for some reason these functions are not shaded by the PS/TPS option in
POSIX, so presumably they are mandatory, even though the functionality
they offer is optional. for now, provide them in case any programs
depend on their existence, but disallow any priority except the
default.
Rich Felker [Fri, 11 Mar 2011 02:34:19 +0000 (21:34 -0500)]
fix sem_open and sem_close to obey posix semantics
multiple opens of the same named semaphore must return the same
pointer, and only the last close can unmap it. thus the ugly global
state keeping track of mappings. the maximum number of distinct named
semaphores that can be opened is limited sufficiently small that the
linear searches take trivial time, especially compared to the syscall
overhead of these functions.
Rich Felker [Thu, 10 Mar 2011 23:31:37 +0000 (18:31 -0500)]
optimize pthread termination in the non-detached case
we can avoid blocking signals by simply using a flag to mark that the
thread has exited and prevent it from getting counted in the rsyscall
signal-pingpong. this restores the original pthread create/join
throughput from before the sigprocmask call was added.
Rich Felker [Thu, 10 Mar 2011 14:54:23 +0000 (09:54 -0500)]
fix errno behavior in clock_* functions
these functions are specified inconsistent in whether they're
specified to return an error value, or return -1 and set errno.
hopefully now they all match what POSIX requires.
Rich Felker [Thu, 10 Mar 2011 01:21:23 +0000 (20:21 -0500)]
optimize pthread initialization
the set_tid_address returns the tid (which is also the pid when called
from the initial thread) so there is no need to make a separate
syscall to get pid/tid.
Rich Felker [Thu, 10 Mar 2011 01:07:24 +0000 (20:07 -0500)]
fix race condition in raise - just mask signals
a signal handler could fork after the pid/tid were read, causing the
wrong process to be signalled. i'm not sure if this is supposed to
have UB or not, but raise is async-signal-safe, so it probably is
allowed. the current solution is slightly expensive so this
implementation is likely to be changed in the future.
Rich Felker [Tue, 1 Mar 2011 17:04:36 +0000 (12:04 -0500)]
use -L/...../ -lgcc instead of /...../libgcc.a in musl-gcc wrapper
this should avoid warnings about unused libs when not linking, and
might fix some other obscure issues too. i might replace this approach
with a completely different one soon though.
Rich Felker [Sun, 27 Feb 2011 05:28:59 +0000 (00:28 -0500)]
cleanup utf-8 multibyte code, use visibility if possible
this code was written independently of musl, with support for a the
backwards, nonstandard "31-bit unicode" some libraries/apps might
want. unfortunately the extra code (inside #ifdef) makes the source
harder to read and makes code that should be simple look complex, so
i'm removing it. anyone who wants to use the old code can find it in
the history or from elsewhere.
also, change the visibility of the __fsmu8 state machine table to
hidden, if supported. this should improve performance slightly in
shared-library builds.
Rich Felker [Thu, 24 Feb 2011 21:37:21 +0000 (16:37 -0500)]
various changes in preparation for dynamic linking support
prefer using visibility=hidden for __libc internal data, rather than
an accessor function, if the compiler has visibility.
optimize with -O3 for PIC targets (shared library). without heavy
inlining, reloading the GOT register in small functions kills
performance. 20-30% size increase for a single libc.so is not a big
deal, compared to comparaible size increase in every static binaries.
use -Bsymbolic-functions, not -Bsymbolic. global variables are subject
to COPY relocations, and thus binding their addresses in the library
at link time will cause library functions to read the wrong (original)
copies instead of the copies made in the main program's bss section.
Rich Felker [Thu, 24 Feb 2011 17:34:31 +0000 (12:34 -0500)]
fix backwards conditional in stpncpy
this only made the function unnecessarily slow on systems with
unaligned access, but would of course crash on systems that can't do
unaligned accesses (none of which have ports yet).
Rich Felker [Mon, 21 Feb 2011 03:30:06 +0000 (22:30 -0500)]
use an accessor function for __libc data pointer when compiled as PIC
prior to this change, a large portion of libc was unusable prior to
relocation by the dynamic linker, due to dependence on the global data
in the __libc structure and the need to obtain its address through the
GOT. with this patch, the accessor function __libc_loc is now able to
obtain the address of __libc via PC-relative addressing without using
the GOT. this means the majority of libc functionality is now
accessible right away.
naturally, the above statements all depend on having an architecture
where PC-relative addressing and jumps/calls are feasible, and a
compiler that generates the appropriate code.
Rich Felker [Mon, 21 Feb 2011 03:24:28 +0000 (22:24 -0500)]
avoid referencing address of extern function from vdprintf
this change is in preparation for upcoming PIC/shared library support.
the intent is to avoid going through the GOT, mainly so that dprintf
is operable immediately, prior to processing of relocations. having
dprintf accessible from the dynamic linker will make writing and
debugging the dynamic linker much easier.
Rich Felker [Sun, 20 Feb 2011 21:16:33 +0000 (16:16 -0500)]
make malloc(0) return unique pointers rather than NULL
this change is made with some reluctance, but i think it's for the
best. correct programs must handle either behavior, so there is little
advantage to having malloc(0) return NULL. and i managed to actually
make the malloc code slightly smaller with this change.
Rich Felker [Sun, 20 Feb 2011 21:10:38 +0000 (16:10 -0500)]
fix simple_malloc size restrictions
do not allow allocations that overflow ptrdiff_t; fix some overflow
checks that were not quite right but didn't matter due to address
layout implementation.
Rich Felker [Sun, 20 Feb 2011 20:06:26 +0000 (15:06 -0500)]
make real symbols for the legacy (nonstandardized) utmp functions
this is needed in the long term for ABI compatibility anyway, and in
the immediate, it helps with building broken programs like GNU screen
that try to prototype the functions themselves rather than using the
header.
Rich Felker [Sun, 20 Feb 2011 05:28:10 +0000 (00:28 -0500)]
make sys/param.h not depend on PATH_MAX and NAME_MAX
this is a nonstandard header used only by backwards programs, but for
some reason it's extremely popular. the recent namespace cleanup fixes
broke it, because PATH_MAX and NAME_MAX will not be defined unless an
approriate feature test macro has been defined. moreover, it's too
late to just #define _GNU_SOURCE in param.h, since limits.h may have
already been included.
let's just hard-code standard values and be done with it.
Rich Felker [Sat, 19 Feb 2011 16:04:36 +0000 (11:04 -0500)]
race condition fix: block all signals before decrementing thread count
the existence of a (kernelspace) thread must never have observable
effects after the thread count is decremented. if signals are not
blocked, it could end up handling the signal for rsyscall and
contributing towards the count of threads which have changed ids,
causing a thread to be missed. this could lead to one thread retaining
unwanted privilege level.
this change may also address other subtle race conditions in
application code that uses signals.
Rich Felker [Sat, 19 Feb 2011 14:40:07 +0000 (09:40 -0500)]
make mktemp match the historic behavior, and update functions that use it
the historic mktemp is supposed to blank the template string on
failure, rather than returning 0. just zero the first character so
that mkstemp and mkdtemp can still retry with O(1) space requirement.
Rich Felker [Sat, 19 Feb 2011 03:03:03 +0000 (22:03 -0500)]
support the ugly and deprecated ucontext and sigcontext header stuff...
only the structures, not the functions from ucontext.h, are supported
at this point. the main goal of this commit is to make modern gcc with
dwarf2 unwinding build without errors.
honestly, it probably doesn't matter how we define these as long as
they have members with the right names to prevent errors while
compiling libgcc. the only time they will be used is for propagating
exceptions across signal-handler boundaries, which invokes undefined
behavior anyway. but as-is, they're probably correct and may be useful
to various low-level applications dealing with virtualization, jit
code generation, and so on...
Rich Felker [Sat, 19 Feb 2011 00:52:42 +0000 (19:52 -0500)]
add pthread_atfork interface
note that this presently does not handle consistency of the libc's own
global state during forking. as per POSIX 2008, if the parent process
was threaded, the child process may only call async-signal-safe
functions until one of the exec-family functions is called, so the
current behavior is believed to be conformant even if non-ideal. it
may be improved at some later time.
Rich Felker [Fri, 18 Feb 2011 22:04:56 +0000 (17:04 -0500)]
major improvements to temp file name generator
use current time in nanoseconds and some potentially-random (if aslr
is enabled) pointer values for the initial tempfile name generation,
and step via a cheap linear prng on collisions. limit the number of
retry attempts to prevent denial of service attacks even if an
attacker can guess the filenames.