about summary refs log tree commit diff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* another cond var fix: requeue count race conditionRich Felker2011-09-262-15/+13
| | | | | | | | | | | | | lock out new waiters during the broadcast. otherwise the wait count added to the mutex might be lower than the actual number of waiters moved, and wakeups may be lost. this issue could also be solved by temporarily setting the mutex waiter count higher than any possible real count, then relying on the kernel to tell us how many waiters were requeued, and updating the counts afterwards. however the logic is more complex, and i don't really trust the kernel. the solution here is also nice in that it replaces some atomic cas loops with simple non-atomic ops under lock.
* fix lost signals in cond varsRich Felker2011-09-263-14/+17
| | | | | | | | | | | due to moving waiters from the cond var to the mutex in bcast, these waiters upon wakeup would steal slots in the count from newer waiters that had not yet been signaled, preventing the signal function from taking any action. to solve the problem, we simply use two separate waiter counts, and so that the original "total" waiters count is undisturbed by broadcast and still available for signal.
* cleanup various minor issues reported by nszRich Felker2011-09-264-7/+8
| | | | | | | | | the changes to syscall_ret are mostly no-ops in the generated code, just cleanup of type issues and removal of some implementation-defined behavior. the one exception is the change in the comparison value, which is fixed so that 0xf...f000 (which in principle could be a valid return value for mmap, although probably never in reality) is not treated as an error return.
* redo cond vars again, use sequence numbersRich Felker2011-09-264-48/+52
| | | | | | | | | | | | | | | | | | | | | | | | testing revealed that the old implementation, while correct, was giving way too many spurious wakeups due to races changing the value of the condition futex. in a test program with 5 threads receiving broadcast signals, the number of returns from pthread_cond_wait was roughly 3 times what it should have been (2 spurious wakeups for every legitimate wakeup). moreover, the magnitude of this effect seems to grow with the number of threads. the old implementation may also have had some nasty race conditions with reuse of the cond var with a new mutex. the new implementation is based on incrementing a sequence number with each signal event. this sequence number has nothing to do with the number of threads intended to be woken; it's only used to provide a value for the futex wait to avoid deadlock. in theory there is a danger of race conditions due to the value wrapping around after 2^32 signals. it would be nice to eliminate that, if there's a way. testing showed no spurious wakeups (though they are of course possible) with the new implementation, as well as slightly improved performance.
* revert previous change in cond var waiter moveRich Felker2011-09-251-2/+6
| | | | | | using swap has a race condition: the waiters must be added to the mutex waiter count *before* they are taken off the cond var waiter count, or wake events can be lost.
* optimize cond waiter move using atomic swap instead of cas loopRich Felker2011-09-251-6/+2
|
* fix logic for when wakeup is not desired on cond bcastRich Felker2011-09-251-3/+4
| | | | somehow i forgot that normal-type mutexes don't store the owner tid.
* new futex-requeue-based pthread_cond_broadcast implementationRich Felker2011-09-254-7/+69
| | | | | | this avoids the "stampede effect" where pthread_cond_broadcast would result in all waiters waking up simultaneously, only to immediately contend for the mutex and go back to sleep.
* fix ABA race in cond vars, improve them overallRich Felker2011-09-233-11/+12
| | | | | | | | | | | | | | | | | | | | | previously, a waiter could miss the 1->0 transition of block if another thread set block to 1 again after the signal function set block to 0. we now use the caller's thread id as a unique token to store in block, which no other thread will ever write there. this ensures that if block still contains the tid, no signal has occurred. spurious wakeups will of course occur whenever there is a spurious return from the futex wait and another thread has begun waiting on the cond var. this should be a rare occurrence except perhaps in the presence of interrupting signal handlers. signal/bcast operations have been improved by noting that they need not avoid inspecting the cond var's memory after changing the futex value. because the standard allows spurious wakeups, there is no way for an application to distinguish between a spurious wakeup just before another thread called signal/bcast, and the deliberate wakeup resulting from the signal/bcast call. thus the woken thread must assume that the signalling thread may still be waiting to act on the cond var, and therefore it cannot destroy/unmap the cond var.
* fix deadlock in condition wait whenever there are multiple waitersRich Felker2011-09-224-5/+18
| | | | | it's amazing none of the conformance tests i've run even bothered to check whether something so basic works...
* protect against/handle cancellation reading shadow passwordsRich Felker2011-09-211-1/+11
|
* make dns lookups (and thus getaddrinfo) cancellableRich Felker2011-09-211-4/+11
|
* use poll rather than select in dns lookups (also clock_gettime)Rich Felker2011-09-211-12/+10
| | | | | | | | | | if the file descriptor resource limit has been increased past FD_SETSIZE, this is actually a security issue; we could write past the end of the fd_set object. using poll makes it a non-issue, and simplifies the code at the same time. also, use clock_gettime instead of gettimeofday, for reduced bloat and better entropy.
* avoid setting FILE lock count when not using flockfileRich Felker2011-09-211-1/+1
| | | | | | | for now this is just a tiny optimization, but later if we support cancellation from __stdio_read and __stdio_write, it will be necessary for the recusrive lock count to be zero in order for these functions to know they are responsible for unlocking the FILE on cancellation.
* update syscalls with off_t arguments to handle argument alignment, if neededRich Felker2011-09-216-8/+8
| | | | | | the arm syscall abi requires 64-bit arguments to be aligned on an even register boundary. these new macros facilitate meeting the abi requirement without imposing significant ugliness on the code.
* fix statvfs.c to match new fsid_t definitionRich Felker2011-09-201-1/+1
|
* fix the definition of struct statvfs to match lsb abiRich Felker2011-09-192-19/+46
| | | | | at the same time, make struct statfs match the traditional definition and make it more useful, especially the fsid_t stuff.
* fix incorrect long double parameters on arm (and other future ports)Rich Felker2011-09-191-0/+12
| | | | | this was the cause of crashes in printf when attempting to print floating point values.
* initial commit of the arm portRich Felker2011-09-188-0/+136
| | | | | | | | | | | | | this port assumes eabi calling conventions, eabi linux syscall convention, and presence of the kernel helpers at 0xffff0f?0 needed for threads support. otherwise it makes very few assumptions, and the code should work even on armv4 without thumb support, as well as on systems with thumb interworking. the bits headers declare this a little endian system, but as far as i can tell the code should work equally well on big endian. some small details are probably broken; so far, testing has been limited to qemu/aboriginal linux.
* disable dynamic linking/loading code in static libc builds, for nowRich Felker2011-09-181-0/+2
| | | | | it does not work, but some configure scripts will falsely detect support then generate programs that crash when they call dlopen.
* overhaul clone syscall wrappingRich Felker2011-09-188-62/+108
| | | | | | | | | | | | | | | | | | | | several things are changed. first, i have removed the old __uniclone function signature and replaced it with the "standard" linux __clone/clone signature. this was necessary to expose clone to applications anyway, and it makes it easier to port __clone to new archs, since it's now testable independently of pthread_create. secondly, i have removed all references to the ugly ldt descriptor structure (i386 only) from the c code and pthread structure. in places where it is needed, it is now created on the stack just when it's needed, in assembly code. thus, the i386 __clone function takes the desired thread pointer as its argument, rather than an ldt descriptor pointer, just like on all other sane archs. this should not affect applications since there is really no way an application can use clone with threads/tls in a way that doesn't horribly conflict with and clobber the underlying implementation's use. applications are expected to use clone only for creating actual processes, possibly with new namespace features and whatnot.
* dummy implementation of set_thread_areaRich Felker2011-09-171-0/+6
| | | | | | | | eventually we may have a working "generic" implementation for archs that don't need anything special. in any case, the goal of having stubs like this is to allow early testing of new ports before all the details needed for threads have been filled in. more functions like this will follow.
* fix assumptions that char is signedRich Felker2011-09-161-2/+2
|
* fix more instances of old a_xchg (use new a_swap name)Rich Felker2011-09-163-3/+3
|
* use a_swap rather than old name a_xchgRich Felker2011-09-161-1/+1
|
* fix generic sigsetjmp (unused anyway) pointer signedness errorRich Felker2011-09-161-1/+1
|
* fix idiotic const-correctness error in lio_listioRich Felker2011-09-161-1/+1
| | | | | i blame this one on posix for using hideous const-qualified double pointers which are unusable without hideous casts.
* fix ptrace (maybe)Rich Felker2011-09-161-1/+8
|
* implement ptrace syscall wrapper (untested)Rich Felker2011-09-151-0/+18
|
* remove incorrectly-made-visible internal dst offset variableRich Felker2011-09-141-1/+0
|
* fix inconsistent signature for aio_errorRich Felker2011-09-141-1/+1
|
* fix return types for aio_read and aio_write againRich Felker2011-09-131-2/+2
| | | | | previous fix was backwards and propagated the wrong type rather than the right one...
* fix various errors in function signatures/prototypes found by nszRich Felker2011-09-135-8/+11
|
* add missing posix_spawnattr_init/destroy functionsRich Felker2011-09-132-0/+13
|
* remove some stray trailing space charactersRich Felker2011-09-134-4/+4
|
* implement gnu sigisemptysetRich Felker2011-09-121-0/+9
|
* add dummied strverscmp (obnoxious GNU function)Rich Felker2011-09-111-0/+7
| | | | | | programs that use this tend to horribly botch international text support, so it's questionable whether we want to support it even in the long term... for now, it's just a dummy that calls strcmp.
* fix serious bug in pthread_joinRich Felker2011-09-111-2/+2
| | | | | | | | | | | | | on spurious wakeups/returns from __timedwait, pthread_join would "succeed" and unmap the thread's stack while it was still running. at best this would lead to SIGSEGV when the thread resumed execution, but in the worst case, the thread would later resume executing on top of another new thread's stack mapped at the same address. spent about 4 hours tracking this bug down, chasing rare difficult-to-reproduce stack corruption in a stress test program. still no idea *what* caused the spurious wakeups; i suspect it's a kernel bug.
* fix pthread_join wait call: thread termination tid futex is not privateRich Felker2011-09-091-1/+1
| | | | | | | | | this seeme to be the bug that prevented enabling of private futex support. i'm going to hold off on switching to private futexes until after the next release, and until i get a chance to audit all wait/wake calls to make sure they're using the correct private argument, but with this change it should be safe to enable private futex support.
* implement POSIX asynchronous ioRich Felker2011-09-097-0/+338
| | | | | some features are not yet supported, and only minimal testing has been performed. should be considered experimental at this point.
* fix incorrect overflow errors on strtoul, etc.Rich Felker2011-09-054-8/+20
|
* strptime: fix use of uninitialized dest field in converting integerRich Felker2011-09-051-1/+1
|
* more fmemopen null termination fixesRich Felker2011-09-041-2/+3
| | | | | | | | null termination is only added when current size grows. in update modes, null termination is not added if it does not fit (i.e. it is not allowed to clobber data). these rules make very little sense, but that's how it goes..
* fix some fmemopen behaviorsRich Felker2011-09-041-4/+7
| | | | | | read should not be allowed past "current size". append mode should write at "current size", not buffer size. null termination should not be written except when "current size" grows.
* handle pending cancellation when enabling async cancellationRich Felker2011-09-041-0/+1
| | | | | | | | | | | this is not strictly required by the standard, but without it, there is a race condition where cancellation arriving just before async cancellation is enabled might not be acted upon. it is impossible for a conforming application to work around this race condition since calling pthread_testcancel after setting async cancellation mode is not allowed (pthread_testcancel is not specified to be async-cancel-safe). thus the implementation should be responsible for eliminating the race, from a quality-of-implementation standpoint.
* fmemopen: fix eof handling, hopefully right this timeRich Felker2011-09-041-3/+4
|
* fmemopen fixesRich Felker2011-09-041-1/+3
| | | | | | disallow seek past end of buffer (per posix) fix position accounting to include data buffered for read don't set eof flag when no data was requested
* memstreams: fix incorrect handling of file pos > current sizeRich Felker2011-09-042-4/+4
| | | | | the addition is safe and cannot overflow because both operands are positive when considered as signed quantities.
* optimize seek function for memory streamsRich Felker2011-09-042-24/+6
|
* fix twos complement overflow bug in mem streams boundary checkRich Felker2011-09-042-2/+2
| | | | | | the expression -off is not safe in case off is the most-negative value. instead apply - to base which is known to be non-negative and bounded within sanity.