Rich Felker [Sat, 2 Feb 2013 05:59:25 +0000 (00:59 -0500)]
fix uninitialized map_len being used in munmap failure paths in load_library
this bug seems to have been introduced when the map_library signatures
was changed to return the mapping in a temp dso structure instead of
into separate variables.
Rich Felker [Sat, 2 Feb 2013 03:10:40 +0000 (22:10 -0500)]
pthread stack treatment overhaul for application-provided stacks, etc.
the main goal of these changes is to address the case where an
application provides a stack of size N, but TLS has size M that's a
significant portion of the size N (or even larger than N), thus giving
the application less stack space than it expected or no stack at all!
the new strategy pthread_create now uses is to only put TLS on the
application-provided stack if TLS is smaller than 1/8 of the stack
size or 2k, whichever is smaller. this ensures that the application
always has "close enough" to what it requested, and the threshold is
chosen heuristically to make sure "sane" amounts of TLS still end up
in the application-provided stack.
if TLS does not fit the above criteria, pthread_create uses mmap to
obtain space for TLS, but still uses the application-provided stack
for actual call frame stack. this is to avoid wasting memory, and for
the sake of supporting ugly hacks like garbage collection based on
assumptions that the implementation will use the provided stack range.
in order for the above heuristics to ever succeed, the amount of TLS
space wasted on POSIX TSD (pthread_key_create based) needed to be
reduced. otherwise, these changes would preclude any use of
pthread_create without mmap, which would have serious memory usage and
performance costs for applications trying to create huge numbers of
threads using pre-allocated stack space. the new value of
PTHREAD_KEYS_MAX is the minimum allowed by POSIX, 128. this should
still be plenty more than real-world applications need, especially now
that C11/gcc-style TLS is now supported in musl, and most apps and
libraries choose to use that instead of POSIX TSD when available.
at the same time, PTHREAD_STACK_MIN has been decreased. it was
originally set to PAGE_SIZE back when there was no support for TLS or
application-provided stacks, and requests smaller than a whole page
did not make sense. now, there are two good reasons to support
requests smaller than a page: (1) applications could provide
pre-allocated stacks smaller than a page, and (2) with smaller stack
sizes, stack+TLS+TSD can all fit in one page, making it possible for
applications which need huge numbers of threads with minimal stack
needs to allocate exactly one page per thread. the new value of
PTHREAD_STACK_MIN, 2k, is aligned with the minimum size for
sigaltstack.
Rich Felker [Fri, 1 Feb 2013 21:41:53 +0000 (16:41 -0500)]
replace __wake function with macro that performs direct syscall
this should generate faster and smaller code, especially with inline
syscalls. the conditional with cnt is ugly, but thankfully cnt is
always a constant anyway so it gets evaluated at compile time. it may
be preferable to make separate __wake and __wakeall macros without a
count argument.
priv flag is not used yet; private futex support still needs to be
done at some point in the future.
Rich Felker [Fri, 1 Feb 2013 06:10:59 +0000 (01:10 -0500)]
revert regex "cleanup" that seems unjustified and may break backtracking
it's not clear to me at the moment whether the code that was removed
(and which is now being re-added) is needed, but it's far from being a
no-op, and i don't want to risk breaking regex in this release.
Rich Felker [Thu, 31 Jan 2013 05:49:53 +0000 (00:49 -0500)]
SOL_TCP is nonstandard and not in the reserved namespace
alternatively, we could define it in sys/socket.h since SO* is
reserved there, and tcp.h includes sys/socket.h in extensions mode.
note that SOL_TCP is simply wrong and it's only here for compatibility
with broken applications. the correct argument to pass for setting TCP
socket options is IPPROTO_TCP, which of course has the same value as
SOL_TCP but works everywhere.
Rich Felker [Thu, 24 Jan 2013 03:18:45 +0000 (22:18 -0500)]
add RTLD_NODELETE flag for dlopen
this is a trivial no-op, because dlclose never deletes libraries. thus
we might as well have it in the header in case some application wants
it, since we're already providing it anyway.
Rich Felker [Thu, 24 Jan 2013 03:07:45 +0000 (22:07 -0500)]
add support for RTLD_NOLOAD to dlopen
based on patch by Pierre Carrier <pierre@gcarrier.fr> that just added
the flag constant, but with minimal additional code so that it
actually works as documented. this is a nonstandard option but some
major software (reportedly, Firefox) uses it and it was easy to add
anyway.
Rich Felker [Sat, 19 Jan 2013 01:35:26 +0000 (20:35 -0500)]
use a common definition of NULL as 0L for C and C++
the historical mess of having different definitions for C and C++
comes from the historical C definition as (void *)0 and the fact that
(void *)0 can't be used in C++ because it does not convert to other
pointer types implicitly. however, using plain 0 in C++ exposed bugs
in C++ programs that call variadic functions with NULL as an argument
and (wrongly; this is UB) expect it to arrive as a null pointer. on
64-bit machines, the high bits end up containing junk. glibc dodges
the issue by using a GCC extension __null to define NULL; this is
observably non-conforming because a conforming application could
observe the definition of NULL via stringizing and see that it is
neither an integer constant expression with value zero nor such an
expression cast to void.
switching to 0L eliminates the issue and provides compatibility with
broken applications, since on all musl targets, long and pointers have
the same size, representation, and argument-passing convention. we
could maintain separate C and C++ definitions of NULL (i.e. just use
0L on C++ and use (void *)0 on C) but after careful analysis, it seems
extremely difficult for a C program to even determine whether NULL has
integer or pointer type, much less depend in subtle, unintentional
ways, on whether it does. C89 seems to have no way to make the
distinction. on C99, the fact that (int)(void *)0 is not an integer
constant expression, along with subtle VLA/sizeof semantics, can be
used to make the distinction, but many compilers are non-conforming
and give the wrong result to this test anyway. on C11, _Generic can
trivially make the distinction, but it seems unlikely that code
targetting C11 would be so backwards in caring which definition of
NULL an implementation uses.
as such, the simplest path of using the same definition for NULL in
both C and C++ was chosen. the #undef directive was also removed so
that the compiler can catch and give a warning or error on
redefinition if buggy programs have defined their own versions of
NULL prior to inclusion of standard headers.
Szabolcs Nagy [Sun, 13 Jan 2013 22:54:48 +0000 (23:54 +0100)]
in crypt_des change unnecessary union keybuf into unsigned char[]
original FreeSec code accessed keybuf as uint32* and uint8* as well
(incorrectly), this got fixed with an union, but then it seems the
uint32* access is no longer needed so the code can be simplified
Szabolcs Nagy [Sun, 13 Jan 2013 22:18:32 +0000 (23:18 +0100)]
crypt: fix the prototype of md5_sum, sha256_sum and sha512_sum
the internal sha2 hash sum functions had incorrect array size
in the prototype for the message digest argument, fixed by
using pointer so it is not misleading
Szabolcs Nagy [Sat, 12 Jan 2013 17:25:13 +0000 (18:25 +0100)]
add mount flags to sys/mount.h
added various MS_*, MNT_*, UMOUNT_* flags following the linux
headers, with one exception: MS_NOUSER is defined as (1U<<31)
instead of (1<<31) which invokes undefined behaviour
Szabolcs Nagy [Fri, 11 Jan 2013 00:54:53 +0000 (01:54 +0100)]
add missing multicast socket options to netinet/in.h
based on linux headers add the missing MCAST_* options
under _GNU_SOURCE as they are not in the reserved namespace
(this api was originally specified by RFC 3678)
Rich Felker [Thu, 10 Jan 2013 19:05:40 +0000 (14:05 -0500)]
check for invalid handles in dlsym/dlclose
this is wasteful and useless from a standpoint of sane programs, but
it is required by the standard, and the current requirements were
upheld with the closure of Austin Group issue #639:
http://austingroupbugs.net/view.php?id=639
Szabolcs Nagy [Mon, 7 Jan 2013 22:54:13 +0000 (23:54 +0100)]
math: erf and erfc cleanup
common part of erf and erfc was put in a separate function which
saved some space and the new code is using unsigned arithmetics
erfcf had a bug: for some inputs in [7.95,8] the result had
more than 60ulp error: in expf(-z*z - 0.5625f) the argument
must be exact but not enough lowbits of z were zeroed,
-SET_FLOAT_WORD(z, ix&0xfffff000);
+SET_FLOAT_WORD(z, ix&0xffffe000);
fixed the issue
rofl0r [Tue, 1 Jan 2013 07:07:26 +0000 (08:07 +0100)]
wait.h: add linux specific, thread-related waitpid() flags
these flags are needed in order to be able to handle lwp id's
which the kernel returns after clone() calls for new threads
via ptrace(PTRACE_GETEVENTMSG).
fortunately, they're the same for all archs and in the reserved
namespace.
rofl0r [Tue, 1 Jan 2013 06:59:11 +0000 (07:59 +0100)]
__assert_fail(): remove _Noreturn, to get proper stacktraces
for _Noreturn functions, gcc generates code that trashes the
stack frame, and so it makes it impossible to inspect the causes
of an assert error in gdb.
abort() is not affected (i have not yet investigated why).
Szabolcs Nagy [Tue, 1 Jan 2013 21:20:45 +0000 (22:20 +0100)]
math: bessel cleanup (jn.c and jnf.c)
both jn and yn functions had integer overflow issues for large
and small n
to handle these issues nm1 (== |n|-1) is used instead of n and -n
in the code and some loops are changed to make sure the iteration
counter does not overflow
(another solution could be to use larger integer type or even double
but that has more size and runtime cost, on x87 loading int64_t or
even uint32_t into an fpu register is more than two times slower than
loading int32_t, and using double for n slows down iteration logic)
yn(-1,0) now returns inf
posix2008 specifies that on overflow and at +-0 all y0,y1,yn functions
return -inf, this is not consistent with math when n<0 odd integer in yn
(eg. when x->0, yn(-1,x)->inf, but historically yn(-1,0) seems to be
special cased and returned -inf)
some threshold values in jnf and ynf were fixed that seems to be
incorrectly copy-pasted from the double version
Szabolcs Nagy [Tue, 1 Jan 2013 20:59:46 +0000 (21:59 +0100)]
math: bessel cleanup (j0.c and j0f.c)
a common code path in j0 and y0 was factored out so the resulting
object code is smaller
unsigned int arithmetics is used for bit manipulation
the logic of j0 got a bit simplified (x < 1 case was handled
separately with a bit higher precision than now, but there are large
errors in other domains anyway so that branch has been removed)
some threshold values were adjusted in j0f and y0f
Rich Felker [Fri, 28 Dec 2012 01:44:44 +0000 (20:44 -0500)]
align EPOLL_* flags with fcntl O_* flag definitions, which vary by arch
the old definitions were wrong on some archs. actually, EPOLL_NONBLOCK
probably should not even be defined; it is not accepted by the kernel
and it's not clear to me whether it has any use at all, even if it did
work. this issue should be revisited at some point, but I'm leaving it
in place for now in case some applications reference it.
Rich Felker [Wed, 26 Dec 2012 02:51:11 +0000 (21:51 -0500)]
fix reference to libc struct in static tls init code
libc is the macro, __libc is the internal symbol, but under some
configurations on old/broken compilers, the symbol might not actually
exist and the libc macro might instead use __libc_loc() to obtain
access to the object.
Rich Felker [Thu, 20 Dec 2012 17:16:02 +0000 (12:16 -0500)]
clean up and fix logic for making mmap fail on invalid/unsupported offsets
the previous logic was assuming the kernel would give EINVAL when
passed an invalid address, but instead with MAP_FIXED it was giving
EPERM, as it considered this an attempt to map over kernel memory.
instead of trying to get the kernel to do the rigth thing, the new
code just handles the error in userspace.
I have also cleaned up the code to use a single mask to check for
invalid low bits and unsupported high bits, so it's simpler and more
clearly correct. the old code was actually wrong for sizeof(long)
smaller than sizeof(off_t) but not equal to 4; now it should be
correct for all possibilities.
for 64-bit systems, the low-bits test is new and extraneous (the
kernel should catch the error anyway when the mmap2 syscall is not
used), but it's cheap anyway. if this is an issue, the OFF_MASK
definition could be tweaked to omit the low bits when SYS_mmap2 is not
defined.
Szabolcs Nagy [Wed, 19 Dec 2012 09:57:54 +0000 (10:57 +0100)]
math: more correct tgmath.h type cast logic
__IS_FP is a portable integer constant expression now
(uses that unsigned long long is larger than float)
the result casting logic should work now on all compilers
supporting typeof
Szabolcs Nagy [Wed, 19 Dec 2012 03:05:30 +0000 (04:05 +0100)]
math: new type cast logic in tgmath.h
* return type logic is simplified a bit and fixed (see below)
* return type of conj and cproj were wrong on int arguments
* added comments about the pending issues
(usually we don't have comments in public headers but this is
not the biggest issue with tgmath.h)
casting the result to the right type cannot be done in c99
(c11 _Generic can solve this but that is not widely supported),
so the typeof extension of gcc is used and that the ?: operator
has special semantics when one of the operands is a null
pointer constant
the standard is very strict about the definition of null
pointer constants so typeof with ?: is still not enough so
compiler specific workaround is used for now
on gcc '!1.0' is a null pointer constant so we can use the old
__IS_FP logic (eventhough it's non-standard)
on clang (and on gcc as well) 'sizeof(void)-1' is a null
pointer constant so we can use
!(sizeof(*(0?(int*)0:(void*)__IS_FP(x)))-1)
(this is non-standard as well), the old logic is used by
default and this new one on clang
Szabolcs Nagy [Sun, 16 Dec 2012 19:28:43 +0000 (20:28 +0100)]
math: use 0x1p-120f and 0x1p120f for tiny and huge values
previously 0x1p-1000 and 0x1p1000 was used for raising inexact
exception like x+tiny (when x is big) or x+huge (when x is small)
the rational is that these float consts are large enough
(0x1p-120 + 1 raises inexact even on ld128 which has 113 mant bits)
and float consts maybe smaller or easier to load on some platforms
(on i386 this reduced the object file size by 4bytes in some cases)
Szabolcs Nagy [Sun, 16 Dec 2012 19:22:17 +0000 (20:22 +0100)]
math: tgammal.c fixes
this is not a full rewrite just fixes to the special case logic:
+-0 and non-integer x<INT_MIN inputs incorrectly raised invalid
exception and for +-0 the return value was wrong
so integer test and odd/even test for negative inputs are changed
and a useless overflow test was removed
Szabolcs Nagy [Sun, 16 Dec 2012 18:52:42 +0000 (19:52 +0100)]
math: tanh.c cleanup similar to sinh, cosh
comments are kept in the double version of the function
compared to fdlibm/freebsd we partition the domain into one
more part and select different threshold points:
now the [log(5/3)/2,log(3)/2] and [log(3)/2,inf] domains
should have <1.5ulp error
(so only the last bit may be wrong, assuming good exp, expm1)
(note that log(3)/2 and log(5/3)/2 are the points where tanh
changes resolution: tanh(log(3)/2)=0.5, tanh(log(5/3)/2)=0.25)
for some x < log(5/3)/2 (~=0.2554) the error can be >1.5ulp
but it should be <2ulp
(the freebsd code had some >2ulp errors in [0.255,1])
even with the extra logic the new code produces smaller
object files
Szabolcs Nagy [Sun, 16 Dec 2012 18:23:51 +0000 (19:23 +0100)]
math: finished cosh.c cleanup
changed the algorithm: large input is not special cased
(when exp(-x) is small compared to exp(x))
and the threshold values are reevaluated
(fdlibm code had a log(2)/2 cutoff for which i could not find
justification, log(2) seems to be a better threshold and this
was verified empirically)
the new code is simpler, makes smaller binaries and should be
faster for common cases
the old comments were removed as they are no longer true for the
new algorithm and the fdlibm copyright was dropped as well
because there is no common code or idea with the original anymore
except for trivial ones.
Szabolcs Nagy [Fri, 14 Dec 2012 17:29:56 +0000 (18:29 +0100)]
math: fix i386/expl.s with more precise x*log2e
with naive exp2l(x*log2e) the last 12bits of the result was incorrect
for x with large absolute value
with hi + lo = x*log2e is caluclated to 128 bits precision and then
expl(x) = exp2l(hi) + exp2l(hi) * f2xm1(lo)
this gives <1.5ulp measured error everywhere in nearest rounding mode
Szabolcs Nagy [Fri, 14 Dec 2012 11:49:35 +0000 (12:49 +0100)]
fixed tgmath.h for functions with integral result
in tgmath.h the return values are casted to the appropriate
floating-point type (if the compiler supports gcc __typeof__),
this is wrong in case of ilogb, lrint, llrint, lround, llround
which do not need such cast
Szabolcs Nagy [Wed, 12 Dec 2012 00:43:43 +0000 (01:43 +0100)]
math: add a non-dummy tgamma implementation
uses the lanczos approximation method with the usual tweaks.
same parameters were selected as in boost and python.
(avoides some extra work and special casing found in boost
so the precision is not that good: measured error is <5ulp for
positive x and <10ulp for negative)
an alternative lgamma_r implementation is also given in the same
file which is simpler and smaller than the current one, but less
precise so it's ifdefed out for now.
Szabolcs Nagy [Tue, 11 Dec 2012 22:56:59 +0000 (23:56 +0100)]
math: clean up inverse trigonometric functions
modifications:
* avoid unsigned->signed conversions
* removed various volatile hacks
* use FORCE_EVAL when evaluating only for side-effects
* factor out R() rational approximation instead of manual inline
* __invtrigl.h now only provides __invtrigl_R, __pio2_hi and __pio2_lo
* use 2*pio2_hi, 2*pio2_lo instead of pi_hi, pi_lo
otherwise the logic is not changed, long double versions will
need a revisit when a genaral long double cleanup happens
Szabolcs Nagy [Tue, 11 Dec 2012 22:06:20 +0000 (23:06 +0100)]
math: rewrite inverse hyperbolic functions to be simpler/smaller
modifications:
* avoid unsigned->signed integer conversion
* do not handle special cases when they work correctly anyway
* more strict threshold values (0x1p26 instead of 0x1p28 etc)
* smaller code, cleaner branching logic
* same precision as the old code:
acosh(x) has up to 2ulp error in [1,1.125]
asinh(x) has up to 1.6ulp error in [0.125,0.5], [-0.5,-0.125]
atanh(x) has up to 1.7ulp error in [0.125,0.5], [-0.5,-0.125]
Szabolcs Nagy [Tue, 11 Dec 2012 21:57:39 +0000 (22:57 +0100)]
math: remove long double version of bessel functions from math.h
j0l,j1l,jnl,y0l,j1l,jnl are gnu extensions, bsd and posix do not
have them.
noone seems to use them and there is no plan to implement them any
time soon so we shouldn't declare them in math.h.
Rich Felker [Tue, 11 Dec 2012 02:36:12 +0000 (21:36 -0500)]
fix regressions in app compatibility from previous sys/ipc.h changes
despite glibc using __key and __seq rather than key and seq, some
applications, notably busybox, assume the names are key and seq unless
glibc is being used. and the names key and seq are really the ones
that _should_ be exposed when not attempting to present a
standards-conforming namespace; apps should not be using names that
begin with double-underscore. thus, the optimal fix is to use key and
seq as the actual names of the members when in bsd/gnu source profile,
and define macros for __key and __seq that redirect to plain key and
seq.
Rich Felker [Mon, 10 Dec 2012 21:40:45 +0000 (16:40 -0500)]
syscall() declaration belongs in unistd.h, not sys/syscall.h
traditionally, both BSD and GNU systems have it this way.
sys/syscall.h is purely syscall number macros. presently glibc exposes
the syscall declaration in unistd.h only with _GNU_SOURCE, but that
does not reflect historical practice.
Rich Felker [Sat, 8 Dec 2012 04:04:49 +0000 (23:04 -0500)]
add support for ctors/dtors on arm with modern gcc
a while back, gcc switched from using the old _init/_fini fragments
method for calling ctors and dtors on arm to the __init_array and
__fini_array method. unfortunately, on glibc this depends on ugly
hacks involving making libc.so a linker script and pulling parts of
libc into the main program binary. so I cheat a little bit, and just
write asm to iterate over the init/fini arrays from the _init/_fini
asm. the same approach could be used on any arch it's needed on, but
for now arm is the only one.
Rich Felker [Sat, 8 Dec 2012 03:33:11 +0000 (22:33 -0500)]
page-align initial brk value used by malloc in shared libc
this change fixes an obscure issue with some nonstandard kernels,
where the initial brk syscall returns a pointer just past the end of
bss rather than the beginning of a new page. in that case, the dynamic
linker has already reclaimed the space between the end of bss and the
page end for use by malloc, and memory corruption (allocating the same
memory twice) will occur when malloc again claims it on the first call
to brk.
Rich Felker [Fri, 7 Dec 2012 21:22:13 +0000 (16:22 -0500)]
remove __arch_prctl alias for arch_prctl
if there's evidence of any use for it, we can add it back later. as
far as I can tell, glibc has it only for internal use (and musl uses a
direct syscall in that case rather than a function call), not for
exposing it to applications.
Rich Felker [Fri, 7 Dec 2012 02:12:28 +0000 (21:12 -0500)]
fix invalid read in aligned_alloc
in case of mmap-obtained chunks, end points past the end of the
mapping and reading it may fault. since the value is not needed until
after the conditional, move the access to prevent invalid reads.
Rich Felker [Thu, 6 Dec 2012 22:05:19 +0000 (17:05 -0500)]
move signal.h REG_* macros under _GNU_SOURCE protection
they were accidentally exposed under just baseline POSIX, which is a
big namespace pollution issue. thankfully glibc only exposes them
under _GNU_SOURCE, not under any of its other options, so omitting
the pollution in the default _BSD_SOURCE profile does not hurt
application compatibility at all.
Rich Felker [Thu, 6 Dec 2012 21:52:09 +0000 (16:52 -0500)]
fix names of ipc_perm __key/__seq elements
previously the names were exposed as key/seq with _GNU_SOURCE and
__ipc_perm_key/__ipc_perm/seq otherwise, whereas glibc always uses
__key and __seq for the names. thus, the old behavior never matched
glibc, and the new behavior always does, regardless of feature test
macros.
for now, i'm leaving the renaming here in sys/ipc.h where it's easy to
change globally for all archs, in case something turns out to be
wrong, but eventually the names could just be incorporated directly
into the bits headers for each arch and the renaming removed.