac2a8abfbc48a37c8eac6e25a09
(cherry picked from commit 0f6b504e0c)
Now we're being marked down for our poor coverage, we may as well remove
more broken cruft. Despite the amount of effort that seems to have gone
into pututline(), it wasn't working with the other utmp.h functions (in
particular, utmpname()), and wasn't declared in the header file!
Test: treehugger
Change-Id: I1a583984189c751168c11c01431433f96f8c548b
Similar to the musl strstr. This patch also increases test coverage for
memmem, again similar to the strstr tests.
Test: treehugger
Change-Id: I7f4a2ab93a610cb692994d06d2512976e657ae9f
Bug: http://b/157081822
- Disable coverage for libtest_check_rtld_next_from_library to make
dlfcn.rtld_next_from_library to pass.
- The coverage runtime sets an environment variable to prevent
clobbering of the coverage data on disk. Include that variable as well
when checking `printenv` output. This is done at runtime by checking
for LLVM_PROFILE_FILE environment variable.
- dl.preinit_system_calls still fails after this change.
Test: bionic tests with libc coverage turned on.
Change-Id: I3ea2b0800886d8c0984969a4ee8bfb0da03c33b0
Update a comment in android-changes-for-ndk-developers.md about the
removed debug.ld.greylist_disabled system property.
Update language to comply with Android's inclusive language guidance
#inclusivefixit
See https://source.android.com/setup/contribute/respectful-code for reference
Bug: http://b/162536543
Test: bionic-unit-tests
Change-Id: I760ee14bce14d9d799926c43d2c14fd8ffbc6968
This was initially just to try on "pty" and "tty" for size, while
discussing with other projects to try to align on vocabulary, but -- in
the implemention and tests at least -- but these work out so well that
I'm tempted to go with them anyway if we can't come to a concensus. We
can always come back and change them again later.
What I really like is that you pass the pty to functions like ptsname()
and grantpt() with a 'p' in the name, and the tty to functions like
ttyname() and tcsetattr() with just 't's.
The use of "parent" and "child" in forkpty() seems helpful too.
Also fix the documentation of forkpty(), which wasn't quite right.
Test: treehugger
Change-Id: Ic010c4b669f6528591c653e3701f4e41e0d0df9e
https://reviews.llvm.org/D75225 changed the way that orphan sections are
retained, breaking this test. The test relied on these sections being
merged in an implementation-defined order that no longer holds true. We
can use custom sections to place the symbols we want more precisely.
Bug: http://b/161943302
Test: adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests --gtest_filter=dlfcn.segment_gap --no_isolate
Change-Id: I65656080e39be16833191cb92d3d4c41e409b216
This is not actually a property that is guaranteed by the bionic
implementation of CFI shadow. Since the gaps between libraries are not
completely inaccessible, it is possible for a stack mapping to sneak in,
which would cause the callback to register in the test library.
This is not a correctness issue in CFI as the actual __cfi_check
callback will reject such address anyway, at a small CPU cost.
Bug: 156218352
Test: CtsBionicTestCases-cfi_test#basic
Change-Id: I8d04fb7132e1eac2a8abfbc48a37c8eac6e25a09
(cherry picked from commit 0f6b504e0c)
The comment and pragma for GCC genuinely don't seem to be needed for
Clang.
Clarify the comment about the two ways in which clang_fortify_tests.cpp
is used.
Test: treehugger
Change-Id: Icb48a5848c005104ab2d2456da3978bbaf7e158c
This is not actually a property that is guaranteed by the bionic
implementation of CFI shadow. Since the gaps between libraries are not
completely inaccessible, it is possible for a stack mapping to sneak in,
which would cause the callback to register in the test library.
This is not a correctness issue in CFI as the actual __cfi_check
callback will reject such address anyway, at a small CPU cost.
Bug: 156218352
Test: CtsBionicTestCases-cfi_test#basic
Change-Id: I8d04fb7132e1eac2a8abfbc48a37c8eac6e25a09
R GSI on P product tests fail since pw_shell has changed. This value
has no practical use on Android, so we ignore testing it for older
vendor images.
Bug: 160937247
Test: this test does/doesn't run appropriately
Merged-In: Ie485bd019b3826e71ad19131effcbb002f888d52
Change-Id: Ie485bd019b3826e71ad19131effcbb002f888d52
(cherry picked from commit b9fa04d805)
R GSI on P product tests fail since pw_shell has changed. This value
has no practical use on Android, so we ignore testing it for older
vendor images.
Bug: 160937247
Test: this test does/doesn't run appropriately
Change-Id: Ie485bd019b3826e71ad19131effcbb002f888d52
With native_bridge, native and emulated parts exchange data, including
pointers. If tagging on native architecture is different from tagging on
emulated architecture, all the pointers in the data exchange must be
identified and marshalled, which is hardly feasible.
Disable MTE tests with native_bridge.
Bug: 135772972
Bug: 159352723
Test: bionic-unit-tests --gtest_filter=*mte*
Change-Id: Icba90636173e9e71036def5302c7d0a09dd8873b
This replaces a single 2Gb readable memory region with a bunch of tiny
regions, and leaves the bulk of 2Gb mapped but unaccessible. This makes
it harder to defeat ASLR by probing for the CFI shadow region.
Sample CFI shadow mapping with this change:
7165151000-716541f000 ---p 00000000 00:00 0 [anon:cfi shadow]
716541f000-7165420000 r--p 00000000 00:00 0 [anon:cfi shadow]
7165420000-71654db000 ---p 00000000 00:00 0 [anon:cfi shadow]
71654db000-71654dc000 r--p 00000000 00:00 0 [anon:cfi shadow]
71654dc000-71654dd000 r--p 00000000 00:00 0 [anon:cfi shadow]
71654dd000-71654f0000 ---p 00000000 00:00 0 [anon:cfi shadow]
71654f0000-71654f1000 r--p 00000000 00:00 0 [anon:cfi shadow]
71654f1000-71e5151000 ---p 00000000 00:00 0 [anon:cfi shadow]
This change degrades CFI diagnostics for wild jumps and casts (i.e. when
the target of a CFI check is outside of any known library bounds). This
is acceptable, because CFI does not have much to tell about those cases
anyway. Such bugs will show up as SEGV_ACCERR crashes inside
__cfi_slowpath in libdl.so from now on.
Bug: 158113540
Test: bionic-unit-tests/cfi_test.*
Test: adb shell cat /proc/$PID/maps | grep cfi
Change-Id: I57cbd0d3f87eb1610ad99b48d98ffd497ba214b4
Merged-In: I57cbd0d3f87eb1610ad99b48d98ffd497ba214b4
The test reserves all memory but the minimum required to create a
thread. However, after the thread is created, native_bridge needs more
memory to translate and run the thread function.
This might be prevented by native_bridge preallocating a memory buffer
to be used for translation. But, first, this complication seems to be
needed just for this kind of tests, and, second, it is pretty flaky
regarding changes both in native_bridge and bionic.
Looks better to disable this test with native_bridge.
Bug: 67745607
Bug: 148608153
Bug: 157394871
Test: bionic-unit-tests --gtest_filter=pthread.pthread_create__mmap_failures
Change-Id: I42ce2b5a01a7d9f10d952a5fc7b75d51fa89072a
This replaces a single 2Gb readable memory region with a bunch of tiny
regions, and leaves the bulk of 2Gb mapped but unaccessible. This makes
it harder to defeat ASLR by probing for the CFI shadow region.
Sample CFI shadow mapping with this change:
7165151000-716541f000 ---p 00000000 00:00 0 [anon:cfi shadow]
716541f000-7165420000 r--p 00000000 00:00 0 [anon:cfi shadow]
7165420000-71654db000 ---p 00000000 00:00 0 [anon:cfi shadow]
71654db000-71654dc000 r--p 00000000 00:00 0 [anon:cfi shadow]
71654dc000-71654dd000 r--p 00000000 00:00 0 [anon:cfi shadow]
71654dd000-71654f0000 ---p 00000000 00:00 0 [anon:cfi shadow]
71654f0000-71654f1000 r--p 00000000 00:00 0 [anon:cfi shadow]
71654f1000-71e5151000 ---p 00000000 00:00 0 [anon:cfi shadow]
This change degrades CFI diagnostics for wild jumps and casts (i.e. when
the target of a CFI check is outside of any known library bounds). This
is acceptable, because CFI does not have much to tell about those cases
anyway. Such bugs will show up as SEGV_ACCERR crashes inside
__cfi_slowpath in libdl.so from now on.
Bug: 158113540
Test: bionic-unit-tests/cfi_test.*
Test: adb shell cat /proc/$PID/maps | grep cfi
Change-Id: I57cbd0d3f87eb1610ad99b48d98ffd497ba214b4
If an alternate signal stack is set and the frame record is in bounds of
that stack, we need to use the top of the alternate signal stack for bounds
checking rather than the normal stack.
Bug: 150215618
Change-Id: I78b760d61b27da44f8e0cfee3fe94a791011fe58
Merged-In: I78b760d61b27da44f8e0cfee3fe94a791011fe58
So the message gets flushed before the following abort.
Test: bionic-unit-tests without bionic-loader-test-libs at the expected
relative path shows the error message.
Change-Id: I53bb27a88b73c9d8f4bb76560752f99a104d71ca
This reverts commit 01fb8d7120.
Reason for revert: Re-land the test after fixing b/156397945
Bug: 156397945
Change-Id: Ie9ec5fef7a308e28d512c6438c5c06758bdbcf06
Our various fd debugging facilities get extremely confused by a vforked
process closing file descriptors in preparation to exec: fdsan can
abort, and fdtrack will delete backtraces for any file descriptors that
get closed. Keep track of whether we're in a vforked child in order to
be able to detect this.
Bug: http://b/153926671
Test: 32/64-bit bionic-unit-tests on blueline, x86_64 emulator
Change-Id: I8a082fd06bfdfef0e2a88dbce350b6f667f7df9f
(cherry picked from commit 2303283740)
Our various fd debugging facilities get extremely confused by a vforked
process closing file descriptors in preparation to exec: fdsan can
abort, and fdtrack will delete backtraces for any file descriptors that
get closed. Keep track of whether we're in a vforked child in order to
be able to detect this.
Bug: http://b/153926671
Test: 32/64-bit bionic-unit-tests on blueline, x86_64 emulator
Change-Id: I8a082fd06bfdfef0e2a88dbce350b6f667f7df9f
Change the location set in the linker
Bug: 130219528
Bug: 138994281
Test: atest CtsBionicTestCases
Test: atest CtsJniTestCases
Change-Id: I215a8e023ccc4d5ffdd7df884c809f8d12050c8f
The SYNC tagging level enables stack trace collection for allocations and
deallocations, which allows allocation and deallocation stack traces to
appear in tombstones when encountering a tag check fault in synchronous tag
checking mode.
Bug: 135772972
Change-Id: Ibda9f51b29d2c8e2c993fc74425dea7bfa23ab1e
Looks like the arguments were unintentionally swapped?
Bug: 155526611
Change-Id: I39d49f94387cfd337c89becb5eb6f85ca638bef1
Signed-off-by: Alistair Delva <adelva@google.com>
accept creates an additional socket behind the scenes to communicate
with netd. Filter out events for temporarily created, but then closed
fds to allow for this.
Bug: https://issuetracker.google.com/154450436
Test: bionic-unit-tests
Change-Id: I2168ddc60f307278e3257ffcdf591272d61d45bb
When doing checkbuild for make_fortify_compile_test.mk:
bionic/tests/clang_fortify_tests.cpp
error: 'error' diagnostics seen but not expected:
Line 171: 'mempcpy' will always overflow; destination buffer has size 8, but size argument is 9
1 error generated.
Bug: 149839606
Test: run checkbuild.
Change-Id: I97371600f6183b5cee8c2a6b976f5bf33e1f781d
(cherry picked from commit ae1745d375)
Add tests for all of our existing wrappers (with one commented out,
because it's unexpectedly generating multiple events).
Bug: https://issuetracker.google.com/154450436
Test: bionic-unit-tests
Change-Id: I552692aef952237c2eee0dabec61b7ea7fd230e3
(cherry picked from commit 9d512402d4)
Add tests for all of our existing wrappers (with one commented out,
because it's unexpectedly generating multiple events).
Bug: https://issuetracker.google.com/154450436
Test: bionic-unit-tests
Change-Id: I552692aef952237c2eee0dabec61b7ea7fd230e3
The triggering reason for this change is that the SDK snapshot
generation cannot readily handle header libraries that are required for
targets that the SDK itself isn't available for. However, these include
files shouldn't be used without Bionic anyway.
Relanding unchanged - the build problem was due to a split topic.
Test: m checkbuild (on aosp_taimen)
Test: m (on aosp_taimen_hwasan)
Test: atest CtsBionicTestCases
Test: lunch fvp-userdebug && mmm bionic
Bug: 152255951
Change-Id: Iaf49597ea265e6f2a042de5ee873238073b2e545
Reason for revert: Breaks rvc-d1-dev-plus-aosp: http://ab/6443190
Reverted Changes:
Ide447b89a:bionic_libc_platform_headers is only available whe...
Ia93cd3ec8:bionic_libc_platform_headers is only available whe...
Icdc495588:Make bionic_platform_headers available only for Bi...
Idfd7c87dc:bionic_libc_platform_headers is only available whe...
Bug: 152255951
Bug: 155269399
Change-Id: I214f1165bb0a7e59d3b35a13b3cceb1965be922b
The triggering reason for this change is that the SDK snapshot
generation cannot readily handle header libraries that are required for
targets that the SDK itself isn't available for. However, these include
files shouldn't be used without Bionic anyway.
Test: m checkbuild (on aosp_taimen)
Test: m (on aosp_taimen_hwasan)
Test: atest CtsBionicTestCases
Test: lunch fvp-userdebug && mmm bionic
Bug: 152255951
Change-Id: Icdc49558893c5355860f78d23275c49ba0119900
It's possible for malloc to return a pointer that is not going to
crash with __cfi_slowpath. It's possible to modify the cfi code
to avoid this problem, but I'm not convinced that this will be any
better at catching problems. So I'm just modifying the test so that
it will eventually allocate a pointer that does not overlap.
This previous version of the test failed on jemalloc svelte config,
but there is nothing that would not result in a failure on scudo
leading to a failure every once in a while.
Bug: 142556796
Bug: 140079007
Test: Ran bionic unit tests with jemalloc and scudo.
Change-Id: Iff45bd950d2eb33ff56dc700a2d739b5b578e090
Merged-In: Iff45bd950d2eb33ff56dc700a2d739b5b578e090
(cherry picked from commit f322483b3f)
When doing checkbuild for make_fortify_compile_test.mk:
bionic/tests/clang_fortify_tests.cpp
error: 'error' diagnostics seen but not expected:
Line 171: 'mempcpy' will always overflow; destination buffer has size 8, but size argument is 9
1 error generated.
Bug: 149839606
Test: run checkbuild.
Change-Id: I97371600f6183b5cee8c2a6b976f5bf33e1f781d
This actually breaks *all* the tests, because the bionic-unit-tests
binary crashes while running this ifunc before hwasan is set up.
A longer term fix would be to have the compiler insert a call to
__hwasan_init at the start of any ifunc resolvers.
Bug: 135772972
Test: ran tests on a hwasan build
Change-Id: I424b3035e1f76aa4b98c11346825b9ed140584ba
Previously, these tests would fail if vendors modified
private/android_filesystem_config.h to add their custom AIDs, but we
did not have a good alternative that vendors could use, so we added a
special case to ignore the vendor AID ranges.
We've had a proper solution since P for this range, so it's long past
time to remove this special case.
Test: add system, vendor, odm, product, and system_ext AIDs to
config.fs, ensure that they've taken effect on cuttlefish,
pass these unit tests
Change-Id: I6c9c2bf5e895c25805222da018188b269777171c
1) "fix the system properties design" is written for the old protocol,
so we've already changed the design. There are no other further
planned changes.
2) "don't drag in all the macros, just the types." is not likely to
happen or be particularly impactful.
3) "Find a location suitable for these functions ..." is refering to
legacy code. More likely that this code will be removed before we
find a serious reason to fix this TODO.
4) "(73062966) We still don't have a good way ..." is stale; we fixed
this bug and added the appropriate mechanism.
Test: n/a
Change-Id: I23991692cdeb81ad00844a6a1680900ff384208b
The test was failing due to a kernel vDSO that was linked without
--eh-frame-hdr. The kernel bug is fixed for at least the goldfish and
cuttlefish devices.
3d4b1ffc7eb66f198bf3
Bug: http://b/132763120
Test: bionic unit tests, on goldfish and cuttlefish
Change-Id: I5e1d819b604a4baf5b9208f0b19471f9abbcfe75
It's possible for malloc to return a pointer that is not going to
crash with __cfi_slowpath. It's possible to modify the cfi code
to avoid this problem, but I'm not convinced that this will be any
better at catching problems. So I'm just modifying the test so that
it will eventually allocate a pointer that does not overlap.
This previous version of the test failed on jemalloc svelte config,
but there is nothing that would not result in a failure on scudo
leading to a failure every once in a while.
Bug: 142556796
Bug: 140079007
Test: Ran bionic unit tests with jemalloc and scudo.
Change-Id: Iff45bd950d2eb33ff56dc700a2d739b5b578e090
The question of why the unit tests need the bootstrap bionic came up
while I was working on http://b/152572170.
Test: none
Change-Id: I08651200e2193c6ea4d3a734b59f022d69e5f154
These solves the issue that targetting non-profilable apps crashed them.
There is still a race condition between starting the app and the SIG_IGN
being installed, but that will be fixed in follow-ups.
This also does not cover programs that statically link libc, but those are
rare.
This might be reverted if we find a more general solution to
b/151835887.
Bug: 151328035
Test: java profile sysui, doesn't crash
Test: atest CtsBionicTestCases
This is a cherry-pick of 96272df35c
Change-Id: I6b99352ed50afe15a609f7ddb85312c2676ddf11
Merged-In: I6b99352ed50afe15a609f7ddb85312c2676ddf11
These solves the issue that targetting non-profilable apps crashed them.
There is still a race condition between starting the app and the SIG_IGN
being installed, but that will be fixed in follow-ups.
This also does not cover programs that statically link libc, but those are
rare.
This might be reverted if we find a more general solution to
b/151835887.
Bug: 151328035
Test: java profile sysui, doesn't crash
Test: atest CtsBionicTestCases
Change-Id: I6b99352ed50afe15a609f7ddb85312c2676ddf11
POSIX added these GNU extensions for issue 8.
I've made these always inline without the usual "until API level X"
proviso because they're single instructions that the compiler can inline
and there's really no point providing these if they add function call
overhead --- everyone should just use __builtin_ffs() and friends
instead in that case.
Bug: https://austingroupbugs.net/view.php?id=617
Test: treehugger
Change-Id: I33fc4b8648ea25917329e81c1b4c60eb9a66d667
This should make it less likely that the writer finishes before the
reader even starts. It makes the test run longer, but devices have
gotten faster suince this test was written.
Bug: 152218463
Test: Treehugger
Change-Id: I409e59071991095fb17e067760f2a5f29ede0ba2
I can't reproduce locally, but treehugger is seeing 6% flake in the
signal.sigwait64_SIGRTMIN test. It's the only test in the file with a
sleep() in it, which always makes me suspicious, and we aren't having
trouble with the (in principle) very similar sigwaitinfo() tests, so
switch over to their style.
Bug: http://b/149934069
Test: treehugger
Change-Id: I2a1193b0cbec50f6548badf7dc7175bb6a49e45f
