Commit Graph

880 Commits

Author SHA1 Message Date
Adhemerval Zanella
350d8d1366 string: Improve generic strlen
New algorithm read the first aligned address and mask off the
unwanted bytes (this strategy is similar to arch-specific
implementations used on powerpc, sparc, and sh).

The loop now read word-aligned address and check using the has_zero
macro.

Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc-linux-gnu,
and powercp64-linux-gnu by removing the arch-specific assembly
implementation and disabling multi-arch (it covers both LE and BE
for 64 and 32 bits).

Co-authored-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2023-02-06 16:19:35 -03:00
Richard Henderson
d45890b28c Parameterize OP_T_THRES from memcopy.h
It moves OP_T_THRES out of memcopy.h to its own header and adjust
each architecture that redefines it.

Checked with a build and check with run-built-tests=no for all major
Linux ABIs.

Co-authored-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2023-02-06 16:19:35 -03:00
Adhemerval Zanella
d1a9b6d8e7 Parameterize op_t from memcopy.h
It moves the op_t definition out to an specific header, adds
the attribute 'may-alias', and cleanup its duplicated definitions.

Checked with a build and check with run-built-tests=no for all major
Linux ABIs.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2023-02-06 16:19:35 -03:00
Wilco Dijkstra
32c7acd464 Replace rawmemchr (s, '\0') with strchr
Almost all uses of rawmemchr find the end of a string.  Since most targets use
a generic implementation, replacing it with strchr is better since that is
optimized by compilers into strlen (s) + s.  Also fix the generic rawmemchr
implementation to use a cast to unsigned char in the if statement.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2023-02-06 16:16:19 +00:00
Noah Goldstein
b2c474f8de x86: Fix strncat-avx2.S reading past length [BZ #30065]
Occurs when `src` has no null-term.

Two cases:

1) Zero-length check is doing:
```
    test    %rdx, %rdx
    jl      L(zero_len)
```
which doesn't actually check zero (was at some point `decq` and the
flag never got updated).

The fix is just make the flag `jle` i.e:
```
    test    %rdx, %rdx
    jle     L(zero_len)
```

2) Length check in page-cross case checking if we should continue is
doing:
```
    cmpq    %r8, %rdx
    jb      L(page_cross_small)
```
which means we will continue searching for null-term if length ends at
the end of a page and there was no null-term in `src`.

The fix is to make the flag:
```
    cmpq    %r8, %rdx
    jbe     L(page_cross_small)
```
2023-01-31 19:13:46 -06:00
Adhemerval Zanella
402853be1d string: Suppress -Wmaybe-unitialized for wordcopy [BZ #19444]
When compiling with GCC 6+ the sparc build warns that some variables
might be used uninitialized.  However it does not seem the fact, since
the variables are really initialized (and also other targets that use the
same code, like powerpc, do not warn about it).

So suppress the warning for now.

Changes from v1:
* Update patch description and the explanation for the suppresion.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-01-12 09:06:00 -03:00
Joseph Myers
6d7e8eda9b Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Noah Goldstein
ca7d181b62 string: Add len=0 to {w}memcmp{eq} tests and benchtests
len=0 is valid and fairly common so should be tested.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-11-08 19:19:35 -08:00
Adhemerval Zanella
8d98c7c00f configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases
clang emits an warning when a double alias redirection is used, to warn
the the original symbol will be used even when weak definition is
overridden.  However, this is a common pattern for weak_alias, where
multiple alias are set to same symbol.

Reviewed-by: Fangrui Song <maskray@google.com>
2022-11-01 09:51:06 -03:00
Szabolcs Nagy
f9deea6f81 Use uintptr_t in string/tester for pointer alignment
The code assumed unsigned long can represent pointers.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-10-28 17:31:57 +01:00
Sunil K Pandey
932dd83efd String: Improve test coverage for memchr
This test improves memchr coverage near page boundary.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-10-18 09:10:33 -07:00
Sunil K Pandey
264db94040 String: Improve test coverage for memchr
This test improves memchr coverage near page boundary.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-10-10 10:07:10 -07:00
Noah Goldstein
b0969fa53a x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591]
Previous implementation was adjusting length (rsi) to match
bytes (eax), but since there is no bound to length this can cause
overflow.

Fix is to just convert the byte-count (eax) to length by dividing by
sizeof (wchar_t) before the comparison.

Full check passes on x86-64 and build succeeds w/ and w/o multiarch.
2022-09-28 20:15:16 -07:00
Adhemerval Zanella Netto
de477abcaa Use '%z' instead of '%Z' on printf functions
The Z modifier is a nonstandard synonymn for z (that predates z
itself) and compiler might issue an warning for in invalid
conversion specifier.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2022-09-22 08:48:04 -03:00
Noah Goldstein
2c9af8421d x86: Fix page cross case in rawmemchr-avx2 [BZ #29234]
commit 6dcbb7d95d
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Mon Jun 6 21:11:33 2022 -0700

    x86: Shrink code size of memchr-avx2.S

Changed how the page cross case aligned string (rdi) in
rawmemchr. This was incompatible with how
`L(cross_page_continue)` expected the pointer to be aligned and
would cause rawmemchr to read data start started before the
beginning of the string. What it would read was in valid memory
but could count CHAR matches resulting in an incorrect return
value.

This commit fixes that issue by essentially reverting the changes to
the L(page_cross) case as they didn't really matter.

Test cases added and all pass with the new code (and where confirmed
to fail with the old code).
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-06-08 17:07:34 -07:00
H.J. Lu
3c23fa9f44 string.h: Fix boolean spelling in comments 2022-06-03 10:22:38 -07:00
Sunil K Pandey
7597b251d4 String: Improve overflow test coverage for strnlen
This patch adds more overflow test coverage for strnlen and wcsnlen.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-05-25 14:23:54 -07:00
Sergei Trofimovich
5a5f94af05 string.h: fix __fortified_attr_access macro call [BZ #29162]
commit e938c0274 "Don't add access size hints to fortifiable functions"
converted a few '__attr_access ((...))' into '__fortified_attr_access (...)'
calls.

But one of conversions had double parentheses of '__fortified_attr_access (...)'.

Noticed as a gnat6 build failure:

    /<<NIX>>-glibc-2.34-210-dev/include/bits/string_fortified.h:110:50: error: macro "__fortified_attr_access" requires 3 arguments, but only 1 given

The change fixes parentheses.

This is seen when using compilers that do not support
__builtin___stpncpy_chk, e.g. gcc older than 4.7, clang older than 2.6
or some compiler not derived from gcc or clang.

Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-05-23 13:56:43 +05:30
Noah Goldstein
535e935a28 Replace {u}int_fast{16|32} with {u}int32_t
On 32-bit machines this has no affect. On 64-bit machines
{u}int_fast{16|32} are set as {u}int64_t which is often not
ideal. Particularly x86_64 this change both saves code size and
may save instruction cost.

Full xcheck passes on x86_64.
2022-04-13 21:23:04 -05:00
Ricardo Bittencourt
c0efbf8920 string: Replace outdated comments in strlen().
Copyright The GNU Toolchain Authors.

The comments on strlen() don't match what the actual code does. They
describe an older algorithm which is no longer in use. This change
replace the old comments with new ones describing the algorithm used.

I am a first time contributor, and I believe there is no need for
copyright assignment, since the file changed is not in the shared
source files list.

This patch only changes comments, but for safety I have run the tests in
my x64 ubuntu machine, with the following results:

Summary of test results:
   5051 PASS
     80 UNSUPPORTED
     16 XFAIL
      6 XPASS

Signed-off-by: Ricardo Bittencourt <bluepenguin@gmail.com>
2022-04-09 11:45:31 -05:00
Siddhesh Poyarekar
67e3b0c63c tests/string: Drop simple/stupid/builtin tests
In most cases the simple/stupid/builtin functions were in there to
benchmark optimized implementations against.  Only in some cases the
functions are used to check expected results.

Remove these tests from IMPL() and only keep them in wherever they're
used for a specific purpose, e.g. to generate expected results.

This improves timing of `make subdirs=string` by over a minute and a
half (over 15%) on a Whiskey Lake laptop.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Noah Goldstein <libc-alpha@sourceware.org>
2022-04-06 20:53:24 +05:30
Siddhesh Poyarekar
dfc7bf8a24 test-memcpy: Actually reverse source and destination
Looks like an oversight in memcpy tests resulted in s2 and s1 not being
swapped for the second iteration of the memcpy test.  Fix it.  Also fix
a formatting nit.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-04-06 12:45:39 +05:30
Szabolcs Nagy
6ff3c77149 Increase the test timeout of some string tests
Recent changes in test-strncasecmp and test-strncmp pushed the run time
of the tests above the 4 minute limit specified in test-string.h on an
arm tester machine.
2022-04-01 16:02:40 +01:00
Noah Goldstein
39399913a2 string: Expand page cross test cases in test-strncmp.c
Test cases for when both `s1` and `s2` are near the end of a page
where previously missing.
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-03-25 11:46:14 -05:00
Noah Goldstein
22833848e3 string: Expand page cross test cases in test-strcmp.c
Test cases for when both `s1` and `s2` are near the end of a page
where previously missing.
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-03-25 11:46:13 -05:00
Noah Goldstein
46d19d1b83 string: Expand page cross tests in test-strncasecmp.c
Add more robust tests that cover all the page cross edge cases.
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-03-25 11:46:13 -05:00
Noah Goldstein
1edbcc82b5 string: Expand page cross tests in test-strcasecmp.c
Add more robust tests that cover all the page cross edge cases.
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-03-25 11:46:13 -05:00
Adhemerval Zanella
c0d215f162 ia64: Remove bzero optimization
The symbol is not present current POSIX specification and compiler
already generates memset call.  The arch specific implementation
is just to avoid the __bzero symbol creation (which ia64 abi does
not export).
2022-02-23 14:18:17 -03:00
H.J. Lu
aa5a720056 string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755]
Verify that wcsncmp (L("abc"), L("abd"), SIZE_MAX) == 0.  The new test
fails without

commit ddf0992cf5
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Sun Jan 9 16:02:21 2022 -0600

    x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]

and

commit 7e08db3359
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Sun Jan 9 16:02:28 2022 -0600

    x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]

This is for BZ #28755.

Reviewed-by: Sunil K Pandey <skpgkp2@gmail.com>
2022-02-17 11:04:12 -08:00
Noah Goldstein
e108c02a5e x86: Fix bug in strncmp-evex and strncmp-avx2 [BZ #28895]
Logic can read before the start of `s1` / `s2` if both `s1` and `s2`
are near the start of a page. To avoid having the result contimated by
these comparisons the `strcmp` variants would mask off these
comparisons. This was missing in the `strncmp` variants causing
the bug. This commit adds the masking to `strncmp` so that out of
range comparisons don't affect the result.

test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass as
well a full xcheck on x86_64 linux.
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2022-02-16 02:11:16 -06:00
Noah Goldstein
0281c7a7ec String: Strength memset tests in test-memset.c
The prior sentinel logic was broken and was checking the SIMPLE_MEMSET
as opposed to the tested implementation. As well `s` (the test buffer)
was not reset between implementation tests so it was possible for a
buggy implementation to be hidden by a previously executed correct
one.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2022-02-15 11:25:04 -06:00
Noah Goldstein
02561bb48a String: Ensure 'MIN_PAGE_SIZE' is multiple of 'getpagesize'
When 'TEST_LEN' was defined as (4096 * 3) the allocation size Would
not be a multiple of system page size if system page size > 4096.
2022-02-11 04:06:27 -06:00
H.J. Lu
a007ec4669 string: Sort headers, routines, tests and tests-translation
Sort headers, routines, tests and tests-translation.  Put one entry per
line.
2022-02-05 16:42:17 -08:00
Noah Goldstein
1a908d9074 string: Improve coverage in test-strcmp.c and test-strncmp.c
Add additional test cases for small / medium sizes.

Add tests in test-strncmp.c where `n` is near ULONG_MAX or LONG_MIN to
test for overflow bugs in length handling.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
2022-02-03 16:41:36 -06:00
Noah Goldstein
43388b3ac0 string/test-str*cmp: remove stupid_[strcmp, strncmp, wcscmp, wcsncmp].
These implementations just add to test duration. Since we have
simple_* implementations we already have a safe reference
implementation.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
2022-02-03 16:41:34 -06:00
Siddhesh Poyarekar
fcfc908681 debug: Synchronize feature guards in fortified functions [BZ #28746]
Some functions (e.g. stpcpy, pread64, etc.) had moved to POSIX in the
main headers as they got incorporated into the standard, but their
fortified variants remained under __USE_GNU.  As a result, these
functions did not get fortified when _GNU_SOURCE was not defined.

Add test wrappers that check all functions tested in tst-chk0 at all
levels with _GNU_SOURCE undefined and then use the failures to (1)
exclude checks for _GNU_SOURCE functions in these tests and (2) Fix
feature macro guards in the fortified function headers so that they're
the same as the ones in the main headers.

This fixes BZ #28746.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-01-12 23:34:48 +05:30
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
John David Anglin
409a735816 String: test-memcpy used unaligned types for buffers [BZ 28572]
commit d585ba47fc
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Mon Nov 1 00:49:48 2021 -0500

    string: Make tests birdirectional test-memcpy.c

Add tests that had src/dst non 4-byte aligned. Since src/dst are
initialized/compared as uint32_t type which is 4-byte aligned this can
break on some targets.

Fix the issue by specifying a new non-aligned 4-byte
`unaligned_uint32_t` for src/dst.

Another alternative is to rely on memcpy/memcmp for
initializing/testing src/dst. Using memcpy for initializing in memcpy
tests, however, could lead to future bugs.

Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2021-12-07 22:19:50 -06:00
Noah Goldstein
4df1fa6ddc x86-64: Use notl in EVEX strcmp [BZ #28646]
Must use notl %edi here as lower bits are for CHAR comparisons
potentially out of range thus can be 0 without indicating mismatch.
This fixes BZ #28646.

Co-Authored-By: H.J. Lu <hjl.tools@gmail.com>
2021-12-03 21:14:11 -08:00
Noah Goldstein
6c1e3c0fd0 String: Split memcpy tests so that parallel build is faster
No bug.

This commit splits test-memcpy.c into test-memcpy.c and
test-memcpy-large.c. The idea is parallel builds will be able to run
both in parallel speeding up the process.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-11-10 20:14:09 -06:00
H.J. Lu
a6a9c1a36b test-memcpy.c: Double TIMEOUT to (8 * 60)
commit d585ba47fc
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Mon Nov 1 00:49:48 2021 -0500

    string: Make tests birdirectional test-memcpy.c

    This commit updates the memcpy tests to test both dst > src and dst <
    src. This is because there is logic in the code based on the

    Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
    Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

significantly increased the number of tests.  On Intel Core i7-1165G7,
test-memcpy takes 120 seconds to run when machine is idle.  Double
TIMEOUT to (8 * 60) for test-memcpy to avoid timeout when machine is
under heavy load.

Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
2021-11-07 10:09:33 -08:00
Noah Goldstein
d585ba47fc string: Make tests birdirectional test-memcpy.c
This commit updates the memcpy tests to test both dst > src and dst <
src. This is because there is logic in the code based on the

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-11-06 16:17:30 -05:00
Noah Goldstein
3592ccd472 String: Add __memcmpeq as build target
No bug. This commit just adds __memcmpeq as a build target so that
implementations for __memcmpeq that are not just aliases to memcmp can
be supported.
2021-10-27 13:03:46 -05:00
Noah Goldstein
d9283b71ac String: Add tests for __memcmpeq
No bug.

This commit adds tests for the new function __memcmpeq. The new tests
use the existing tests in 'test-memcmp.c' but relax the result
requirement to only check for zero or non-zero returns.

All string tests include test-memcmpeq are passing.
2021-10-26 16:51:29 -05:00
Noah Goldstein
9894127d20 String: Add hidden defs for __memcmpeq() to enable internal usage
No bug.

This commit adds hidden defs for all declarations of __memcmpeq. This
enables usage of __memcmpeq without the PLT for usage internal to
GLIBC.
2021-10-26 16:51:29 -05:00
Noah Goldstein
44829b3ddb String: Add support for __memcmpeq() ABI on all targets
No bug.

This commit adds support for __memcmpeq() as a new ABI for all
targets. In this commit __memcmpeq() is implemented only as an alias
to the corresponding targets memcmp() implementation. __memcmpeq() is
added as a new symbol starting with GLIBC_2.35 and defined in string.h
with comments explaining its behavior. Basic tests that it is callable
and works where added in string/tester.c

As discussed in the proposal "Add new ABI '__memcmpeq()' to libc"
__memcmpeq() is essentially a reserved namespace for bcmp(). The means
is shares the same specifications as memcmp() except the return value
for non-equal byte sequences is any non-zero value. This is less
strict than memcmp()'s return value specification and can be better
optimized when a boolean return is all that is needed.

__memcmpeq() is meant to only be called by compilers if they can prove
that the return value of a memcmp() call is only used for its boolean
value.

All tests in string/tester.c passed. As well build succeeds on
x86_64-linux-gnu target.
2021-10-26 16:51:29 -05:00
Joseph Myers
2c6cabb3a4 Correct access attribute on memfrob (bug 28475)
As noted in bug 28475, the access attribute on memfrob in <string.h>
is incorrect: the function both reads and writes the memory pointed to
by its argument, so it needs to use __read_write__, not
__write_only__.  This incorrect attribute results in a build failure
for accessing uninitialized memory for s390x-linux-gnu-O3 with
build-many-glibcs.py using GCC mainline.

Correct the attribute.  Fixing this shows up that some calls to
memfrob in elf/ tests are reading uninitialized memory; I'm not
entirely sure of the purpose of those calls, but guess they are about
ensuring that the stack space is indeed allocated at that point in the
function, and so it matters that they are calling a function whose
semantics are unknown to the compiler.  Thus, change the first memfrob
call in those tests to use explicit_bzero instead, as suggested by
Florian in
<https://sourceware.org/pipermail/libc-alpha/2021-October/132119.html>,
to avoid the use of uninitialized memory.

Tested for x86_64, and with build-many-glibcs.py (GCC mainline) for
s390x-linux-gnu-O3.
2021-10-20 13:38:50 +00:00
Siddhesh Poyarekar
e938c02748 Don't add access size hints to fortifiable functions
In the context of a function definition, the size hints imply that the
size of an object pointed to by one parameter is another parameter.
This doesn't make sense for the fortified versions of the functions
since that's the bit it's trying to validate.

This is harmless with __builtin_object_size since it has fairly simple
semantics when it comes to objects passed as function parameters.
With __builtin_dynamic_object_size we could (as my patchset for gcc[1]
already does) use the access attribute to determine the object size in
the general case but it misleads the fortified functions.

Basically the problem occurs when access attributes are present on
regular functions that have inline fortified definitions to generate
_chk variants; the attributes get inherited by these definitions,
causing problems when analyzing them.  For example with poll(fds, nfds,
timeout), nfds is hinted using the __attr_access as being the size of
fds.

Now, when analyzing the inline function definition in bits/poll2.h, the
compiler sees that nfds is the size of fds and tries to use that
information in the function body.  In _FORTIFY_SOURCE=3 case, where the
object size could be a non-constant expression, this information results
in the conclusion that nfds is the size of fds, which defeats the
purpose of the implementation because we're trying to check here if nfds
does indeed represent the size of fds.  Hence for this case, it is best
to not have the access attribute.

With the attributes gone, the expression evaluation should get delayed
until the function is actually inlined into its destinations.

Disable the access attribute for fortified function inline functions
when building at _FORTIFY_SOURCE=3 to make this work better.  The
access attributes remain for the _chk variants since they can be used
by the compiler to warn when the caller is passing invalid arguments.

[1] https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581125.html

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2021-10-20 08:33:31 +05:30
Siddhesh Poyarekar
30891f35fa Remove "Contributed by" lines
We stopped adding "Contributed by" or similar lines in sources in 2012
in favour of git logs and keeping the Contributors section of the
glibc manual up to date.  Removing these lines makes the license
header a bit more consistent across files and also removes the
possibility of error in attribution when license blocks or files are
copied across since the contributed-by lines don't actually reflect
reality in those cases.

Move all "Contributed by" and similar lines (Written by, Test by,
etc.) into a new file CONTRIBUTED-BY to retain record of these
contributions.  These contributors are also mentioned in
manual/contrib.texi, so we just maintain this additional record as a
courtesy to the earlier developers.

The following scripts were used to filter a list of files to edit in
place and to clean up the CONTRIBUTED-BY file respectively.  These
were not added to the glibc sources because they're not expected to be
of any use in future given that this is a one time task:

https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc
https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-09-03 22:06:44 +05:30
Sunil K Pandey
d19b137b6a Fix error message in memmove test to display correct src pointer
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-08-26 09:34:27 -07:00
H.J. Lu
c333dcf8d8 Update string/test-memmove.c to cover 16KB copy 2021-08-20 09:15:15 -07:00
Siddhesh Poyarekar
70d08ba204 tests: use xmalloc to allocate implementation array
The benchmark and tests must fail in case of allocation failure in the
implementation array.  Also annotate the x* allocators in support.h so
that the compiler has more information about them.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
2021-07-28 17:45:19 +05:30
Noah Goldstein
bd3a2b3ed1 String: Add three more overflow tests cases to test-strnlen.c
No bug. Just seem like relevant cases given that strnlen will
use s + maxlen in many implementations.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-06-24 19:14:15 -04:00
Noah Goldstein
da5a6fba0f String: Add overflow tests for strnlen, memchr, and strncat [BZ #27974]
This commit adds tests for a bug in the wide char variant of the
functions where the implementation may assume that maxlen for wcsnlen
or n for wmemchr/strncat will not overflow when multiplied by
sizeof(wchar_t).

These tests show the following implementations failing on x86_64:

wcsnlen-sse4_1
wcsnlen-avx2

wmemchr-sse2
wmemchr-avx2

strncat would fail as well if it where on a system that prefered
either of the wcsnlen implementations that failed as it relies on
wcsnlen.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-06-23 14:13:00 -04:00
Sunil K Pandey
642213e043 Improve test coverage of strnlen function
This patch covers the following condition:

Strings start with different alignments and end with length less than or
equal to 512 byte.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-06-03 11:16:51 -07:00
Florian Weimer
6f1c701026 dlfcn: Cleanups after -ldl is no longer required
This commit removes the ELF constructor and internal variables from
dlfcn/dlfcn.c.  The file now serves the same purpose as
nptl/libpthread-compat.c, so it is renamed to dlfcn/libdl-compat.c.
The use of libdl-shared-only-routines ensures that libdl.a is empty.

This commit adjusts the test suite not to use $(libdl).  The libdl.so
symbolic link is no longer installed.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-06-03 09:11:45 +02:00
Sunil K Pandey
c9ff9cf66a Improve test coverage of strlen function
This patch covers the following conditions:

- Strings start with different alignments and end at the page boundary
  with less than 64 byte length.
- Strings starts with different alignments and cross page boundary with
  fixed length.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-06-02 05:37:43 -07:00
Noah Goldstein
e68d6fccca x86: Expand bench-memcmp.c and test-memcmp.c
No bug. This commit adds some additional performance test cases to
bench-memcmp.c and test-memcmp.c. The new benchtests include some
medium range sizes, as well as small sizes near page cross. The new
correctness tests correspond with the new benchtests though add some
additional cases for checking the page cross logic.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
2021-05-18 22:57:39 -04:00
H.J. Lu
b1e5572837 Reindent string/test-memmove.c 2021-04-19 17:46:05 -07:00
Noah Goldstein
81f6dd2135 x86: Expand test-memset.c and bench-memset.c
No bug. This commit adds tests cases and benchmarks for page cross and
for memset to the end of the page without crossing. As well in
test-memset.c this commit adds sentinel on start/end of tstbuf to test
for overwrites

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
2021-04-19 15:08:04 -07:00
noah
81cbc3bcae x86: Expanding test-memmove.c, test-memcpy.c, bench-memcpy-large.c
No Bug. This commit expanding the range of tests / benchmarks for
memmove and memcpy. The test expansion is mostly in the vein of
increasing the maximum size, increasing the number of unique
alignments tested, and testing both source < destination and vice
versa. The benchmark expansaion is just to increase the number of
unique alignments. test-memcpy, test-memccpy, test-mempcpy,
test-memmove, and tst-memmove-overflow all pass.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
2021-04-16 12:09:56 -07:00
H.J. Lu
cb882b21b6 test-strnlen.c: Check that strnlen won't go beyond the maximum length
Place strings ending at page boundary without the null byte.  If an
implementation goes beyond EXP_LEN, it will trigger the segfault.
2021-03-27 11:38:11 -07:00
H.J. Lu
86859b7e58 test-strnlen.c: Initialize wchar_t string with wmemset [BZ #27655]
Use wmemset to initialize wchar_t string.
2021-03-27 10:54:44 -07:00
Florian Weimer
044e603b69 string: Work around GCC PR 98512 in rawmemchr 2021-02-19 13:29:00 +01:00
noah
a00e2fe3df strchr: Add additional benchmarks and tests
This patch adds additional benchmarks and tests for string size of
4096 and several benchmarks for string size 256 with different
alignments.
2021-02-08 11:34:00 -08:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Siddhesh Poyarekar
2a3224c536 string: Enable __FORTIFY_LEVEL=3
This change enhances fortified string functions to use
__builtin_dynamic_object_size under _FORTIFY_SOURCE=3 whenever the
compiler supports it.
2020-12-31 16:55:21 +05:30
Dmitry V. Levin
14ef9c185b treewide: fix incorrect spelling of indices in comments
Replace 'indeces' with 'indices', the most annoying of these typos were
those found in elf.h which is a public header file copied to other
projects.
2020-12-11 02:00:00 +00:00
Siddhesh Poyarekar
b7aa84d5a5 Don't use nested function in test-ffs
There is no real need to use a nested function in that test, so break
it out so that it can build with clang too.
2020-11-12 14:54:24 +05:30
Siddhesh Poyarekar
7163ace331 Use __builtin___stpncpy_chk when available
The builtin has been available in gcc since 4.7.0 and in clang since
2.6.  This fixes stpncpy fortification with clang since it does a
better job of plugging in __stpncpy_chk in the right place than the
header hackery.

This has been tested by building and running all tests with gcc 10.2.1
and also with clang tip as of a few days ago (just the tests in debug/
since running all tests don't work with clang at the moment) to make
sure that both compilers pass the stpncpy tests.
2020-11-12 14:36:43 +05:30
Siddhesh Poyarekar
dc274b1416 Remove __warn_memset_zero_len [BZ #25399]
Non-gcc compilers (clang and possibly other compilers that do not
masquerade as gcc 5.0 or later) are unable to use
__warn_memset_zero_len since the symbol is no longer available on
glibc built with gcc 5.0 or later.  While it was likely an oversight
that caused this omission, the fact that it wasn't noticed until
recently (when clang closed the gap on _FORTIFY_SUPPORT) that the
symbol was missing.

Given that both gcc and clang are capable of doing this check in the
compiler, drop all remaining signs of __warn_memset_zero_len from
glibc so that no more objects are built with this symbol in future.
2020-11-05 10:02:10 +05:30
Jonny Grant
0a3fce86ee Amend grammar and add a description
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-10-26 11:50:43 -04:00
H.J. Lu
659c041188 strcmp: Add a testcase for page boundary
Add a strcmp testcase to cover cases where both strings end on the page
boundary.
2020-09-24 07:29:31 -07:00
H.J. Lu
f7e3f92b7c strncmp: Add a testcase for page boundary [BZ #25933]
Add a strncmp testcase to cover cases where one of strings ends on the
page boundary with the maximum string length less than the number bytes
of each AVX2 loop iteration and different offsets from page boundary.

The updated string/test-strncmp fails on Intel Core i7-8559U without

ommit 1c6432316bc434a72108d7b0c7cfbfdde64c3124
Author: Sunil K Pandey <skpgkp1@gmail.com>
Date:   Fri Jun 12 08:57:16 2020 -0700

    Fix avx2 strncmp offset compare condition check [BZ #25933]
2020-09-24 07:06:03 -07:00
Joseph Myers
e74b61c09a Disable -Wstringop-overread for some string tests
Similarly to Maciej's changes to fix the build of rawmemchr in the
presence of GCC 11's -Wstringop-overread, also disable that option in
two string function tests that have similar warnings and other string
function warnings already disabled.

Tested with build-many-glibcs.py for aarch64-linux-gnu and
arm-linux-gnueabi that it fixes building the glibc testsuite.
2020-09-07 18:11:12 +00:00
Maciej W. Rozycki
3357087b2a string: Fix GCC 11 `-Werror=stringop-overread' error
Fix a compilation error:

In function '__rawmemchr',
    inlined from '__rawmemchr' at rawmemchr.c:27:1:
rawmemchr.c:36:12: error: 'memchr' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overread]
   36 |     return memchr (s, c, (size_t)-1);
      |            ^~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
../o-iterator.mk:9: recipe for target '.../string/rawmemchr.o' failed

introduced with GCC 11 commit d14c547abd48 ("Add -Wstringop-overread
for reading past the end by string functions.").
2020-09-07 17:01:06 +00:00
Raphael Moreira Zinsly
5df6ebcf44 string: test strncasecmp and strncpy near page boundaries
Add tests to check if strings placed at page boundaries are
handled correctly by strncasecmp and strncpy similar to tests
for strncmp and strnlen.
2020-08-26 15:56:37 -05:00
Adhemerval Zanella
10b01bd452 string: Make tst-strerror/tst-strsignal unsupported if msgfmt is not installed
Without msgfmt libc.mo files are not generated and its loading failure
is silent ignored with xsetlocale.

Also unset LANGUAGE environment variable to avoid it taking precedence
when loading the message catalog.  Although not strictly required
(since the test is issued with test-container and it sets a strict
environment variable) it follows other tests that deal with
translation.

Checked on x86_64-linux-gnu.
2020-07-13 09:16:11 -03:00
Adhemerval Zanella
c1e63c7214 string: Move tst-strsignal tst-strerror to tests-container
Both tests require libc.mo translation files which might not be
installed on the system.

Checked on x86_64-linux-gnu.
2020-07-08 10:23:14 -03:00
Florian Weimer
5b2deed8a5 string: Fix prototype mismatch in sigabbrev_np, __sigdescr_np
GCC 6 does not ignore the const specifier on the return type.
2020-07-08 14:19:58 +02:00
Samuel Thibault
5549370a73 tst-strsignal: fix checking for RT signals support
* string/tst-strsignal.c (do_test): Actually check that RT signals are
available by comparing SIGRTMAX to SIGRTMIN. Check that SIGRTMAX is 64
before testing for a message reporting 65 for SIGRTMAX+1.
2020-07-07 21:24:50 +00:00
Adhemerval Zanella
325081b9eb string: Add strerrorname_np and strerrordesc_np
The strerrorname_np returns error number name (e.g. "EINVAL" for EINVAL)
while strerrordesc_np returns string describing error number (e.g
"Invalid argument" for EINVAL).  Different than strerror,
strerrordesc_np does not attempt to translate the return description,
both functions return NULL for an invalid error number.

They should be used instead of sys_errlist and sys_nerr, both are
thread and async-signal safe.  These functions are GNU extensions.

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 15:02:57 -03:00
Adhemerval Zanella
bfe05aa289 string: Add sigabbrev_np and sigdescr_np
The sigabbrev_np returns the abbreviated signal name (e.g. "HUP" for
SIGHUP) while sigdescr_np returns the string describing the error
number (e.g "Hangup" for SIGHUP).  Different than strsignal,
sigdescr_np does not attempt to translate the return description and
both functions return NULL for an invalid signal number.

They should be used instead of sys_siglist or sys_sigabbrev and they
are both thread and async-signal safe.  They are added as GNU
extensions on string.h header (same as strsignal).

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:57:14 -03:00
Adhemerval Zanella
4f92497488 string: Add strerror_l on test-strerror-errno
Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
653200ef42 string: Add strerror, strerror_r, and strerror_l test
Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
c2723ce317 string: Add strsignal test
Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
08d2024b41 string: Simplify strerror_r
Use snprintf instead of mempcpy plus itoa_word and remove unused
definitions.  There is no potential for infinite recursion because
snprintf only use strerror_r for the %m specifier.

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
725eeb4af1 string: Use tls-internal on strerror_l
The buffer allocation uses the same strategy of strsignal.

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
28aff04781 string: Implement strerror in terms of strerror_l
If the thread is terminated then __libc_thread_freeres will free the
storage via __glibc_tls_internal_free.

It is only within the calling thread that this matters.  It makes
strerror MT-safe.

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
9deec7c8ba string: Remove old TLS usage on strsignal
The per-thread state is refactored two use two strategies:

  1. The default one uses a TLS structure, which will be placed in the
     static TLS space (using __thread keyword).

  2. Linux allocates via struct pthread and access it through THREAD_*
     macros.

The default strategy has the disadvantage of increasing libc.so static
TLS consumption and thus decreasing the possible surplus used in
some scenarios (which might be mitigated by BZ#25051 fix).

It is used only on Hurd, where accessing the thread storage in the in
single thread case is not straightforward (afaiu, Hurd developers could
correct me here).

The fallback static allocation used for allocation failure is also
removed: defining its size is problematic without synchronizing with
translated messages (to avoid partial translation) and the resulting
usage is not thread-safe.

Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
f13d260190 signal: Move sys_errlist to a compat symbol
The symbol is deprecated by strerror since its usage imposes some issues
such as copy relocations.

Its internal name is also changed to _sys_errlist_internal to avoid
static linking usage.  The compat code is also refactored by removing
the over enginered errlist-compat.c generation from manual entried and
extra comment token in linker script file.  It disantangle the code
generation from manual and simplify both Linux and Hurd compat code.

The definitions from errlist.c are moved to errlist.h and a new test
is added to avoid a new errno entry without an associated one in manual.

Checked on x86_64-linux-gnu and i686-linux-gnu. I also run a check-abi
on all affected platforms.

Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Adhemerval Zanella
b1ccfc061f signal: Move sys_siglist to a compat symbol
The symbol was deprecated by strsignal and its usage imposes issues
such as copy relocations.

Its internal name is changed to __sys_siglist and __sys_sigabbrev to
avoid static linking usage.  The compat code is also refactored, since
both Linux and Hurd usage the same strategy: export the same array with
different object sizes.

The libSegfault change avoids calling strsignal on the SIGFAULT signal
handler (the current usage is already sketchy, adding a call that
potentially issue locale internal function is even sketchier).

Checked on x86_64-linux-gnu and i686-linux-gnu. I also run a check-abi
on all affected platforms.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-07-07 14:10:58 -03:00
Florian Weimer
a4a3519245 string: Fix string/tst-memmove-overflow to compile with GCC 7
GCC 8 relaxed what kind of expressions can be used in initializers,
and the previous use of static const variables relied on that.  Switch
to wide (non-int) enum constants instead, which is another GCC
extension that is more widely implemented.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2020-05-14 18:51:49 +02:00
Florian Weimer
eca1b23332 arm: XFAIL string/tst-memmove-overflow due to bug 25620
Also reduce the amount of output in case of a large-scale mismatch in
the copied data.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2020-05-13 16:48:26 +02:00
Florian Weimer
eec0f4218c string: Add string/tst-memmove-overflow, a test case for bug 25620
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2020-05-12 19:02:44 +02:00
Martin Sebor
06febd8c67 improve out-of-bounds checking with GCC 10 attribute access [BZ #25219]
Adds the access attribute newly introduced in GCC 10 to the subset of
function declarations that are already covered by _FORTIFY_SOURCE and
that don't have corresponding GCC built-in equivalents.

Reviewed-by: DJ Delorie <dj@redhat.com>
2020-05-04 11:21:50 -06:00
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Kamlesh Kumar
953ceff17a <string.h>: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232]
Without the asm redirects, strchr et al. are not const-correct.

libc++ has a wrapper header that works with and without
__CORRECT_ISO_CPP_STRING_H_PROTO (using a Clang extension).  But when
Clang is used with libstdc++ or just C headers, the overloaded functions
with the correct types are not declared.

This change does not impact current GCC (with libstdc++ or libc++).
2019-12-05 16:50:00 +01:00
Stefan Liebler
bfdb731438 S390: Fix handling of needles crossing a page in strstr z15 ifunc-variant. [BZ #25226]
If the specified needle crosses a page-boundary, the s390-z15 ifunc variant of
strstr truncates the needle which results in invalid results.

This is fixed by loading the needle beyond the page boundary to v18 instead of v16.
The bug is sometimes observable in test-strstr.c in check1 and check2 as the
haystack and needle is stored on stack. Thus the needle can be on a page boundary.

check2 is now extended to test haystack / needles located on stack, at end of page
and on two pages.

This bug was introduced with commit 6f47401bd5
("S390: Add arch13 strstr ifunc variant.") and is already released in glibc 2.30.
2019-11-27 12:35:40 +01:00
Adhemerval Zanella
f9a7554009 Change most internal uses of time to __clock_gettime.
As for gettimeofday, time will be implemented based on clock_gettime
on all platforms and internal code should use clock_gettime
directly.  In addition to removing a layer of indirection, this will
allow us to remove the PLT-bypass gunk for gettimeofday.

The changed code always assumes __clock_gettime (CLOCK_REALTIME)
or __clock_gettime (CLOCK_REALTIME_COARSE) (for Linux case) cannot
fail, using the same rationale for gettimeofday change.  And internal
helper was added (time_now).

Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
powerpc64-linux-gnu, and powerpc-linux-gnu.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2019-10-30 17:11:10 -03:00