Commit graph

66 commits

Author SHA1 Message Date
Hans Boehm
6e75ad6e13 Revert "Revert "Fix wp and sp comparison bugs""
Fix wp and sp comparison bugs

Make clear() actually clear wp m_refs, so that nulls compare equal.

Make equality consistent with < and >, ensuring that a weak pointer
cannot be both equal to and greater than another.

Don't rely on the built-in < and > operators to correctly order
different objects. The standard does not guarantee that, and there is
a risk of compiler relying on that lack of guarantee.

Remove unnecessary comparison overloads, especially those
comparing a wp<> to an sp<>.

Change the remaining wp<> to sp<> comparisons to check for equivalence
of the mRefs pointer instead of the object address, thus eliminating
the dubious equal comparison result for a dead wp<> and an sp<> that
happen to point to the same object address.

Add comparison tests.

This reverts commit a2a2ad8057.

The original code, and my original CL, both failed to initialize m_refs
in various wp<> constructors. This now became more important, since
comparisons now rely more on m_refs. However I believe it was always
a bug, since some comparisons always relied on m_refs.

Test: Treehugger, boot AOSP, atest RefBase
Bug: 126922090
This reverts commit a2a2ad8057.

Reason for revert: Reapply after constructor fixes.

Change-Id: I2c8917416a2306e36d2b6bb7b397f653020e5688
2019-03-13 13:26:35 -07:00
Hans Boehm
a2a2ad8057 Revert "Fix wp and sp comparison bugs"
This reverts commit 029b12ebde.

Reason for revert: There appear to be problems with null comparisons. Reported failure in HwcBufferCacheTest.

Change-Id: I19745bb281dabe8b05c2df3fe95e7be7a49dcd51
2019-03-13 03:24:12 +00:00
Hans Boehm
029b12ebde Fix wp and sp comparison bugs
Make clear() actually clear wp m_refs, so that nulls compare equal.

Make equality consistent with < and >, ensuring that a weak pointer
cannot be both equal to and greater than another.

Don't rely on the built-in < and > operators to correctly order
different objects. The standard does not guarantee that, and there is
a risk of compiler relying on that lack of guarantee.

Remove unnecessary comparison overloads, especially those
comparing a wp<> to an sp<>.

Change the remaining wp<> to sp<> comparisons to check for equivalence
of the mRefs pointer instead of the object address, thus eliminating
the dubious equal comparison result for a dead wp<> and an sp<> that
happen to point to the same object address.

Add comparison tests.

Test: Treehugger, boot AOSP, atest RefBase
Bug: 126922090
Change-Id: I15911150e0fc85ace2c4b77d337826e12793c690
2019-03-09 21:41:37 -08:00
Elliott Hughes
d2962c8a15 Remove dead code.
If this was strlcpy16 it wouldn't be such a bad idea, but strncpy16 is
just an accident waiting to happen...

Test: N/A
Change-Id: Id296fdeadfb9f1f70ddc8fb6d31b3b6b5178a12c
2019-01-24 13:07:18 -08:00
Steven Moreland
8338072591 CallStack: include prefix/tag when unlinked
Bug: N/A
Test: manual
Change-Id: I8f7a19744af938a02d876ab81c1dafee04744f96
2019-01-03 10:17:07 -08:00
Jiyong Park
4f301cd977 Suppress lint warnings on google-default-arguments
The lint rule google-default-arguments ensures that virtual or override
methods do not have default arguments, because different default values
across the hierarchy chain (e.g. Base::foo(int a=0) v.s.
Derived::foo(int a=10)) can cause confusions.

However, since the uses of the default arguments in libbinder don't lead
to such problem, suppress the warnings.

Test: WITH_TIDY=true WITH_TIDY_CHECKS=google-default-arguments m
libbinder does not show any warning about google-default-arguments

Change-Id: Ica41034ab0ad1037a0facc447ee47e0c77fa9c55
2018-10-29 23:06:23 +09:00
Elliott Hughes
9fbebc5d55 "utils/Errors.h": include <stdint.h> for int32_t.
No need for a Unix/Windows difference here.

Bug: N/A
Test: builds
Change-Id: If7b27f939f9c13ef336d2015608f2a24db8cc96d
2018-10-16 13:17:15 -07:00
Elliott Hughes
643268f325 Move system/core/ off NO_ERROR.
It causes trouble for Windows, and OK already exists.

Bug: N/A
Test: builds
Change-Id: Ida22fd658b0ebb259c710ba39049b07c9e495d9c
2018-10-08 11:15:52 -07:00
Chih-Hung Hsieh
747eb149d0 Add noexcept to move constructors and assignment operators.
Bug: 116614593
Test: build with WITH_TIDY=1
Change-Id: I5a7461386946ca623ab509609092aa0ac8418b80
2018-10-05 16:43:47 +00:00
Hans Boehm
59cd823752 Merge "Check sp<>::clear() for data races" 2018-08-17 22:20:39 +00:00
Hans Boehm
f4f76205fe Check sp<>::clear() for data races
sp<>::clear() presents the same risks of heap corruption in the presence
of data races as does assignment. Add the same data race check.

Bug: 112651574
Test: Build and boot AOSP
Change-Id: I75d4eedd756d521920e61ff9187509f9145d4235
2018-08-17 11:40:39 -07:00
Elliott Hughes
7b6751d2f8 libutils: remove unused strzcmp16_h_n.
Bug: N/A
Test: builds
Change-Id: I864bfb3597da76cd0a4fecce67e39d5d81538764
2018-08-17 09:59:29 -07:00
Hans Boehm
2a019ecf4f Revert^2 "Prepare to fail in RefBase destructor if count is untouched"
This reverts commit b9d0753d2b.

Reason for revert: Re-land with MacOS workaround.

Test: Build (on Linux) and boot AOSP, with weak symbols enabled and disabled.

Change-Id: I5150cd90367178f3b039761dca3bccc9c2987df1
2018-08-08 16:30:12 -07:00
Hans Boehm
b9d0753d2b Revert "Prepare to fail in RefBase destructor if count is untouched"
This reverts commit 9d3146af22.

Reason for revert: It appears that weak symbols don't work as expected on MacOS, breaking the MacOS aapt build.

Change-Id: Ica0955106485a7bf2e2c3f09ff7910e230eb4139
2018-08-07 05:35:12 +00:00
Hans Boehm
9d3146af22 Prepare to fail in RefBase destructor if count is untouched
Move towards crashing if a normally configured RefBase object is
destroyed without ever incrementing the reference count. We've been
threatening to do this for a long time. The previously last known
violation had been fixed.

This also fixes stack trace printing from RefBase, which had previously
been broken, and which we found necessary to track down further
violations of this rule.

Unfortunately, we found several more violations with the aid of
that fix. After existing CLs are submitted, there are
still some failures, but they are no longer numerous. Thus this CL
doesn't actually crash in the event of a violation, but does log a
verbose stack trace if it encounters one.

Bugs have been filed against the remaining known RefBase client offenders.
We plan to enable crashing on usage violations once those are fixed.

The fix for the stack trace printing breakage unfortunately requires
the use of weak symbols in order to avoid a circular build dependency.
We expect to eventually replace this with execinfo.h functionality.

Some random reformatting, driven by consistency with current formatting
requirements.

Add missing include to BacktraceMap.h.

Bug: 79112958
Bug: 30292291
Test: Boot AOSP, Master
Change-Id: I8151c54560c3b6f75ffc4c48229f0388a2066958
2018-08-03 17:56:47 -07:00
Josh Gao
2d08ae57d4 libutils: switch Looper's fds to unique_fd.
Switch Looper to using unique_fd for its owned file descriptors, to
benefit from fdsan.

Bug: http://b/111560345
Test: treehugger
Change-Id: I8efff7741ed19fd71f82f7e604b4f1c66fc5ea2b
2018-07-18 18:12:12 -07:00
Yi Kong
e1731a4f2e [libutils] Modernize codebase by replacing NULL with nullptr
Fixes -Wzero-as-null-pointer-constant warning.

Test: m
Bug: 68236239
Change-Id: I5e89ec8c42151875439d2656475a8739ab9cb7dc
2018-07-16 18:11:34 -07:00
Yi Kong
c1a1562548 Modernize codebase by replacing NULL with nullptr
Fixes -Wzero-as-null-pointer-constant warning for binder.

Test: m
Bug: 68236239
Change-Id: I8184bd6aa4ebff1bd8c88dad16886e98df853b03
2018-07-13 15:28:59 -07:00
Pirama Arumuga Nainar
90affce0c8 Remove more semicolons at the end of namespaces
These warnings are triggered by -Wextra-semi (and not -Weverything, as
incorrectly mentioned in I49b6e6af483e011632e6a34c0663c93e5c385aa6).
This warning is added to Hidl-generated libs.

To appease clang-format, this patch also fixes some extra newlines.

Test: Build
Change-Id: I63cf5d8ecba46ad87876ff21848bfff04b12ec6e
2018-04-11 23:14:13 -07:00
Pirama Arumuga Nainar
eab48ce0d5 Remove extra semicolon at end of namespace
Upcoming clang update to r328903 adds a new warning:
  warning: extra ';' outside of a function is incompatible with C++98
  [-Wc++98-compat-extra-semi]

which is included in -Weverything.

We can just delete the extra semicolon (even though we use gnu99), and
save the extra byte.

Test: Build

Change-Id: I49b6e6af483e011632e6a34c0663c93e5c385aa6
2018-04-10 22:10:54 +00:00
Treehugger Robot
51c2088f3b Merge "Usage suggestions." 2017-12-19 20:32:29 +00:00
Steven Moreland
b8f152d3e2 Usage suggestions.
Providing alternative suggestions for using C++ stdlib types
instead of libutils types:
- higher interoperability
- fewer "legacy" quirks
- ability to use stl algorithms
- high optimization levels

Test: none
Change-Id: If81aa9982ca0ad229fa13c8142387906981b054d
2017-12-19 01:16:00 +00:00
Steven Moreland
8edb49060a Remove CompileTimeIfElse.
- not used anywhere
- equivalent to std::conditional

Test: none
Bug: none
Change-Id: Iffc00acb899d5159359d60c09443c7d2d7fdf2a0
2017-12-18 15:52:50 -08:00
Logan Chien
20f7dc7041 libutils: Cleanup unused class declaration
This commit removes unused class declaration for SharedBuffer and
TextOutput.  SharedBuffer has become internal implementation details
since 282efae9c.  TextOutput usages have been removed since 9eb2a3b1.

Test: AOSP and master build w/o problems
Change-Id: I1871c4919a46f1ea8f41fb7eb79b4dc800b6f6f4
2017-11-22 18:31:10 +08:00
Chih-Hung Hsieh
122352d983 Use -Werror in system/core
* Move -Wall -Werror from cppflags to cflags.
* Fix/suppress warning on unused variables.

Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: I1e05e96a1d0bcb2ccef1ce456504b3af57167cc5
2017-11-01 11:32:55 -07:00
Jeff Sharkey
147b881ca9 Add "operator bool" overload to android::sp.
This matches the overload on std::unique_ptr and friends.

Test: builds, boots
Bug: 13758960
Change-Id: Ieed9faa6b162c2a10fa7cf2b135c9b17564f6c88
2017-09-13 11:06:07 -06:00
Steven Moreland
7170d5bf24 Merge "Remove TODOs for std::string removal."
am: ceb7814c86

Change-Id: Iab64291aec5edd44ebf8856fb2d24c6d0e779bed
2017-08-02 20:49:46 +00:00
Treehugger Robot
ceb7814c86 Merge "Remove TODOs for std::string removal." 2017-08-02 20:35:45 +00:00
Chih-Hung Hsieh
dfaa20c069 Merge "Fix misc-macro-parentheses warnings in system/core."
am: e4bd153e55

Change-Id: I6b38149a0fa15874eff68cbf7ee62e4acd41c595
2017-08-01 23:26:06 +00:00
Chih-Hung Hsieh
85244e8bc2 Fix misc-macro-parentheses warnings in system/core.
Add NOLINT comment to work around clang-tidy
error in checking macro arguments used in
type expressions.

Bug: 28705665
Test: make with WITH_TIDY=1 WITH_TIDY_CHECKS=-*,misc-macro-* \
      WITH_TIDY_FLAGS=-header-filter=system/core/.*

Change-Id: I7619978c1804e151a11a8b0477e80076bcf21cab
2017-08-01 22:12:57 +00:00
Steven Moreland
c8ddc2bad0 Remove TODOs for std::string removal.
This is baked into too many prebuilts. Perhaps
eventually it can be removed, but this is very
unlikely.

Change-Id: Ie3f0095a7b48c8b60e548cf2d32d2d95c108b5fb
Fixes: 35363681
2017-07-31 17:53:13 -07:00
Siarhei Vishniakou
f23f21a231 Merge "Add thread safety analysis annotations."
am: e7ce8c8485

Change-Id: I4963b623b6e5a190bfee1dcfec01fe009ba0e94f
2017-07-25 21:42:54 +00:00
Treehugger Robot
e7ce8c8485 Merge "Add thread safety analysis annotations." 2017-07-25 21:37:27 +00:00
Siarhei Vishniakou
4e5b69134b Add thread safety analysis annotations.
Enable thread safety analysis annotations for clang.
See https://clang.llvm.org/docs/ThreadSafetyAnalysis.html
for instructions on using these in the source code.

Bug: 28094863
Test: annotated
frameworks/native/services/inputflinger/InputDispatcher.cpp
and enabled '-Werror' and '-Wthread-safety' clang
compiler flags in Android.bp for inputflinger.
Observed compiler errors when accessing
instance attributes without holding a lock. Also added
a compile test Mutex_test.cpp, which can be build using
m libutils_tests and run using
/data/nativetest64/libutils_tests/libutils_tests

Change-Id: I24ce111241cc339901bc45dda8b446df5299af4a
2017-07-21 13:25:42 -07:00
Tom Cherry
b648daaa40 Remove ALOGD_IF_SLOW
ALOGD_IF_SLOW isn't intuitively implemented as it cannot handle
temporaries used as its parameters.  Since there are so few users of
it already and since it's just sugar on top of 2 otherwise trivial
lines, we opt to remove it entirely.

Bug: 62820330
Test: Build

Change-Id: Ie91b40cdaf650154203ccf0ca70e029cc097b350
2017-07-14 19:51:57 +00:00
Tom Cherry
08678e1f8b Remove ALOGD_IF_SLOW
ALOGD_IF_SLOW isn't intuitively implemented as it cannot handle
temporaries used as its parameters.  Since there are so few users of
it already and since it's just sugar on top of 2 otherwise trivial
lines, we opt to remove it entirely.

Bug: 62820330
Test: Build

Change-Id: Ie91b40cdaf650154203ccf0ca70e029cc097b350
Merged-In: Ie91b40cdaf650154203ccf0ca70e029cc097b350
2017-07-12 17:59:12 +00:00
Chris Forbes
c46cbcbbf9 libutils: Make LightFlattenablePod safe for unaligned ptr
`buffer` may not be correctly aligned here. Assignment assumes correct
alignment and so then blows up on arm32.

Bug: b/37920153
Test: build, boot device
Change-Id: I23ef7c7f1d1511fd912b9485bba955db59e33832
2017-05-04 10:18:26 -07:00
Mathias Agopian
44cee05904 split LightRefBase out of RefBase
Bug: 36532900
Test: compiled
Change-Id: I3088e1a219e04cf924744d3a0c2d374918bb6395
2017-03-29 20:39:06 +00:00
Mark Salyzyn
02ce4262dc Merge changes I96998c4b,I161bf03b am: dd0cd8d88f am: f17500474a
am: 77a1fa9070

Change-Id: I5b296f6c1b01a8b2dc51c7ebbd44d599a3aa49c1
2017-03-27 22:42:44 +00:00
Mark Salyzyn
0484b3b575 logd: ASAN cleansing
A mixture of fixes and cleanup for LogKlog.cpp and friends.

- sscanf calls strlen.  Check if the string is missing a nul
  terminator, if it is, do not call sscanf.
- replace NULL with nullptr for stronger typechecking.
- pass by reference for simpler code.
- Use ssize_t where possible to check for negative values.
- fix FastCmp to add some validity checking since ASAN reports that
  callers are not making sure pre-conditions are met.
- add fasticmp templates for completeness.
- if the buffer is too small to contain a meaningful time, do not
  call down to log_time::strptime() because it does not limit its
  accesses to the buffer boundaries, instead stopping at a
  terminating nul or invalid match.
- move strnstr to LogUtils.h, drop size checking of needle and
  clearly report the list of needles used with android::strnstr
- replace 'sizeof(static const char[]) - 1' with strlen.

Test: gTest liblog-unit-test, logd-unit-tests & logcat-unit-tests
Bug: 30792935
Bug: 36536248
Bug: 35468874
Bug: 34949125
Bug: 34606909
Bug: 36075298
Bug: 36608728
Change-Id: I161bf03ba029050e809b31cceef03f729d318866
2017-03-27 13:32:57 -07:00
Vishwath Mohan
c94c4d269a Merge "Blacklist some vector functions for CFI." 2017-03-23 23:14:48 +00:00
Vishwath Mohan
27a7aa0f59 Blacklist some vector functions for CFI.
This CL blacklists some vector functions (construct, copy, splat,
move) that use reinterpret_cast on freshly allocated memory (where the
object doesn't exist yet). This is technically correct, but not
friendly for CFI, which enforces stricter checking to catch type
confusion errors. Blacklisting these specific functions from CFI does
not cause an appreciable coverage loss though, so this should be fine.

Bug: 36219323
Test: Builds and boots, and the reinterpret error goes away on CFI builds.
Test: All 98 libutils_tests pass
Change-Id: I4944b179116bb1e1608d92697e95e182d8c0ac9f
2017-03-23 14:37:12 -07:00
Adam Lesinski
aa1d43230c Merge "libziparchive: fix mac os breakage" am: 390f3b364c am: 7cfe1d69b0
am: cdbadafb4a

Change-Id: Ie327879eaea542911603640e36f0d867e05afd61
2017-03-23 21:12:58 +00:00
Adam Lesinski
b02d690336 libziparchive: fix mac os breakage
Add ftruncate64 to utils/Compat.h definitions for mac.

Change-Id: I82cb46927be911e867b606f4f4429a5e1b1987f7
Test: builds on mac
2017-03-23 12:02:09 -07:00
Hans Boehm
d9bcc37269 Merge "Add heuristic data race detection to sp<>" am: 04abdc6153 am: 12d6afe6f1
am: 764d347183

Change-Id: I6a27520e80c2adefe30b0d04ce7e470188d3ad99
2017-03-19 04:56:09 +00:00
Hans Boehm
7f0b2601d3 Add heuristic data race detection to sp<>
Force assignment to read the old pointer value twice, and check
that it didn't change in the interim. Previous experience with
Skia suggests that this has a high probability of correctly detecting
a data race when it occurs, instead of potentially letting the
count associated with the old pointer value get decremented twice,
and corrupting the heap.

This does increase the size of sp assignments, which seem to
commonly get inlined. For the general case, we add a third
comparison and function call.

Some code reformatting to make this consistent with modern conventions
and pass automated checks.

Test: Booted aosp build. Ran libutils tests. Looked at generated code.

Bug: 31227650

Change-Id: Id93a05c6bf10f01ee15ff1bb409611f2058f988f
2017-03-17 17:47:28 -07:00
TreeHugger Robot
6258cfee90 Merge "Formatting changes for TypeHelpers.h and Vectors.h" 2017-03-16 07:38:32 +00:00
Vishwath Mohan
fc3f57acbb Formatting changes for TypeHelpers.h and Vectors.h
This CL nukes all spurious whitespace in the two files.

Bug: 36219323
Test: Device builds and boots.
Test: All 98 libutils_tests pass
Change-Id: I8054a0f0ba5df95f5115dc06597eb9fd539da942
2017-03-15 22:48:27 -07:00
Mathias Agopian
f520b73103 Get rid of LinearTransform
It had 3 clients
- one in vendor/google_athome which was disabled
- one in a device specific folder, which will die out
- and one in frameworks/base

This reverts commit 6c942304ed.

Test: compile/run
Bug: treble cleanup

Change-Id: Ia76009d550c294198c083cf89718bc498b5c9e3e
2017-03-15 14:16:13 -07:00
Ian Pedowitz
6c942304ed Revert "get rid of LinearTransform"
This reverts commit bcd592053a.

Bug: 36206160
Test:  Fugu compiles, didn't before the revert
Change-Id: Id80fd4ce9db3fce03b049cf81f938187c7ddb8b0
2017-03-14 08:11:41 +00:00