the Matt Thomas rbtree:
- Include rb.c in libnbcompat, and provide a nbcompat sys/rbtree.h
header.
- Make sure libprop's source file include prop_object_impl.h before
anything else, and pull in nbtool_config.h from there.
Tested by simulating such a host system by renaming the host's
<sys/rbtree.h> out of the way (which reproduced the build failure)
and verifying that the host-tool installboot contained the rb_*
functions in its own .text segment.
The F spec is one of those, it should be terminated with \0 just like all
the others (irrelevant that it has no extra data to delimit).
Fix <sys/mman.h> to define the snprintb() format string correctly (include
the missing \0's). Fix the copy of that definition included into
snprintb(3) to match the updated mman.h version (ride the date bump
from the day before yesterday .. this is the same change, just corrected).
Undo the previous snprintb.c change ("off by one" fix) which was an
attempt to make the broken mman.h usage work (and did, but not the way
it should be done). Also, after using the new * format (instead of only
when something has already matched) skip the associated data so we don't
attempt to interpret it as more field specifiers. This func needs lots of TLC!
Fix the ATF tests for snprintb() to not assume that F format is really
exactly like f format, and has data after the field specifier. It doesn't.
Add several more tests (including testing the '*' field operator
recently added).
Compile test only, but seems trivial enough for me.
Fix build error due to test/lib/libc/atomic/t_atomic_cas.
Note that mips32 does not use atomic_cas.S.
Note that _atomic_cas_64 is already exported as atomic_cas_{ulong,prt}_ni.
Fix build error of test/lib/atomic/t_atomic_cas, which is successfully
passed on RPI3B+ now.
changing shared macro doesn't effect other atomic_ops because
(*ptr [+|^] delta) and (delta [+|^] *ptr) have same result.
atomic_sub_*() haven't used because non standard API?
As noted, style has no impact on the comparison of a similar code.
This version is a reimplementation from scratch with no code and no
algirithm (whenever possible) reuse.
Public symbols and struct layout must be kept in sync with the code
generation part. It casues violation of the style like with long filenames.
My previous comment was 'too perfect' and could trigger some unnecessary
attention.
This is a reimplementation of the Undefined Behavior Sanitizer with the
following properties:
- pure and clean-room C implementation,
- no -fsanitize=vpts support, as it requires RTTI support and C++
low-level routies to validate whether C++ objects are compatible
- designed to be used inside libc and known as uUBSan or user-UBSan
- designed to be shared with kernel and known as kUBSan or kernel-UBSan
- designed to be usable with ATF tests as a standalone runtime,
reachable without any MK* switches
- designed to be safer for hardening as it does not have side effects on
executables like writing to a selected location on demand
- controllable with environment variable LIBC_UBSAN with options:
* a - abort on report
* A - do not abort on a report (unless a failure is unrecoverable)
* e - output report to stderr
* E - do not output report on stderr
* l - output report on syslog (LOG_DEBUG | LOG_USER)
* L - do not output report on syslog
* o - output report on stdout
* O - do not output report on stdout
The default options are: "AeLO".
- compatible with Clang (3.8, 7.x) and GCC (6.x) code generation
- all handlers (except =vptr) from Clang/LLVM up to 7svn are supported
Tested with Clang amd64+i386 and GCC amd64+i386.
Do not change the signedness bit with a left shift operation.
Switch to unsigned integer to prevent this.
snprintb.c:178:17, left shift of 1 by 31 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
Do not change the signedness bit with a left shift operation.
Cast to unsigned integer to prevent this.
inet_addr.c:218:20, left shift of 131 by 24 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
Do not change the signedness bit with a left shift operation.
Switch to unsigned integer to prevent this.
cpuset.c:112:18, left shift of 1 by 31 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
- remove many _DIAGASSERT() checks against not NULL for functions
with arguments with nonnull attributes. (probably more to come,
the set between x86 and sparc us disjoint.)
- port libsanitizer's GetPcSpBp() to sparc, sparc64 and amd64.
- -Wstrict-prototypes is not available for C++, so don't try to
ignore it for C++.
- remove many _DIAGASSERT() checks against not NULL for functions
with arguments with nonnull attributes. in two cases, leave
code behind that should set defaults to "(null)".
- use -Wno-error=frame-address for i386 mcount, as it seems valid
to assume the caller will have a frame.fair
