Rich Felker [Sat, 26 May 2012 02:34:09 +0000 (22:34 -0400)]
ensure pthread-internal signals are unblocked before threads are used
if the process started with these signals blocked, cancellation could
fail or setxid could deadlock. there is no way to globally unblock
them after threads have been created. by unblocking them in the
pthread_self initialization for the main thread, we ensure that
they're unblocked before any other threads are created and also
outside of any signal handler context (sigaction initialized
pthread_self), which is important so that return from a signal handler
won't re-block them.
Rich Felker [Fri, 25 May 2012 14:45:05 +0000 (10:45 -0400)]
fix regex on arm
TRE has a broken assumption that wchar_t is signed, which is a sane
expectation, but not required by the standard, and false on ARM's ABI.
i leave tre_char_t as wchar_t for now, since a pointer to it is
directly passed to functions that need pointer to wchar_t. it does not
seem to break anything. and since the maximum unicode scalar value is
0x10ffff, just use that explicitly rather than using the max value of
any particular C type.
Rich Felker [Fri, 25 May 2012 04:35:09 +0000 (00:35 -0400)]
remove leftover cp_sp cruft from cancellation code, fix small bug
the bug was that cancellation requests which arrived while a
cancellation point was interrupted by a signal handler would not be
acted upon when the signal handler returns. this was because cp_sp was
never set; it's no longer needed or used.
instead, just always re-raise the signal when cancellation was not
acted upon. this wastes a tiny amount of time in the rare case where
it even matters, but it ensures correctness and simplifies the code.
Rich Felker [Thu, 24 May 2012 14:55:58 +0000 (10:55 -0400)]
linux deprecated SYS_utime on some archs, so use SYS_utimes instead
the old code could be kept for cases where SYS_utime is available, but
it's not really worth the ifdef ugliness. and better to avoid
deprecated stuff just in case the kernel devs ever get crazy enough to
start removing it from archs where it was part of the ABI and breaking
static bins...
Rich Felker [Wed, 23 May 2012 19:45:41 +0000 (15:45 -0400)]
fix issue with longjmp out of signal handlers and cancellation
stale state information indicating that a thread was possibly blocked
at a cancellation point could get left behind if longjmp was used to
exit a signal handler that interrupted a cancellation point.
to fix the issue, we throw away the state information entirely and
simply compare the saved instruction pointer to a range of code
addresses in the __syscall_cp_asm function. all the ugly PIC work
(which becomes minimal anyway with this approach) is defered to
cancellation time instead of happening at every syscall, which should
improve performance too.
this commit also fixes cancellation on arm, which was mildly broken
(race condition, not checking cancellation flag once inside the
cancellation point zone). apparently i forgot to implement that. the
new arm code is untested, but appears correct; i'll test and fix it
later if there are problems.
Rich Felker [Wed, 23 May 2012 04:10:39 +0000 (00:10 -0400)]
debloat jmp_buf in _GNU_SOURCE mode
i originally made it the same size as the bloated GNU version, which
contains space for saved signal mask, but this makes some structures
containing jmp_buf become much larger for no benefit. we will never
use the signal mask field with plain setjmp; sigsetjmp serves that
purpose.
Rich Felker [Wed, 23 May 2012 02:43:27 +0000 (22:43 -0400)]
remove everything related to forkall
i made a best attempt, but the intended semantics of this function are
fundamentally contradictory. there is no consistent way to handle
ownership of locks when forking a multi-threaded process. the code
could have worked by accident for programs that only used normal
mutexes and nothing else (since they don't actually store or care
about their owner), but that's about it. broken-by-design interfaces
that aren't even in glibc (only solaris) don't belong in musl.
Rich Felker [Wed, 23 May 2012 02:12:10 +0000 (22:12 -0400)]
fix missing _BSD_SOURCE support in bits/*.h
this is actually rather ugly, and would get even uglier if we ever
want to support further feature test macros. at some point i may
factor the bits headers into separate files for C base, POSIX base,
and nonstandard extensions (the only distinctions that seem to matter
now) and then the logic for which to include can go in the main header
rather than being duplicated for each arch. the downside of this is
that it would result in more files having to be opened during
compilation, so as long as the ugliness does not grow, i'm inclined to
leave it alone for now.
Rich Felker [Wed, 23 May 2012 02:04:55 +0000 (22:04 -0400)]
various header cleanups, some related to _BSD_SOURCE addition
there is no reason to avoid multiple identical macro definitions; this
is perfectly legal C, and even with the maximal warning options
enabled, gcc does not issue any warning for it.
Rich Felker [Sun, 13 May 2012 21:20:01 +0000 (17:20 -0400)]
remove some no-op end of string tests from regex parser
these are cruft from the original code which used an explicit string
length rather than null termination. i blindly converted all the
checks to null terminator checks, without noticing that in several
cases, the subsequent switch statement would automatically handle the
null byte correctly.
Rich Felker [Sun, 13 May 2012 03:45:07 +0000 (23:45 -0400)]
use __h_errno_location for h_errno
we do not bother making h_errno thread-local since the only interfaces
that use it are inherently non-thread-safe. but still use the
potentially-thread-local ABI to access it just to avoid lock-in.
Rich Felker [Fri, 11 May 2012 03:32:28 +0000 (23:32 -0400)]
add one more bogus legacy header
this one is for program(s|ers) who haven't heard of uint16_t and
uint32_t (which are obviously the correct types for use in such
situations, as they're the argument/return types for ntohs/htons and
ntohl/htonl).
Rich Felker [Fri, 11 May 2012 02:16:15 +0000 (22:16 -0400)]
remove __lock dependency from exit
there's no sense in using a powerful lock in exit, because it will
never be unlocked. a thread that arrives at exit while exit is already
in progress just needs to hang forever. use the pause syscall for this
because it's cheap and easy and universally available.
Rich Felker [Wed, 9 May 2012 15:47:06 +0000 (11:47 -0400)]
omit declaration of basename wrongly interpreted as prototype in C++
the non-prototype declaration of basename in string.h is an ugly
compromise to avoid breaking 2 types of broken software:
1. programs which assume basename is declared in string.h and thus
would suffer from dangerous pointer-truncation if an implicit
declaration were used.
2. programs which include string.h with _GNU_SOURCE defined but then
declare their own prototype for basename using the incorrect GNU
signature for the function (which would clash with a correct
prototype).
however, since C++ does not have non-prototype declarations and
interprets them as prototypes for a function with no arguments, we
must omit it when compiling C++ code. thankfully, all known broken
apps that suffer from the above issues are written in C, not C++.
nsz [Mon, 7 May 2012 22:22:56 +0000 (00:22 +0200)]
math: fix remquo.c when x==-y and a subnormal remainder bug as well
backported fix from freebsd:
http://svnweb.FreeBSD.org/base?view=revision&revision=233973
Rich Felker [Mon, 7 May 2012 18:50:49 +0000 (14:50 -0400)]
fix ugly bugs in TRE regex parser
1. * in BRE is not special at the beginning of the regex or a
subexpression. this broke ncurses' build scripts.
2. \\( in BRE is a literal \ followed by a literal (, not a literal \
followed by a subexpression opener.
3. the ^ in \\(^ in BRE is a literal ^ only at the beginning of the
entire BRE. POSIX allows treating it as an anchor at the beginning of
a subexpression, but TRE's code for checking if it was at the
beginning of a subexpression was wrong, and fixing it for the sake of
supporting a non-portable usage was too much trouble when just
removing this non-portable behavior was much easier.
this patch also moved lots of the ugly logic for empty atom checking
out of the default/literal case and into new cases for the relevant
characters. this should make parsing faster and make the code smaller.
if nothing else it's a lot more readable/logical.
at some point i'd like to revisit and overhaul lots of this code...
nsz [Sun, 6 May 2012 19:24:28 +0000 (21:24 +0200)]
add FORCE_EVAL macro to evaluate float expr for their side effect
updated nextafter* to use FORCE_EVAL, it can be used in many other
places in the math code to improve readability.
Rich Felker [Sun, 6 May 2012 18:48:20 +0000 (14:48 -0400)]
fix unused variable warnings in new nextafter/nexttoward code
apparently initializing a variable is not "using" it but assigning to
it is "using" it. i don't really like this fix, but it's better than
trying to make a bigger cleanup just before a release, and it should
work fine (tested against nsz's math tests).
Rich Felker [Sun, 6 May 2012 17:40:19 +0000 (13:40 -0400)]
take byte order from gcc if gcc has defined it
this only works with gcc 4.6 and later, but it allows us to support
non-default endianness on archs like arm, mips, ppc, etc. that can do
both without having separate header sets for both variants, and it
saves one #include even on fixed-endianness archs like x86.
Rich Felker [Sun, 6 May 2012 13:03:19 +0000 (09:03 -0400)]
add isastream (obsolete STREAMS junk)
apparently some packages see stropts.h and want to be able to use
this. the implementation checks that the file descriptor is valid by
using fcntl/F_GETFD so it can report an error if not (as specified).
Rich Felker [Sun, 6 May 2012 02:22:46 +0000 (22:22 -0400)]
fix definitions of FP_ILOGB constants
two issues: (1) the type was wrong (unsigned instead of signed int),
and (2) the value of FP_ILOGBNAN should be INT_MIN rather than INT_MAX
to match the ABI. this is also much more useful since INT_MAX
corresponds to a valid input (infinity). the standard would allow us
to set FP_ILOGB0 to -INT_MAX instead of INT_MIN, which would give us
distinct values for ilogb(0) and ilogb(NAN), but the benefit seems way
too small to justify ignoring the ABI.
note that the macro is just a "portable" (to any twos complement
system where signed and unsigned int have the same width) way to write
INT_MIN without needing limits.h. it's valid to use this method since
these macros are not required to work in #if directives.
Rich Felker [Sat, 5 May 2012 04:02:04 +0000 (00:02 -0400)]
update license of njk contributed code (x86_64 asm)
these changes are based on the following communication via email:
"I hereby grant that all of the code I have contributed to musl on or
before April 23, 2012 may be licensed under the terms of the following
MIT license:
Copyright (c) 2011-2012 Nicholas J. Kain
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
Rich Felker [Sat, 5 May 2012 03:24:51 +0000 (23:24 -0400)]
initial commit of configure script
this script is not based on autoconf; however it attempts to follow
the same interface contracts for ease of integration with build
systems. it is also not necessary to use musl. manually written
config.mak files are still supported, as is building without any
config.mak at all as long as you are happy with the default options
and you supply at least ARCH on the command line to make.
Rich Felker [Sat, 5 May 2012 02:51:59 +0000 (22:51 -0400)]
make pthread stacks non-executable
this change is necessary or pthread_create will always fail on
security-hardened kernels. i considered first trying to make the stack
executable and simply retrying without execute permissions when the
first try fails, but (1) this would incur a serious performance
penalty on hardened systems, and (2) having the stack be executable is
just a bad idea from a security standpoint.
if there is real-world "GNU C" code that uses nested functions with
threads, and it can't be fixed, we'll have to consider other ways of
solving the problem, but for now this seems like the best fix.
Rich Felker [Sat, 5 May 2012 01:54:57 +0000 (21:54 -0400)]
improve the build rules for installing /lib/ld-musl-$ARCH.so
these new rules should avoid spurious error messages when the
directory (usually /lib) and the dynamic linker symlink already exist,
and minimize the spam when they can't be created.
nsz [Fri, 4 May 2012 23:11:56 +0000 (01:11 +0200)]
math: change the formula used for acos.s
old: 2*atan2(sqrt(1-x),sqrt(1+x))
new: atan2(fabs(sqrt((1-x)*(1+x))),x)
improvements:
* all edge cases are fixed (sign of zero in downward rounding)
* a bit faster (here a single call is about 131ns vs 162ns)
* a bit more precise (at most 1ulp error on 1M uniform random
samples in [0,1), the old formula gave some 2ulp errors as well)
Rich Felker [Fri, 4 May 2012 04:13:23 +0000 (00:13 -0400)]
add support for ugly *64 functions with _LARGEFILE64_SOURCE
musl does not support legacy 32-bit-off_t whatsoever. off_t is always
64 bit, and correct programs that use off_t and the standard functions
will just work out of the box. (on glibc, they would require
-D_FILE_OFFSET_BITS=64 to work.) however, some programs instead define
_LARGEFILE64_SOURCE and use alternate versions of all the standard
types and functions with "64" appended to their names.
we do not want code to actually get linked against these functions
(it's ugly and inconsistent), so macros are used instead of prototypes
with weak aliases in the library itself. eventually the weak aliases
may be added at the library level for the sake of using code that was
originally built against glibc, but the macros will still be the
desired solution in the headers.
Rich Felker [Fri, 4 May 2012 00:42:45 +0000 (20:42 -0400)]
overhaul SSP support to use a real canary
pthread structure has been adjusted to match the glibc/GCC abi for
where the canary is stored on i386 and x86_64. it will need variants
for other archs to provide the added security of the canary's entropy,
but even without that it still works as well as the old "minimal" ssp
support. eventually such changes will be made anyway, since they are
also needed for GCC/C11 thread-local storage support (not yet
implemented).
care is taken not to attempt initializing the thread pointer unless
the program actually uses SSP (by reference to __stack_chk_fail).
Rich Felker [Fri, 4 May 2012 00:35:11 +0000 (20:35 -0400)]
make all .o files depend on *_impl.h and libc.h
hopefully the annoyance of this will be minimal. these files all
define internal interfaces which can change at any time; if different
modules are using different versions of the interfaces, the library
will badly break. ideally we would scan and add the dependency only
for C files that actually reference the affected interfaces, but for
now, err on the side of caution and force a rebuild of everything if
any of them have changed.
this commit is in preparation for the upcoming ssp overhaul commit,
which will change internals of the pthread struct.
Rich Felker [Thu, 3 May 2012 01:16:02 +0000 (21:16 -0400)]
remove some junk from x86_64 start files
looks like nik copied these "extra arguments" from the i386 code.
they're not actually arguments there, just 1-byte instructions to
make sure the stack is aligned to 16 bytes after all the other
arguments are pushed. since each push is 8 bytes on x86_64, they
happened to have no effect here, but their presence is confusing and a
minor waste of space.
Rich Felker [Thu, 3 May 2012 00:56:55 +0000 (20:56 -0400)]
remove attempts to be pie-compatible from i386 crt1.s
it does not work; after further consideration, a separate Scrt1.s for
pie really is essential. it would be nice if the unified approach
worked, but the linker fails to generate the correct PLT entries and
instead puts textrels in the main program, which don't work because
the kernel maps the text read-only.
new Scrt1.s will be committed soon in place of this.
Rich Felker [Wed, 2 May 2012 17:59:48 +0000 (13:59 -0400)]
fix longstanding exit logic bugs in mbsnrtowcs and wcsnrtombs
these are POSIX 2008 (previously GNU extension) functions that are
rarely used. apparently they had never been tested before, since the
end-of-string logic was completely missing. mbsnrtowcs is used by
modern versions of bash for its glob implementation, and and this bug
was causing tab completion to hang in an infinite loop.
Rich Felker [Wed, 2 May 2012 01:20:06 +0000 (21:20 -0400)]
remove minimal linux kernel headers
these were at best of limited usefulness (for bootstrapping new
systems, mainly) and at worst caused real kernel headers to get
overwritten when upgrading libc.
in case they're needed by anyone, the exact same files are now
available in a new git repository:
Rich Felker [Tue, 1 May 2012 23:30:03 +0000 (19:30 -0400)]
reorganize Makefile to support "least surprise" config/make semantics
the major change here is that CFLAGS is now a variable that can be
changed entirely under user control, without causing essential flags
to be lost. previously, "CFLAGS += ..." was valid in config.mak, but
using "CFLAGS = ..." in config.mak would have badly broken the build
process unless the user took care to copy the necessary flags out of
the main Makefile.
I have also added a distclean target that removes config.mak.
Rich Felker [Tue, 1 May 2012 18:31:55 +0000 (14:31 -0400)]
remove objcopy --weaken from the makefile
as far as I can tell, it's not useful and never way. I wrote it way
back under the assumption that non-weak symbols in the POSIX or
extension namespace could conflict with legitimate uses of the same
symbol name in the main program or other libraries, but that does not
seem to be the case.
first try at writing an efficient and "correct" exp10
this is a nonstandard function so it's not clear what conditions it
should satisfy. my intent is that it be fast and exact for positive
integral exponents when the result fits in the destination type, and
fast and correctly rounded for small negative integral exponents.
otherwise we aim for at most 1ulp error; it seems to differ from pow
by at most 1ulp and it's often 2-5 times faster than pow.
fix off-by-one error that caused uninitialized memory read in floatscan
this caused misreading of certain floating point values that are exact
multiples of large powers of ten, unpredictable depending on prior
stack contents.