Fix wp and sp comparison bugs
Make clear() actually clear wp m_refs, so that nulls compare equal.
Make equality consistent with < and >, ensuring that a weak pointer
cannot be both equal to and greater than another.
Don't rely on the built-in < and > operators to correctly order
different objects. The standard does not guarantee that, and there is
a risk of compiler relying on that lack of guarantee.
Remove unnecessary comparison overloads, especially those
comparing a wp<> to an sp<>.
Change the remaining wp<> to sp<> comparisons to check for equivalence
of the mRefs pointer instead of the object address, thus eliminating
the dubious equal comparison result for a dead wp<> and an sp<> that
happen to point to the same object address.
Add comparison tests.
This reverts commit a2a2ad8057.
The original code, and my original CL, both failed to initialize m_refs
in various wp<> constructors. This now became more important, since
comparisons now rely more on m_refs. However I believe it was always
a bug, since some comparisons always relied on m_refs.
Test: Treehugger, boot AOSP, atest RefBase
Bug: 126922090
This reverts commit a2a2ad8057.
Reason for revert: Reapply after constructor fixes.
Change-Id: I2c8917416a2306e36d2b6bb7b397f653020e5688
This reverts commit 029b12ebde.
Reason for revert: There appear to be problems with null comparisons. Reported failure in HwcBufferCacheTest.
Change-Id: I19745bb281dabe8b05c2df3fe95e7be7a49dcd51
Make clear() actually clear wp m_refs, so that nulls compare equal.
Make equality consistent with < and >, ensuring that a weak pointer
cannot be both equal to and greater than another.
Don't rely on the built-in < and > operators to correctly order
different objects. The standard does not guarantee that, and there is
a risk of compiler relying on that lack of guarantee.
Remove unnecessary comparison overloads, especially those
comparing a wp<> to an sp<>.
Change the remaining wp<> to sp<> comparisons to check for equivalence
of the mRefs pointer instead of the object address, thus eliminating
the dubious equal comparison result for a dead wp<> and an sp<> that
happen to point to the same object address.
Add comparison tests.
Test: Treehugger, boot AOSP, atest RefBase
Bug: 126922090
Change-Id: I15911150e0fc85ace2c4b77d337826e12793c690
If this was strlcpy16 it wouldn't be such a bad idea, but strncpy16 is
just an accident waiting to happen...
Test: N/A
Change-Id: Id296fdeadfb9f1f70ddc8fb6d31b3b6b5178a12c
The lint rule google-default-arguments ensures that virtual or override
methods do not have default arguments, because different default values
across the hierarchy chain (e.g. Base::foo(int a=0) v.s.
Derived::foo(int a=10)) can cause confusions.
However, since the uses of the default arguments in libbinder don't lead
to such problem, suppress the warnings.
Test: WITH_TIDY=true WITH_TIDY_CHECKS=google-default-arguments m
libbinder does not show any warning about google-default-arguments
Change-Id: Ica41034ab0ad1037a0facc447ee47e0c77fa9c55
sp<>::clear() presents the same risks of heap corruption in the presence
of data races as does assignment. Add the same data race check.
Bug: 112651574
Test: Build and boot AOSP
Change-Id: I75d4eedd756d521920e61ff9187509f9145d4235
This reverts commit b9d0753d2b.
Reason for revert: Re-land with MacOS workaround.
Test: Build (on Linux) and boot AOSP, with weak symbols enabled and disabled.
Change-Id: I5150cd90367178f3b039761dca3bccc9c2987df1
This reverts commit 9d3146af22.
Reason for revert: It appears that weak symbols don't work as expected on MacOS, breaking the MacOS aapt build.
Change-Id: Ica0955106485a7bf2e2c3f09ff7910e230eb4139
Move towards crashing if a normally configured RefBase object is
destroyed without ever incrementing the reference count. We've been
threatening to do this for a long time. The previously last known
violation had been fixed.
This also fixes stack trace printing from RefBase, which had previously
been broken, and which we found necessary to track down further
violations of this rule.
Unfortunately, we found several more violations with the aid of
that fix. After existing CLs are submitted, there are
still some failures, but they are no longer numerous. Thus this CL
doesn't actually crash in the event of a violation, but does log a
verbose stack trace if it encounters one.
Bugs have been filed against the remaining known RefBase client offenders.
We plan to enable crashing on usage violations once those are fixed.
The fix for the stack trace printing breakage unfortunately requires
the use of weak symbols in order to avoid a circular build dependency.
We expect to eventually replace this with execinfo.h functionality.
Some random reformatting, driven by consistency with current formatting
requirements.
Add missing include to BacktraceMap.h.
Bug: 79112958
Bug: 30292291
Test: Boot AOSP, Master
Change-Id: I8151c54560c3b6f75ffc4c48229f0388a2066958
Switch Looper to using unique_fd for its owned file descriptors, to
benefit from fdsan.
Bug: http://b/111560345
Test: treehugger
Change-Id: I8efff7741ed19fd71f82f7e604b4f1c66fc5ea2b
These warnings are triggered by -Wextra-semi (and not -Weverything, as
incorrectly mentioned in I49b6e6af483e011632e6a34c0663c93e5c385aa6).
This warning is added to Hidl-generated libs.
To appease clang-format, this patch also fixes some extra newlines.
Test: Build
Change-Id: I63cf5d8ecba46ad87876ff21848bfff04b12ec6e
Upcoming clang update to r328903 adds a new warning:
warning: extra ';' outside of a function is incompatible with C++98
[-Wc++98-compat-extra-semi]
which is included in -Weverything.
We can just delete the extra semicolon (even though we use gnu99), and
save the extra byte.
Test: Build
Change-Id: I49b6e6af483e011632e6a34c0663c93e5c385aa6
Providing alternative suggestions for using C++ stdlib types
instead of libutils types:
- higher interoperability
- fewer "legacy" quirks
- ability to use stl algorithms
- high optimization levels
Test: none
Change-Id: If81aa9982ca0ad229fa13c8142387906981b054d
This commit removes unused class declaration for SharedBuffer and
TextOutput. SharedBuffer has become internal implementation details
since 282efae9c. TextOutput usages have been removed since 9eb2a3b1.
Test: AOSP and master build w/o problems
Change-Id: I1871c4919a46f1ea8f41fb7eb79b4dc800b6f6f4
Add NOLINT comment to work around clang-tidy
error in checking macro arguments used in
type expressions.
Bug: 28705665
Test: make with WITH_TIDY=1 WITH_TIDY_CHECKS=-*,misc-macro-* \
WITH_TIDY_FLAGS=-header-filter=system/core/.*
Change-Id: I7619978c1804e151a11a8b0477e80076bcf21cab
This is baked into too many prebuilts. Perhaps
eventually it can be removed, but this is very
unlikely.
Change-Id: Ie3f0095a7b48c8b60e548cf2d32d2d95c108b5fb
Fixes: 35363681
Enable thread safety analysis annotations for clang.
See https://clang.llvm.org/docs/ThreadSafetyAnalysis.html
for instructions on using these in the source code.
Bug: 28094863
Test: annotated
frameworks/native/services/inputflinger/InputDispatcher.cpp
and enabled '-Werror' and '-Wthread-safety' clang
compiler flags in Android.bp for inputflinger.
Observed compiler errors when accessing
instance attributes without holding a lock. Also added
a compile test Mutex_test.cpp, which can be build using
m libutils_tests and run using
/data/nativetest64/libutils_tests/libutils_tests
Change-Id: I24ce111241cc339901bc45dda8b446df5299af4a
ALOGD_IF_SLOW isn't intuitively implemented as it cannot handle
temporaries used as its parameters. Since there are so few users of
it already and since it's just sugar on top of 2 otherwise trivial
lines, we opt to remove it entirely.
Bug: 62820330
Test: Build
Change-Id: Ie91b40cdaf650154203ccf0ca70e029cc097b350
ALOGD_IF_SLOW isn't intuitively implemented as it cannot handle
temporaries used as its parameters. Since there are so few users of
it already and since it's just sugar on top of 2 otherwise trivial
lines, we opt to remove it entirely.
Bug: 62820330
Test: Build
Change-Id: Ie91b40cdaf650154203ccf0ca70e029cc097b350
Merged-In: Ie91b40cdaf650154203ccf0ca70e029cc097b350
`buffer` may not be correctly aligned here. Assignment assumes correct
alignment and so then blows up on arm32.
Bug: b/37920153
Test: build, boot device
Change-Id: I23ef7c7f1d1511fd912b9485bba955db59e33832
A mixture of fixes and cleanup for LogKlog.cpp and friends.
- sscanf calls strlen. Check if the string is missing a nul
terminator, if it is, do not call sscanf.
- replace NULL with nullptr for stronger typechecking.
- pass by reference for simpler code.
- Use ssize_t where possible to check for negative values.
- fix FastCmp to add some validity checking since ASAN reports that
callers are not making sure pre-conditions are met.
- add fasticmp templates for completeness.
- if the buffer is too small to contain a meaningful time, do not
call down to log_time::strptime() because it does not limit its
accesses to the buffer boundaries, instead stopping at a
terminating nul or invalid match.
- move strnstr to LogUtils.h, drop size checking of needle and
clearly report the list of needles used with android::strnstr
- replace 'sizeof(static const char[]) - 1' with strlen.
Test: gTest liblog-unit-test, logd-unit-tests & logcat-unit-tests
Bug: 30792935
Bug: 36536248
Bug: 35468874
Bug: 34949125
Bug: 34606909
Bug: 36075298
Bug: 36608728
Change-Id: I161bf03ba029050e809b31cceef03f729d318866
This CL blacklists some vector functions (construct, copy, splat,
move) that use reinterpret_cast on freshly allocated memory (where the
object doesn't exist yet). This is technically correct, but not
friendly for CFI, which enforces stricter checking to catch type
confusion errors. Blacklisting these specific functions from CFI does
not cause an appreciable coverage loss though, so this should be fine.
Bug: 36219323
Test: Builds and boots, and the reinterpret error goes away on CFI builds.
Test: All 98 libutils_tests pass
Change-Id: I4944b179116bb1e1608d92697e95e182d8c0ac9f
Force assignment to read the old pointer value twice, and check
that it didn't change in the interim. Previous experience with
Skia suggests that this has a high probability of correctly detecting
a data race when it occurs, instead of potentially letting the
count associated with the old pointer value get decremented twice,
and corrupting the heap.
This does increase the size of sp assignments, which seem to
commonly get inlined. For the general case, we add a third
comparison and function call.
Some code reformatting to make this consistent with modern conventions
and pass automated checks.
Test: Booted aosp build. Ran libutils tests. Looked at generated code.
Bug: 31227650
Change-Id: Id93a05c6bf10f01ee15ff1bb409611f2058f988f
This CL nukes all spurious whitespace in the two files.
Bug: 36219323
Test: Device builds and boots.
Test: All 98 libutils_tests pass
Change-Id: I8054a0f0ba5df95f5115dc06597eb9fd539da942
It had 3 clients
- one in vendor/google_athome which was disabled
- one in a device specific folder, which will die out
- and one in frameworks/base
This reverts commit 6c942304ed.
Test: compile/run
Bug: treble cleanup
Change-Id: Ia76009d550c294198c083cf89718bc498b5c9e3e