String16's ctors already handle static strings, so we don't need a
specialized constructor which accepts StaticString16.
Bug: n/a
Test: libutils_test
Change-Id: I93a1ba70d743ff9c73f113d53ffba73cef6adade
String16 is still in use by AIDL compiler. Because String16 is not
noexcept-move-constructible, the C++ compiler will complain when it is
used with non-copyable types (such as ParcelFileDescriptor).
For example, when vector<Foo> is resized, copy-ctor of Foo is called,
which is not available.
parcelable Foo {
String s;
ParcelFileDescriptor[] pfds;
}
By providing noexcept move-ctor for String16, vector<Foo> can be resized
with no problem.
Btw, copy from StaticString16 is specialized for efficiency and move
from StaticString16 don't need to be different from copy.
Bug: 192136980
Test: libutils_test
Change-Id: I13744a2ceebf5781c3ef7f3a04237a6750b0db0a
Fixes a compiler warning for implicit conversion changes from signed
to unsigned which surfaced when refactoring native input libraries.
Add an explicit cast to avoid adding -Wno-sign-conversion compile
flags.
Test: b libsurfaceflinger_unittest
Bug: b/188792659
Change-Id: I1b9309c3530d6063d5cefcaa31af84d9cebc3f5d
Merged-In: I8866aef7f09ca5173604abe18c586b68bbf12ed6
Fixes a compiler warning for implicit conversion changes from signed
to unsigned which surfaced when refactoring native input libraries.
Add an explicit cast to avoid adding -Wno-sign-conversion compile
flags.
Test: b libsurfaceflinger_unittest
Change-Id: I8866aef7f09ca5173604abe18c586b68bbf12ed6
This function, ironically, is being removed.
Even more amusing, it was never "remove" anyway --- it literally did
the opposite, and removed everything *except* the range you passed to
it, and should probably have been called "keep"!
I'm looking at reimplementing much of libutils, but first I'm improving
test coverage, and literally every test I wrote for this failed. And
then when I fixed the "obvious bugs" in the implementation, I found
there actually were a couple of existing unit tests --- that mostly
served to demonstrate just how counter-intuitive this function was.
Bug: http://b/156999009
Test: treehugger
Change-Id: I41fd85f7c0988070f4039f607d2e57523d862ed9
These tests are only in internal right now, preventing me from removing
this function entirely. So let's get them out of the way...
Test: treehugger
Ignore-AOSP-First: workaround for presubmit merge conflict
Bug: http://b/35267372
Change-Id: Ib5de178ffad833c87e8e93bfd33e85a0ff504ac0
It's not tested, and it's not used. Also remove the fuzzer which is just
wasting CPU cycles.
This gets us to 100% function coverage, 100% line coverage, and N/A
branch coverage for StopWatch.
Test: treehugger
Change-Id: Ib5e08510ef1046a6f2af3f0b8a1c317a8bb39fd4
This dates from when libutils was still part of frameworks, and talks
about stuff that *didn't* move out of frameworks.
Test: treehugger
Change-Id: Icf22eebc417bcb37abdbfdc89e9a3f14894e18c2
Allow LightRefBase to be used with
ANDROID_UTILS_REF_BASE_DISABLE_IMPLICIT_CONSTRUCTION, mainly for
libhwui.
Bug: N/A
Test: libutils_test
Change-Id: I251c874a80f0a069572bc51da45f8f8e74ba6f5b
This test previously expected failure - a machine which does not have
2GiB of memory. However, while today is becoming the past,
2GiB allocations working is no longer a dream of the future!
Fixes: 186569165
Test: libutils_test
Change-Id: I6a9ed608c0989d415b4e7735b8a451b8928b4083
Make it easier to see reference to usage documentation, as requested in
review.
Bug: 184190315
Test: libutils_test
Change-Id: If9056e35b1c7a779dd78f2b986ad10d02f25eaf3
Actually, it looks like it's only toLower() that's used, so let's remove
toUpper() separately, since it's so easy.
Test: treehugger
Change-Id: I8fae9fa513b2a34d5bd6b3f64e9305a1ee3c1ec4
I want to remove these bad ASCII-only APIs completely, but it might be
easier to remove the range variants first.
Test: treehugger
Change-Id: I4c11f959a7bd8e670708cc03281ea72e9c461ff7
If you need to do a case transformation for a Unicode string, you need
to use icu4c. This only worked for ASCII, which is just silly. Luckily
it doesn't seem to be used anywhere.
Test: treehugger
Change-Id: I4a864823ec35a0b57b50909587cc3efac3f531a7
Merged-In: I4a864823ec35a0b57b50909587cc3efac3f531a7
(cherry picked from commit c74d97c854)
This API was tested before, but it wasn't used until it is needed in
libbinder. Previously it passed the tests because wp::operator==
compares weak_ptrs which are never deleted, but it doesn't check the
value of m_ptr as well. This assumes that the RefBase implementation is
self-consistent.
Future considerations:
- add additional CHECK (perf?)
- add an additional optional CHECK?
- update all refbase tests to use an embellished form of this operator
Bug: 184190315
Test: libutils_test, boot and kill process when libbinder is using this
API
Change-Id: I66c97386d769529d5efae48e06775d4b4a344025
If you need to do a case transformation for a Unicode string, you need
to use icu4c. This only worked for ASCII, which is just silly. Luckily
it doesn't seem to be used anywhere.
Test: treehugger
Change-Id: I4a864823ec35a0b57b50909587cc3efac3f531a7
Merged-In: I4a864823ec35a0b57b50909587cc3efac3f531a7
Previously, sp::sp(T*) internally had a static cast, and people
frequently wrote code like this:
sp<A> a = ...;
sp<B> b(a.get()); // implicit static cast
Luckily, none of the other sp constructors have this implicit cast. So,
for explicit code, rather than making those use static_cast internally,
adding an sp::cast function.
Bug: 184190315
Test: use in libbinder
Change-Id: Id205c88d03e16cf85ccb8f493ce88b4bbc65a688
In form, inspired by ANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION.
We get occasional bugs about sp double-ownership. When this flag is
enabled, we have:
- you must construct RefBase objects using sp<>::make
- you must construct wp<> objects by converting them to sp<>
- if you want to convert a raw pointer to an sp<> object (this is
possible since the refcount is used internally, and is used commonly
on this*), then you must use 'assertStrongRefExists' semantics which
aborts if there is no strong ref held. That is, if a client uses
std::make_shared and then calls a function which internally used to
call `sp<T>(this)`, you would now call
`sp<T>::assertStrongRefExists(this)`, and the double ownership
problem would become a runtime error.
Bug: 184190315
Test: libutils_test
Change-Id: Ie18d3146420df1808e3733027070ec234dda4e9d
vendor_available modules were available to product modules.
However, not all vendor_available modules are required to be
available to product modules. Some modules want to be available only
to product modules but not vendor modules.
To cover the requirement, we separate product_available from
vendor_available.
vendor_available will not provide product available module.
Rename libcutils/include_vndk to libcutils/include_outside_system as
it provides the headers to the modules outside the system partition
including /product.
Bug: 150902910
Test: build
Change-Id: I791b5a6a1dc99442065debfce6fa0f54a335fcea
Restrucures this fuzzer to be far more robust and less brittle.
Fix: 163727995
Fix: 163449137
Test: libutils_fuzz_refbase clusterfuzz-testcase-minimized-libutils_fuzz_refbase-5674315436261376
Test: libutils_fuzz_refbase clusterfuzz-testcase-minimized-libutils_fuzz_refbase-5731662044069888
Test: libutils_fuzz_refbase clusterfuzz-testcase-minimized-libutils_fuzz_refbase-5081777218256896
Signed-off-by: Dylan Katz <dylan.katz@leviathansecurity.com>
Change-Id: I239298dc2895a06af5a126e9ca2ae452579e5cc0
* changes:
libprocessgroup_headers: make vendor_ramdisk_available.
libdebuggerd_handler_fallback: make vendor_ramdisk_available.
libcutils: make vendor_ramdisk_available.
libpropertyinfoparser: make vendor_ramdisk_available.
This requires a few other changes to support building libutils
properly. It does appear the windows versions of libutils is
referencing CallStack code, but it doesn't seem to cause any problems.
However, I removed those references completely for the windows build.
Also removed a few extra spaces that seem to have accumulated in the
RefBase.cpp.
Bug: 170465278
Test: Builds and libutils unit tests pass.
Change-Id: Ibeee7791b13636b34bdd592c5420fd91620f752a
Allocating the entire address space is sufficiently unreasonable that
hwasan blows you out of the water if you try to do that. Half the
address space feels like it's large enough to be guaranteed to fail
(which is all I think this intended to test) without being quite so
obviously incorrect that tools like hwasan are going to object...
...except hwasan actually has a 2GiB limit. So let's keep the cleanup,
but also just disable these tests if they're running under hwasan for
now.
Bug: https://issuetracker.google.com/171054277
Test: treehugger
Change-Id: I41f3def5c3a43aa7f9ca3a130b4306ebed659d6a
Missed a review point made, added the license header to FuzzFormatTypes
Test: Compiled code
Signed-off-by: Dylan Katz <dylan.katz@leviathansecurity.com>
Change-Id: Ib8f32b802ec207d0483772c38a0a741e0dd1f151
The class being fuzzed here was too simple for a fuzzer to be effective at finding crashes that were not working as intended.
To resolve the issue noted in 163775285 would require the fuzzer to simply use RWLock exactly as intended, defeating the point of fuzzing it.
Because of this, we have made the decision to remove this class. It should have a fairly small impact on coverage. In the future,
perhaps a better approach would be fuzzing pthread's rwlock methods directly.
Test: Made sure the project still builds without RWLock_fuzz.
Signed-off-by: Dylan Katz <dylan.katz@leviathansecurity.com>
Change-Id: Id5e77d053dc800a982176802dc506d26b54d810f
The input code is the only customer of PropertyMap. For easier
maintenance and eventual removal of it, move it to libinput.
Currently, the caller is responsible for managing the lifecycle of the
returned outMap when calling PropertyMap::load. However, the fact that
the function call allocates new memory is not obvious from the function
signature.
In a separate commit, I will refactor the function to return
Result<unique_ptr<>> to make it less errorprone.
In this commit, only move the files around to make code reviews easier.
Bug: 163171599
Test: atest inputflinger_tests
Change-Id: I316084886c3f09a1776fdb449d2f03d0563b66c1
In https://android-review.googlesource.com/c/platform/system/core/+/1224544
when we introduced a default argument to androidSetThreadPriority(),
we broke C compatibility with this API, and with the header file
in general.
We fix this up by instead introducing a new method that takes
three arguments. This gets this header file compiling for C again,
and keeps this particular API C compatible.
Any C++ callers of the three argument version of
androidSetThreadPriority() will need to switch to using
androidSetThreadPriorityAndPolicy(). Although since this was
a recent change, we believe there is only one such user, which
we are fixing at the same time.
Test: TreeHugger
Bug: 165009705
Merged-In: Iab0b7e6c91a8e32a17ba1b186fd0c2fe96b601e4
Change-Id: Iab0b7e6c91a8e32a17ba1b186fd0c2fe96b601e4
In https://android-review.googlesource.com/c/platform/system/core/+/1224544
when we introduced a default argument to androidSetThreadPriority(),
we broke C compatibility with this API, and with the header file
in general.
We fix this up by instead introducing a new method that takes
three arguments. This gets this header file compiling for C again,
and keeps this particular API C compatible.
Any C++ callers of the three argument version of
androidSetThreadPriority() will need to switch to using
androidSetThreadPriorityAndPolicy(). Although since this was
a recent change, we believe there is only one such user, which
we are fixing at the same time.
Test: TreeHugger
Bug: 165009705
Change-Id: Iab0b7e6c91a8e32a17ba1b186fd0c2fe96b601e4
I stumbled across this because of the `#ifdef __cplusplus` inside an
unguarded `namespace`, but this whole file should be deprecated and
removed in favor of static_assert.
Test: treehugger
Change-Id: I2b65db67e694115e915f0cc9d762b0fd41a7d2af
For encoding errors, this function will return a negative value which
causes problems down the line. Check for an error and return. Also,
integer overflows are guarded.
Bug: 161894517
Test: fuzzer test case
Change-Id: Ia85067d4258bde4b875c832d6223db5dd26b8838
Merged-In: Ia85067d4258bde4b875c832d6223db5dd26b8838
(cherry picked from commit ee22384c54)
For encoding errors, this function will return a negative value which
causes problems down the line. Check for an error and return. Also,
integer overflows are guarded.
Bug: 161894517
Test: fuzzer test case
Change-Id: Ia85067d4258bde4b875c832d6223db5dd26b8838
Merged-In: Ia85067d4258bde4b875c832d6223db5dd26b8838
For encoding errors, this function will return a negative value which
causes problems down the line. Check for an error and return. Also,
integer overflows are guarded.
Bug: 161894517
Test: fuzzer test case
Change-Id: Ia85067d4258bde4b875c832d6223db5dd26b8838
std::bitset<> doesn't have exact replacements for all of the
functionality of BitSet32/64, so there are still places we want to use
these classes.
Bug: 160010896
Test: test BitSet_test.cpp
Change-Id: Ica59a138e014d82139fb6dcea0597a207faecc2a
Since tolower/toupper take and return integer arguments, ascii chars in
the extended range will be converted from positive int values to
negative char values. In order to silence an error here, which was added
recently with integer sanitization here, casting explicitly.
Fixes: 160831549
Test: w/ libutils_fuzz_string8
Change-Id: Iedcd6643f95f84ce662a80e38931d918a200f508
Most of the built-in functions return signed values but BitSet deals
only in unsigned values. We can safely cast these away though as they're
always indices, which can't be negative.
Bug: 160010896
Test: atest inputflinger_tests, atest libinput_tests
Change-Id: I6e0b33972fabcd41ad1c269ea0e2a07b13b33c12
Use the new "data_libs:" to specify test library dependency. This is
like "data:" and it treats compiled libraries as test data files.
The result is libutils_test_singleton{1,2} is picked up by libutils_test
and installed next to the test binary.
Mark the test libs libutils_test_singleton{1,2} as uninstallable. This
prevents installing libutils_test_singleton{1,2} directly and only
permits installing via "data_libs:".
```
$ m libutils_test
testcases
└── libutils_test
├── arm
│ ├── libutils_test
│ ├── libutils_test_singleton1.so
│ └── libutils_test_singleton2.so
├── arm64
│ ├── libutils_test
│ ├── libutils_test_singleton1.so
│ └── libutils_test_singleton2.so
└── libutils_test.config
```
Bug: 124838889
Test: atest libutils_test
Change-Id: I432135e128fc9eedb1b8c18a331957e271d8b0f0
Instead of aborting when FileMap::create detects an overflow, detect the
overflow directly and fail the call.
Bug: 156997193
Test: Ran unit tests, including new unit test that aborted before.
Change-Id: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
Merged-In: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
(cherry picked from commit 68604b9c29)
Instead of aborting when FileMap::create detects an overflow, detect the
overflow directly and fail the call.
Bug: 156997193
Test: Ran unit tests, including new unit test that aborted before.
Change-Id: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
Merged-In: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
(cherry picked from commit 68604b9c29)
Instead of aborting when FileMap::create detects an overflow, detect the
overflow directly and fail the call.
Bug: 156997193
Test: Ran unit tests, including new unit test that aborted before.
Merged-In: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
Change-Id: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
(cherry picked from commit 68604b9c29)
Instead of aborting when FileMap::create detects an overflow, detect the
overflow directly and fail the call.
Bug: 156997193
Test: Ran unit tests, including new unit test that aborted before.
Change-Id: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
Adds fuzzers for BitSet, FileMap, String8, String16, and Vector.
Test: Ran fuzzers on Android Pixel 3a. Aggregate coverage was 1.2% (this is far lower than true coverage due to shared libraries being counted)
Change-Id: I739216fe88afa51dc2f73b857da91116853382f0
Removed unneeded cflags, moved libbase to defaults
Test: Built Android.bp successfully
Signed-off-by: Dylan Katz <dylan.katz@leviathansecurity.com>
Change-Id: I739216fe88afa51dc2f73b857da91116853382f0
If the policy has been changed already, we do not need to change
it again.
Bug: 139521784
Test: functionality verified
Change-Id: I251db1d3f874896ba9be68df87209e7e514b80f9
Modules contributing mainline modules (APK/APEX) should set
min_sdk_version as well as apex_available.
For now setting min_sdk_version doesn't change build outputs.
But build-time checks will be added soon.
Bug: 152655956
Test: m
Merged-In: Ida890adfe6dfac79267fc0e18b63d2330266438c
Change-Id: Ida890adfe6dfac79267fc0e18b63d2330266438c
(cherry picked from commit 7ea0d74bc8)
Modules contributing mainline modules (APK/APEX) should set
min_sdk_version as well as apex_available.
For now setting min_sdk_version doesn't change build outputs.
But build-time checks will be added soon.
Bug: 152655956
Test: m
Change-Id: Ida890adfe6dfac79267fc0e18b63d2330266438c
Add an inline for mmap64 to use on mac.
Bug: 155662887
Bug: 156053599
Test: Builds.
Change-Id: Id02e2c2f40acea2bdef604e9b80b70a85a941927
(cherry picked from commit 8a6dff22dc)
The code was using an off64_t but calling mmap. This caused the code
to abort on 32 bit.
Add a unit test that would abort on the previous version.
Bug: 155662887
Test: New unit test passes.
Change-Id: I7a6efbc0d4227403c3d08a08deea56f239382157
Merged-In: I7a6efbc0d4227403c3d08a08deea56f239382157
(cherry picked from commit 7b9f35c9de)
The code was using an off64_t but calling mmap. This caused the code
to abort on 32 bit.
Add a unit test that would abort on the previous version.
Bug: 155662887
Test: New unit test passes.
Change-Id: I7a6efbc0d4227403c3d08a08deea56f239382157
const parameters can't be moved but only get copied -
removed const
Bug: 153704006
Test: builds & boots
Change-Id: If7e2250325bf1bc498afd3539f60bcb075a1d43b
The marked library(ies) were available to the APEXes via the hand-written
whitelist in build/soong/apex/apex.go. Trying to remove the whitelist
by adding apex_available property to the Android.bp of the libraries.
In this change, following libs were made available to all apexes because
their usage is quite common and there is no reason to restrict them
to some APEXes.
* libbase_headers
* libcutils, libcutils_headers
* libutils_headers, libsystem_headers
* liblog_headers
* libbacktrace, libbacktrace_headers
* libcrypto_utils
Exempt-From-Owner-Approval: cherry-pick from aosp
Bug: 150999716
Test: m
Merged-In: If3d3652e6604ed4f6d7694fe7ac61ae496621026
(cherry picked from commit 8bf9b1632e)
Change-Id: If3d3652e6604ed4f6d7694fe7ac61ae496621026
The marked library(ies) were available to the APEXes via the hand-written
whitelist in build/soong/apex/apex.go. Trying to remove the whitelist
by adding apex_available property to the Android.bp of the libraries.
In this change, following libs were made available to all apexes because
their usage is quite common and there is no reason to restrict them
to some APEXes.
* libbase_headers
* libcutils, libcutils_headers
* libutils_headers, libsystem_headers
* liblog_headers
* libbacktrace, libbacktrace_headers
* libcrypto_utils
Bug: 150999716
Test: m
Change-Id: If3d3652e6604ed4f6d7694fe7ac61ae496621026