about summary refs log tree commit diff
path: root/src/internal
Commit message (Collapse)AuthorAgeFilesLines
* declare and make hidden additional internal stdio symbolsRich Felker2018-09-121-0/+5
|
* declare and make hidden more internal locale functionsRich Felker2018-09-121-0/+2
|
* move additional pthread internal declarations to pthread_impl.h, hideRich Felker2018-09-121-0/+15
| | | | these were overlooked for various reasons in earlier stages.
* apply hidden visibility to various remaining internal interfacesRich Felker2018-09-127-23/+23
|
* apply hidden visibility to sigreturn code fragmentsRich Felker2018-09-121-1/+3
| | | | | | | these were overlooked in the declarations overhaul work because they are not properly declared, and the current framework even allows their declared types to vary by arch. at some point this should be cleaned up, but I'm not sure what the right way would be.
* apply hidden visibility to pthread internalsRich Felker2018-09-121-11/+11
|
* apply hidden visibility to stdio internalsRich Felker2018-09-121-26/+26
|
* apply hidden visibility to internal math functionsRich Felker2018-09-121-24/+24
| | | | | | | | this makes significant differences to codegen on archs with an expensive PLT-calling ABI; on i386 and gcc 7.3 for example, the sin and sinf functions no longer touch call-saved registers or the stack except for pushing outgoing arguments. performance is likely improved too, but no measurements were taken.
* overhaul internally-public declarations using wrapper headersRich Felker2018-09-123-22/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commits leading up to this one have moved the vast majority of libc-internal interface declarations to appropriate internal headers, allowing them to be type-checked and setting the stage to limit their visibility. the ones that have not yet been moved are mostly namespace-protected aliases for standard/public interfaces, which exist to facilitate implementing plain C functions in terms of POSIX functionality, or C or POSIX functionality in terms of extensions that are not standardized. some don't quite fit this description, but are "internally public" interfacs between subsystems of libc. rather than create a number of newly-named headers to declare these functions, and having to add explicit include directives for them to every source file where they're needed, I have introduced a method of wrapping the corresponding public headers. parallel to the public headers in $(srcdir)/include, we now have wrappers in $(srcdir)/src/include that come earlier in the include path order. they include the public header they're wrapping, then add declarations for namespace-protected versions of the same interfaces and any "internally public" interfaces for the subsystem they correspond to. along these lines, the wrapper for features.h is now responsible for the definition of the hidden, weak, and weak_alias macros. this means source files will no longer need to include any special headers to access these features. over time, it is my expectation that the scope of what is "internally public" will expand, reducing the number of source files which need to include *_impl.h and related headers down to those which are actually implementing the corresponding subsystems, not just using them.
* declare __getopt_msg in stdio_impl.hRich Felker2018-09-121-0/+2
| | | | | | it's not ideal, but the function is essentially an extended stdio function specialized to getopt's needs. the only reason it exists is avoiding pulling printf code into every program using getopt.
* move __memalign declaration to malloc_impl.hRich Felker2018-09-121-0/+2
| | | | | | | | the malloc-implementation-private header is the only right place for this, because, being in the reserved namespace, __memalign is not interposable and thus not valid to use anywhere else. anything outside of the malloc implementation must call an appropriate-namespace public function (aligned_alloc or posix_memalign).
* make arch __set_thread_area backends hiddenRich Felker2018-09-121-1/+1
| | | | | | | | this is not a public interface, and does not even necessarily match the syscall on all archs that have a syscall by that name. on archs where it's implemented in C, no action on the source file is needed; the hidden declaration in pthread_arch.h suffices.
* make arch __clone backends hiddenRich Felker2018-09-121-1/+1
| | | | | these are not a public interface and are not intended to be callable from anywhere but the public clone function or other places in libc.
* move tlsdesc and internal dl function declarations to dynlink.hRich Felker2018-09-121-0/+10
|
* move __stdio_exit_needed to stdio_impl.hRich Felker2018-09-121-0/+2
| | | | this functions is glue for linking dependency logic.
* move __loc_is_allocated declaration to locale_impl.hRich Felker2018-09-121-0/+1
|
* move declarations of tls setup/access functions to pthread_impl.hRich Felker2018-09-121-0/+6
| | | | | it's already included in all places where these are needed, and aside from __tls_get_addr, they're all implementation internals.
* move lgamma-related internal declarations to libm.hRich Felker2018-09-121-0/+4
|
* move declarations for malloc internals to malloc_impl.hRich Felker2018-09-121-0/+4
|
* improve machinery for ldso to report libc versionRich Felker2018-09-122-6/+3
| | | | | | | | eliminate gratuitous glue function for reporting the version, which was probably leftover from the old dynamic linker design which lacked a clear barrier for when/how it could access global data. put the declaration for the data object that replaces it in libc.h where it can be type checked.
* make internal declarations for flockfile tracking functions checkableRich Felker2018-09-121-0/+5
| | | | | | | logically these belong to the intersection of the stdio and pthread subsystems, and either place the declarations could go (stdio_impl.h or pthread_impl.h) requires a forward declaration for one of the argument types.
* move and deduplicate declarations of __vdsosym to make it checkableRich Felker2018-09-121-0/+2
|
* move and deduplicate declarations of __procfdname to make it checkableRich Felker2018-09-122-0/+4
| | | | | | syscall.h was chosen as the header to declare it, since its intended usage is alongside syscalls as a fallback for operations the direct syscall does not support.
* remove leftover declarations for removed functions from pthread_impl.hRich Felker2018-09-051-4/+0
|
* define and use internal macros for hidden visibility, weak refsRich Felker2018-09-056-25/+23
| | | | | | | | | this cleans up what had become widespread direct inline use of "GNU C" style attributes directly in the source, and lowers the barrier to increased use of hidden visibility, which will be useful to recovering some of the efficiency lost when the protected visibility hack was dropped in commit dc2f368e565c37728b0d620380b849c3a1ddd78f, especially on archs where the PLT ABI is costly.
* fix missing timeout argument to futex syscall in __futexwaitPatrick Oppenlander2018-06-261-2/+2
|
* add m68k portRich Felker2018-06-191-0/+9
| | | | | | | | | | | | | three ABIs are supported: the default with 68881 80-bit fpu format and results returned in floating point registers, softfloat-only with the same format, and coldfire fpu with IEEE single/double only. only the first is tested at all, and only under qemu which has fpu emulation bugs. basic functionality smoke tests have been performed for the most common arch-specific breakage via libc-test and qemu user-level emulation. some sysvipc failures remain, but are shared with other big endian archs and will be fixed separately.
* add support for m68k 80-bit long double variantRich Felker2018-06-141-0/+11
| | | | | | | | | since x86 and m68k are the only archs with 80-bit long double and each has mandatory endianness, select the variant via endianness. differences are minor: apparently just byte order and representation of infinities. the m68k format is not well-documented anywhere I could find, so if other differences are found they may require additional changes later.
* make linking of thread-start with explicit scheduling conditionalRich Felker2018-05-091-0/+8
| | | | | | | the wrapper start function that performs scheduling operations is unreachable if pthread_attr_setinheritsched is never called, so move it there rather than the pthread_create source file, saving some code size for static-linked programs.
* improve design of thread-start with explicit scheduling attributesRich Felker2018-05-091-2/+0
| | | | | | | | | | | | eliminate the awkward startlock mechanism and corresponding fields of the pthread structure that were only used at startup. instead of having pthread_create perform the scheduling operations and having the new thread wait for them to be completed, start the new thread with a wrapper start function that performs its own scheduling, sending the result code back via a futex. this way the new thread can use storage from the calling thread's stack rather than permanent fields in the pthread structure.
* clean up and reduce size of internal pthread structureRich Felker2018-05-071-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | over time the pthread structure has accumulated a lot of cruft taking up size. this commit removes unused fields and packs booleans and other small data more efficiently. changes which would also require changing code are not included at this time. non-volatile booleans are packed as unsigned char bitfield members. the canceldisable and cancelasync fields need volatile qualification due to how they're accessed from the cancellation signal handler and cancellable syscalls called from signal handlers. since volatile bitfield semantics are not clearly defined, discrete char objects are used instead. the pid field is completely removed; it has been unused since commit 83dc6eb087633abcf5608ad651d3b525ca2ec35e. the tid field's type is changed to int because its use is as a value in futexes, which are defined as plain int. it has no conceptual relationship to pid_t. also, its position is not ABI. startlock is reduced to a length-1 array. the second element was presumably intended as a waiter count, but it was never used and made no sense, since there is at most one waiter.
* improve joinable/detached thread state handlingRich Felker2018-05-051-3/+9
| | | | | | | | | | | | | | | | | previously, some accesses to the detached state (from pthread_join and pthread_getattr_np) were unsynchronized; they were harmless in programs with well-defined behavior, but ugly. other accesses (in pthread_exit and pthread_detach) were synchronized by a poorly named "exitlock", with an ad-hoc trylock operation on it open-coded in pthread_detach, whose only purpose was establishing protocol for which thread is responsible for deallocation of detached-thread resources. instead, use an atomic detach_state and unify it with the futex used to wait for thread exit. this eliminates 2 members from the pthread structure, gets rid of the hackish lock usage, and makes rigorous the trap added in commit 80bf5952551c002cf12d96deb145629765272db0 for catching attempts to join detached threads. it should also make attempt to detach an already-detached thread reliably trap.
* improve pthread_exit synchronization with functions targeting tidRich Felker2018-05-051-1/+0
| | | | | | | | | | | | | | | | if the last thread exited via pthread_exit, the logic that marked it dead did not account for the possibility of it targeting itself via atexit handlers. for example, an atexit handler calling pthread_kill(pthread_self(), SIGKILL) would return success (previously, ESRCH) rather than causing termination via the signal. move the release of killlock after the determination is made whether the exiting thread is the last thread. in the case where it's not, move the release all the way to the end of the function. this way we can clear the tid rather than spending storage on a dedicated dead-flag. clearing the tid is also preferable in that it hardens against inadvertent use of the value after the thread has terminated but before it is joined.
* use a dedicated futex object for pthread_join instead of tid fieldRich Felker2018-05-021-0/+1
| | | | | | | | | | | | | | | | | | the tid field in the pthread structure is not volatile, and really shouldn't be, so as not to limit the compiler's ability to reorder, merge, or split loads in code paths that may be relevant to performance (like controlling lock ownership). however, use of objects which are not volatile or atomic with futex wait is inherently broken, since the compiler is free to transform a single load into multiple loads, thereby using a different value for the controlling expression of the loop and the value passed to the futex syscall, leading the syscall to block instead of returning. reportedly glibc's pthread_join was actually affected by an equivalent issue in glibc on s390. add a separate, dedicated join_futex object for pthread_join to use.
* reintroduce hardening against partially-replaced allocatorRich Felker2018-04-191-0/+3
| | | | | | | | | | | | | | commit 618b18c78e33acfe54a4434e91aa57b8e171df89 removed the previous detection and hardening since it was incorrect. commit 72141795d4edd17f88da192447395a48444afa10 already handled all that remained for hardening the static-linked case. in the dynamic-linked case, have the dynamic linker check whether malloc was replaced and make that information available. with these changes, the properties documented in commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732 are restored: if calloc is not provided, it will behave as malloc+memset, and any of the memalign-family functions not provided will fail with ENOMEM.
* return chunks split off by memalign using __bin_chunk instead of freeRich Felker2018-04-191-0/+3
| | | | | | | | | | | | | | | this change serves multiple purposes: 1. it ensures that static linking of memalign-family functions will pull in the system malloc implementation, thereby causing link errors if an attempt is made to link the system memalign functions with a replacement malloc (incomplete allocator replacement). 2. it eliminates calls to free that are unpaired with allocations, which are confusing when setting breakpoints or tracing execution. as a bonus, making __bin_chunk external may discourage aggressive and unnecessary inlining of it.
* move malloc implementation types and macros to an internal headerRich Felker2018-04-191-0/+39
|
* remove a_ctz_l from arch specific atomic_arch.hAndre McCurdy2018-04-191-19/+23
| | | | | | | | Update atomic.h to provide a_ctz_l in all cases (atomic_arch.h should now only provide a_ctz_32 and/or a_ctz_64). The generic version of a_ctz_32 now takes advantage of a_clz_32 if available and the generic a_ctz_64 now makes use of a_ctz_32.
* use idiomatic safe form for FUNLOCK macroRich Felker2018-02-241-1/+1
| | | | | | | previously this macro used an odd if/else form instead of the more idiomatic do/while(0), making it unsafe against omission of trailing semicolon. the omission would make the following statement conditional instead of producing an error.
* document pthread structure ABI constraints in commentsRich Felker2018-02-051-0/+7
| | | | | | | | in the original submission of the patch that became commit 7c709f2d4f9872d1b445f760b0e68da89e256b9e, and in subsequent reading of it by others, it was not clear that the new member had to be inserted before canary_at_end, or that inserting it at that location was safe. add comments to document.
* store pthread stack guard sizes for pthread_getattr_npWilliam Pitcock2018-02-031-0/+1
|
* revise the definition of multiple basic locks in the codeJens Gustedt2018-01-091-2/+2
| | | | In all cases this is just a change from two volatile int to one.
* new lock algorithm with state and congestion count in one atomic intJens Gustedt2018-01-091-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A variant of this new lock algorithm has been presented at SAC'16, see https://hal.inria.fr/hal-01304108. A full version of that paper is available at https://hal.inria.fr/hal-01236734. The main motivation of this is to improve on the safety of the basic lock implementation in musl. This is achieved by squeezing a lock flag and a congestion count (= threads inside the critical section) into a single int. Thereby an unlock operation does exactly one memory transfer (a_fetch_add) and never touches the value again, but still detects if a waiter has to be woken up. This is a fix of a use-after-free bug in pthread_detach that had temporarily been patched. Therefore this patch also reverts c1e27367a9b26b9baac0f37a12349fc36567c8b6 This is also the only place where internal knowledge of the lock algorithm is used. The main price for the improved safety is a little bit larger code. Under high congestion, the scheduling behavior will be different compared to the previous algorithm. In that case, a successful put-to-sleep may appear out of order compared to the arrival in the critical section.
* add a_clz_64 helper functionSzabolcs Nagy2017-08-291-0/+21
| | | | | | | | | counts leading zero bits of a 64bit int, undefined on zero input. (has nothing to do with atomics, added to atomic.h so target specific helper functions are together.) there is a logarithmic generic implementation and another in terms of a 32bit a_clz_32 on targets where that's available.
* unify the use of FUTEX_PRIVATEJens Gustedt2017-07-041-1/+1
| | | | | | The flag 1<<7 is used in several places for different purposes that are not always easy to distinguish. Mark those usages that correspond to the flag that is used by the kernel for futexes.
* increase limit on locale name length from 15 to 23 bytesRich Felker2017-03-211-1/+1
| | | | | | | | | | | | | | | | the old limit was one byte too short to support locale names of the form xx_XX.UTF-8@modifier where modifier is more than 3 bytes, a form which various real-world locale names take. the problem could be avoided by omitting the useless ".UTF-8" part, but users may need to have it present when operating on mixed-libc systems or when it will be carried over (e.g. across ssh) to other systems. the new limit is chosen sufficient for existing/reasonable locale names while still keeping the size of setlocale's static buffer small. also add locale_impl.h to the Makefile's list of headers which force rebuild of source files, to prevent dangerously inconsistent object files from getting used after this change.
* fix crashes in x32 __tls_get_addrrofl0r2017-01-131-0/+4
| | | | | | x32 has another gratuitous difference to all other archs: it passes an array of 64bit values to __tls_get_addr(). usually it is an array of size_t.
* treat base 1 as an error in strtol-family functionsRich Felker2017-01-041-1/+1
| | | | | | | | | ISO C and POSIX only specify behavior for base arguments of 0 and 2-36; POSIX mandates an EINVAL error for unsupported bases. it's not clear that there's a requirement for implementations not to "support" additional bases as an extension, but "base 1" did not work in any meaningful way anyway, so it should be considered unsupported and thus an error.
* remove largish unused field from pthread structureRich Felker2016-12-061-1/+0
|
* add s390x portBobby Bingham2016-11-111-0/+15
|