Clang's assert_capability and assert_shared_capability annotations are
nonfunctional until https://reviews.llvm.org/rL309725 is relanded and
makes its way into our toolchain. Work around this by using the
equivalent assert_lock and assert_shared_lock.
Bug: http://b/64226736
Test: manual
Change-Id: I40711f162ea1d492f1e0b3eff88bf6ae6d995e2f
As a VNDK-SP module, Android.bp must have 'vndk' tag as well as
'vendor_available: true'.
The 'vndk' tag for VNDK-SP formated as follows:
vndk: {
enabled: true,
support_system_process: true,
},
VNDK-SP modules will be installed both in system/lib(64) as normal
and in system/lib(64)/vndk-sp as a vendor variant.
Bug: 63866913
Test: build and boot with BOARD_VNDK_VERSION=current
Change-Id: I51fe0859f63ad58b7b91909e7d7d4206443228cd
The use of ReadAtOffset is meant to allow concurrent access
to the zip archive once it has been loaded. There were places
where this was the case, and some places that did a seek + read
combination, which could lead to data races.
NOTE: On Windows, we are not using pread as the implementation of
ReadAtOffset, therefore the guarantees on Windows are weaker.
On Linux, pread allows the file descriptor to be read at a specific
offset without changing the read pointer. This allows inherited fd's
and duped fds to be read concurrently.
On Windows, we use the ReadFile API, which allows for an atomic seek +
read operation, but modifies the read pointer. This means that any mix
use of ReadAtOffset and Read will have races. Just using ReadAtOffset is
safe.
For the Windows case, this is fine as the libziparchive code now only
uses ReadAtOffset.
Bug: 62184114
Bug: 62101783
Test: make ziparchive-tests (existing tests pass)
Change-Id: Ia7f9a30af2216682cdd9d578d26e84bc46773bb9
clang is the default compiler since Android nougat
Test: mma & verified it´s still build with clang
Change-Id: I34adaeef2f6558a09f26027271222bad94780507
Signed-off-by: Lennart Wieboldt <lennart.1997@gmx.de>
* Update android::base::utf8::open/unlink to support Windows long
paths
* Add android::base::utf8::fopen, also with support for Windows long
paths
* Upcoming CLs will add additional APIs to support additional use cases
Test: Added tests to utf8_test
Bug: 38268753
Change-Id: If72af327f3487766f5370a2f43ee9cabd4a8a810
::android::base::GetMinimumLogSeverity() is defined externally, so the
static analyzer was allowed to assume that we continue executing after a
LOG(FATAL).
I manually audited all of the code I have access to, and the only
"change the minimum log severity" statements I can see keep FATAL
enabled (...and continuing after a FATAL is highly sketchy to me
anyway).
(I'm sure I tested this at some point in making the previous patch. I
probably broke it in a refactor before sending it out for review; my
bad. :) )
Bug: None
Test: m without the static-analyzer builds; m with it yields fewer
false positives.
Change-Id: I216cd2034e1daa8d6f6c5e776f64b4cce88bb938
This helps us have less false-positives.
We do this instead of `#undef NDEBUG`, since undefing NDEBUG actually
gave us more false-positives (...and build breakages) than simply
leaving it defined.
Bug: None
Test: Ran the static analyzer across internal master. 213 fewer warnings
(15 Medium, 2 Low, the remainder are 'Analyzer'). All of the dropped
warnings I audited were false-positives. It adds ~3 Tidy warnings.
Change-Id: Ibedab60ca7e9d2b0772896222b83d2e7ab064afe
Two small changes in one:
- `foo || for (;;abort()) bar();` isn't valid C or C++, since for is a
statement. We need an expression instead.
- we'll now treat everything after LOG(foo) as unreachable in the
static analyzer, as long as we can prove at compile-time that
foo == FATAL.
The impact of this, running across internal master, is that we see ~50
fewer medium/high-severity false positives from clang-tidy. We see 15
new complaints about unreachable code (at the "tidy" severity), but all
of them are harmless AFAICT (e.g.
switch (foo) {
// ...
default:
LOG(FATAL) << "Unhandled case!"; // or CHECK(false);
break; // clang-tidy: unreachable break.
})
(Some of the macros were forcibly formatted by the clang-format hook)
Bug: None
Test: Ran
`DEFAULT_GLOBAL_TIDY_CHECKS=clang-analyzer*,-clang-analyzer-alpha* m`;
stared at warn.py output.
Change-Id: Ie984eda0481afad4274b9def7c61ba777cfa289a
libutils headers are only used by the implementation of libbase,
and should not be exported to everything that uses libbase headers.
Test: m -j
Change-Id: I76f248908f649e3a3c91cd3e84d629a0049939ef
Two changes were merged at the same time that conflicted.
Test: builds
(cherry picked from commit 72b9d28423)
Merged-In: Ia6c730804cd5a3b2655e6d69b8e4f346d198dabb
Change-Id: Ia6c730804cd5a3b2655e6d69b8e4f346d198dabb
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 33241851
Test: build and flash internal marlin
Test: m -j libbase
Test: build with BOARD_VNDK_VERSION := current
(cherry picked from commit c28517f956)
Merged-In: I720a00deada4e62628e6fbc4ac830265de9c669f
Change-Id: I720a00deada4e62628e6fbc4ac830265de9c669f
Test: can include headers in other soong modules
Bug: 33241851
(cherry picked from commit 8f56c1ecd7)
Merged-In: Ie3d11d1559f5aae46125695fd1f3a63da8e429ae
Change-Id: Ie3d11d1559f5aae46125695fd1f3a63da8e429ae
Fixes a potential leak of fds in WriteStringToFile.
Test: I wrote a temporary test that failed the fchmod on host in
Test: WriteStringToFile. I verified this fails with the old code after running
Test: out of fds and passes with the new code.
Change-Id: I168160841e35dd480d59a69bb4aa8176899fbb32
Use this for bootstat and init. This replaces the custom uptime parser in
bootstat.
This is a reland of aosp/338325 with a stubbed implementation for Darwin.
This change also has clang_format fixes (automatic).
Bug: 34352037
Test: chrono_utils_test
Change-Id: I72a62a3ca1ccfc0a4ccc6294ff1776c263144686
std::chrono doesn't handle integer overflow, so using
std::chrono::milliseconds::max() to indicate an infinite timeout is
not handled well in the current code. It causes an 'absolute_timeout'
earlier in time than 'now' and causes the associated WaitForProperty*
functions to return immediately.
Also, any duration_cast from relative_timeout to nanoseconds would
cause the same issue, as it would overflow in the conversion and
result in an invalid results.
This change prevents any duration_casts of relative_timeout to
nanoseconds and replaces the logic to wait on an absolute timeout with
logic that compares the time elapsed to the provided relative timeout.
This change also includes a test that std::chrono::milliseconds::max()
does not return immediately and that negative values do return immediately.
Test: Boot bullhead + libbase_test
Change-Id: I335bfa7ba71e86c20119a0ed46014cad44361162
The .clang-format files in the base, debuggerd, adb, libprocinfo, and
fastboot subdirectories each differ slightly from the top level
.clang-format-2 and .clang-format-4, but not in a substantially
meaningful way, as the source files in those directories have not been
re-formatted with clang-format. Therefore, let's reduce the
differences and use only the two top level clang-format files.
Secondly perform some small clean-up of the top level .clang-format
files. AllowShortBlocksOnASingleLine is already false in the Google
style, so it can be removed. AllowShortFunctionsOnASingleLine should
not change between the -2 and -4 versions, so leave it at the Google
default style in both, which is 'All'.
The diff stats for these changes are:
./base/
Old:
640 insertions(+), 531 deletions(-)
New:
563 insertions(+), 808 deletions(-)
./debuggerd/
Old:
910 insertions(+), 886 deletions(-)
New:
991 insertions(+), 1023 deletions(-)
./adb/
Old:
2623 insertions(+), 2886 deletions(-)
New:
2655 insertions(+), 3103 deletions(-)
./libprocinfo/
Old:
2 insertions(+), 1 deletion(-)
New:
4 insertions(+), 18 deletions(-)
./fastboot/
Old:
618 insertions(+), 743 deletions(-)
New:
726 insertions(+), 882 deletions(-)
./init/
Old:
1755 insertions(+), 1866 deletions(-)
New:
1715 insertions(+), 1952 deletions(-)
Test: Above clang-format stats
Change-Id: I3f7b8ab0660c8394c5008ba95ea15e70dd22b55b
- unlike base::WaitForProperty, which waits for specific value to
be set, this one only waits until the property is created.
bug: 35178781
Test: added unit test
Change-Id: Idbf98c2152fe768357302f6b69310c55305f5d54
Tests will often want to get the executable directory in order to
find test data.
Test: out/host/linux-x86/nativetest64/libbase_tests/libbase_tests
Change-Id: Ica9d211bcd039fcf83a22fd494816abd01b97aa3
adb already provides an implementation of dirname and basename that
take and produce std::strings, move it into libbase so it can be
used in the implementation of GetExecutableDirectory.
Test: out/host/linux-x86/nativetest64/adb_test/adb_test
Test: out/host/linux-x86/nativetest64/libbase_test/libbase_test
Test: adb shell /data/nativetest64/libbase_test/libbase_test64
Change-Id: Ideb1627607b14562121316d4ed27fa6fb0930684
Bionic has <sys/endian.h>, glibc <endian.h>, and macOS and Windows have
nothing. This has often been annoying.
Bug: N/A
Test: new tests
Change-Id: I2a40c570df6a9bb30607ace1af653265938cc4b8
Tests running in app context can't access /data/local/tmp,
so try current directory if /data/local/tmp is not accessible.
Bug: http://b/18790309
Test: run unit test in app context and shell context.
Change-Id: If66fe8f0ac3edb3a32a2a2a50a524364f818a58b
Use this for bootstat and init. This replaces the custom uptime parser in
bootstat.
This is a reland of aosp/332854 with a fix for Darwin.
Bug: 34352037
Test: chrono_utils_test
Change-Id: Ib2567d8df0e460ab59753ac1c053dd7f9f1008a7
ubsan doesn't like us incrementing std::string::npos, even if we won't use
the result.
Bug: http://b/28729303
Test: ran tests
Change-Id: I8227eca57dc6f3e49626c7025514caa04ef18f0a
Also adapt libcutils to the bionic change that was necessary for this.
Bug: http://b/35201172
Test: ran tests
Change-Id: I72a98b70b03d23e958b46778b505fbd5c86c32ae