These functions are about to be added to POSIX, under Austin Group
issue 986.
The fortified strlcat implementation does not raise SIGABRT if the
destination buffer does not contain a null terminator, it just
inherits the non-failing regular strlcat behavior.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
FreeBSD makes them available by default, too, so there does not seem
to be a reason to restrict these functions to _GNU_SOURCE.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
No bug.
This commit adds support for __memcmpeq() as a new ABI for all
targets. In this commit __memcmpeq() is implemented only as an alias
to the corresponding targets memcmp() implementation. __memcmpeq() is
added as a new symbol starting with GLIBC_2.35 and defined in string.h
with comments explaining its behavior. Basic tests that it is callable
and works where added in string/tester.c
As discussed in the proposal "Add new ABI '__memcmpeq()' to libc"
__memcmpeq() is essentially a reserved namespace for bcmp(). The means
is shares the same specifications as memcmp() except the return value
for non-equal byte sequences is any non-zero value. This is less
strict than memcmp()'s return value specification and can be better
optimized when a boolean return is all that is needed.
__memcmpeq() is meant to only be called by compilers if they can prove
that the return value of a memcmp() call is only used for its boolean
value.
All tests in string/tester.c passed. As well build succeeds on
x86_64-linux-gnu target.
As noted in bug 28475, the access attribute on memfrob in <string.h>
is incorrect: the function both reads and writes the memory pointed to
by its argument, so it needs to use __read_write__, not
__write_only__. This incorrect attribute results in a build failure
for accessing uninitialized memory for s390x-linux-gnu-O3 with
build-many-glibcs.py using GCC mainline.
Correct the attribute. Fixing this shows up that some calls to
memfrob in elf/ tests are reading uninitialized memory; I'm not
entirely sure of the purpose of those calls, but guess they are about
ensuring that the stack space is indeed allocated at that point in the
function, and so it matters that they are calling a function whose
semantics are unknown to the compiler. Thus, change the first memfrob
call in those tests to use explicit_bzero instead, as suggested by
Florian in
<https://sourceware.org/pipermail/libc-alpha/2021-October/132119.html>,
to avoid the use of uninitialized memory.
Tested for x86_64, and with build-many-glibcs.py (GCC mainline) for
s390x-linux-gnu-O3.
In the context of a function definition, the size hints imply that the
size of an object pointed to by one parameter is another parameter.
This doesn't make sense for the fortified versions of the functions
since that's the bit it's trying to validate.
This is harmless with __builtin_object_size since it has fairly simple
semantics when it comes to objects passed as function parameters.
With __builtin_dynamic_object_size we could (as my patchset for gcc[1]
already does) use the access attribute to determine the object size in
the general case but it misleads the fortified functions.
Basically the problem occurs when access attributes are present on
regular functions that have inline fortified definitions to generate
_chk variants; the attributes get inherited by these definitions,
causing problems when analyzing them. For example with poll(fds, nfds,
timeout), nfds is hinted using the __attr_access as being the size of
fds.
Now, when analyzing the inline function definition in bits/poll2.h, the
compiler sees that nfds is the size of fds and tries to use that
information in the function body. In _FORTIFY_SOURCE=3 case, where the
object size could be a non-constant expression, this information results
in the conclusion that nfds is the size of fds, which defeats the
purpose of the implementation because we're trying to check here if nfds
does indeed represent the size of fds. Hence for this case, it is best
to not have the access attribute.
With the attributes gone, the expression evaluation should get delayed
until the function is actually inlined into its destinations.
Disable the access attribute for fortified function inline functions
when building at _FORTIFY_SOURCE=3 to make this work better. The
access attributes remain for the _chk variants since they can be used
by the compiler to warn when the caller is passing invalid arguments.
[1] https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581125.html
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
The strerrorname_np returns error number name (e.g. "EINVAL" for EINVAL)
while strerrordesc_np returns string describing error number (e.g
"Invalid argument" for EINVAL). Different than strerror,
strerrordesc_np does not attempt to translate the return description,
both functions return NULL for an invalid error number.
They should be used instead of sys_errlist and sys_nerr, both are
thread and async-signal safe. These functions are GNU extensions.
Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The sigabbrev_np returns the abbreviated signal name (e.g. "HUP" for
SIGHUP) while sigdescr_np returns the string describing the error
number (e.g "Hangup" for SIGHUP). Different than strsignal,
sigdescr_np does not attempt to translate the return description and
both functions return NULL for an invalid signal number.
They should be used instead of sys_siglist or sys_sigabbrev and they
are both thread and async-signal safe. They are added as GNU
extensions on string.h header (same as strsignal).
Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu,
and s390x-linux-gnu.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Adds the access attribute newly introduced in GCC 10 to the subset of
function declarations that are already covered by _FORTIFY_SOURCE and
that don't have corresponding GCC built-in equivalents.
Reviewed-by: DJ Delorie <dj@redhat.com>
Without the asm redirects, strchr et al. are not const-correct.
libc++ has a wrapper header that works with and without
__CORRECT_ISO_CPP_STRING_H_PROTO (using a Clang extension). But when
Clang is used with libstdc++ or just C headers, the overloaded functions
with the correct types are not declared.
This change does not impact current GCC (with libstdc++ or libc++).
C2X adds the memccpy, strdup and strndup functions. This patch duly
adds __GLIBC_USE (ISOC2X) to the conditions under which <string.h>
declares them.
Tested for x86_64.
* string/string.h (memccpy): Also declare if [__GLIBC_USE (ISOC2X)].
(strdup): Likewise.
(strndup): Likewise.
<locale.h> is specified to define locale_t in POSIX.1-2008, and so are
all of the headers that define functions that take locale_t arguments.
Under _GNU_SOURCE, the additional headers that define such functions
have also always defined locale_t. Therefore, there is no need to use
__locale_t in public function prototypes, nor in any internal code.
* ctype/ctype-c99_l.c, ctype/ctype.h, ctype/ctype_l.c
* include/monetary.h, include/stdlib.h, include/time.h
* include/wchar.h, locale/duplocale.c, locale/freelocale.c
* locale/global-locale.c, locale/langinfo.h, locale/locale.h
* locale/localeinfo.h, locale/newlocale.c
* locale/nl_langinfo_l.c, locale/uselocale.c
* localedata/bug-usesetlocale.c, localedata/tst-xlocale2.c
* stdio-common/vfscanf.c, stdlib/monetary.h, stdlib/stdlib.h
* stdlib/strfmon_l.c, stdlib/strtod_l.c, stdlib/strtof_l.c
* stdlib/strtol.c, stdlib/strtol_l.c, stdlib/strtold_l.c
* stdlib/strtoll_l.c, stdlib/strtoul_l.c, stdlib/strtoull_l.c
* string/strcasecmp.c, string/strcoll_l.c, string/string.h
* string/strings.h, string/strncase.c, string/strxfrm_l.c
* sysdeps/ieee754/float128/strtof128_l.c
* sysdeps/ieee754/float128/wcstof128.c
* sysdeps/ieee754/float128/wcstof128_l.c
* sysdeps/ieee754/ldbl-128ibm/strtold_l.c
* sysdeps/ieee754/ldbl-64-128/strtold_l.c
* sysdeps/ieee754/ldbl-opt/nldbl-compat.c
* sysdeps/ieee754/ldbl-opt/nldbl-strfmon_l.c
* sysdeps/ieee754/ldbl-opt/nldbl-strtold_l.c
* sysdeps/ieee754/ldbl-opt/nldbl-wcstold_l.c
* sysdeps/powerpc/powerpc32/power7/strcasecmp.S
* sysdeps/powerpc/powerpc64/power7/strcasecmp.S
* sysdeps/x86_64/strcasecmp_l-nonascii.c
* sysdeps/x86_64/strncase_l-nonascii.c, time/strftime_l.c
* time/strptime_l.c, time/time.h, wcsmbs/mbsrtowcs_l.c
* wcsmbs/wchar.h, wcsmbs/wcscasecmp.c, wcsmbs/wcsncase.c
* wcsmbs/wcstod.c, wcsmbs/wcstod_l.c, wcsmbs/wcstof.c
* wcsmbs/wcstof_l.c, wcsmbs/wcstol_l.c, wcsmbs/wcstold.c
* wcsmbs/wcstold_l.c, wcsmbs/wcstoll_l.c, wcsmbs/wcstoul_l.c
* wcsmbs/wcstoull_l.c, wctype/iswctype_l.c
* wctype/towctrans_l.c, wctype/wcfuncs_l.c
* wctype/wctrans_l.c, wctype/wctype.h, wctype/wctype_l.c:
Change all uses of __locale_t to locale_t.
xlocale.h is already a single-type micro-header, defining struct
__locale_struct and the typedefs __locale_t and locale_t. This patch
brings it into the bits/types/ scheme: there are now
bits/types/__locale_t.h which defines only __locale_struct and
__locale_t, and bits/types/locale_t.h which defines locale_t as well
as the other two. None of *our* headers need __locale_t.h, but it
appears to me that libstdc++ could make use of it.
There are a lot of external uses of xlocale.h, but all the uses I
checked had an autoconf test or equivalent for its existence. It has
never been available from other C libraries, and it has always
contained a comment reading "This file is not standardized, don't rely
on it, it can go away without warning" so I think dropping it is
pretty safe.
I also took the opportunity to clean up comments in various public
header files that still talk about the *_l interfaces as though they
were completely nonstandard. There are a few of them, notably the
strtoX_l and wcstoX_l families, that haven't been standardized, but
the bulk are in POSIX.1-2008.
* locale/xlocale.h: Rename to...
* locale/bits/types/__locale_t.h: ...here. Adjust commentary.
Only define struct __locale_struct and __locale_t, not locale_t.
* locale/bits/types/locale_t.h: New file; define locale_t here.
* locale/Makefile (headers): Update to match.
* include/xlocale.h: Delete wrapper.
* include/bits/types/__locale_t.h: New wrapper.
* include/bits/types/locale_t.h: New wrapper.
* ctype/ctype.h, include/printf.h, include/time.h
* locale/langinfo.h, locale/locale.h, stdlib/monetary.h
* stdlib/stdlib.h, string/string.h, string/strings.h, time/time.h
* wcsmbs/wchar.h, wctype/wctype.h: Use bits/types/locale_t.h.
Correct outdated comments regarding the standardization status of
the functions that take locale_t arguments.
* stdlib/strtod_l.c, stdlib/strtof_l.c, stdlib/strtol_l.c
* stdlib/strtold_l.c, stdlib/strtoul_l.c, stdlib/strtoull_l.c
* sysdeps/ieee754/ldbl-128ibm/strtold_l.c
* sysdeps/ieee754/ldbl-64-128/strtold_l.c
* wcsmbs/wcstod.c, wcsmbs/wcstod_l.c, wcsmbs/wcstof.c
* wcsmbs/wcstof_l.c, wcsmbs/wcstold.c, wcsmbs/wcstold_l.c:
Don't include xlocale.h. If necessary, include locale.h instead.
* stdlib/strtold_l.c: Unconditionally include wchar.h.
Remove one more string inline that was defined directly in string.h;
in the absence of the rest of the inlines, it broke the build.
Like other ifunc shims for these functions,
x86_64/multiarch/{mem,st}pcpy.c need to define __NO_STRING_INLINES and
NO_MEMPCPY_STPCPY_REDIRECT.
* string/string.h (__mempcpy_inline): Delete.
* sysdeps/x86_64/multiarch/mempcpy.c
* sysdeps/x86_64/multiarch/stpcpy.c:
Define NO_MEMPCPY_STPCPY_REDIRECT and __NO_STRING_INLINES
before including string.h.
These machine-dependent inline string functions have never been on by
default, and even if they were a good idea at the time they were
introduced, they haven't really been touched in ten to fifteen years
and probably aren't a good idea on current-gen processors. Current
thinking is that this class of optimization is best left to the
compiler.
* bits/string.h, string/bits/string.h
* sysdeps/aarch64/bits/string.h
* sysdeps/m68k/m680x0/m68020/bits/string.h
* sysdeps/s390/bits/string.h, sysdeps/sparc/bits/string.h
* sysdeps/x86/bits/string.h: Delete file.
* string/string.h: Don't include bits/string.h.
* string/bits/string3.h: Rename to bits/string_fortified.h.
No need to undef various symbols that the removed headers
might have defined as macros.
* string/Makefile (headers): Remove bits/string.h, change
bits/string3.h to bits/string_fortified.h.
* string/string-inlines.c: Update commentary. Remove definitions
of various macros that nothing looks at anymore. Don't directly
include bits/string.h. Set _STRING_INLINE_unaligned here, based on
compiler-predefined macros.
* string/strncat.c: If STRNCAT is not defined, or STRNCAT_PRIMARY
_is_ defined, provide internal hidden alias __strncat.
* include/string.h: Declare internal hidden alias __strncat.
Only forward __stpcpy to __builtin_stpcpy if __NO_STRING_INLINES is
not defined.
* include/bits/string3.h: Rename to bits/string_fortified.h,
update to match above.
* sysdeps/i386/string-inlines.c: Define compat symbols for
everything formerly defined by sysdeps/x86/bits/string.h.
Make existing definitions into compat symbols as well.
Remove some no-longer-necessary messing around with macros.
* sysdeps/powerpc/powerpc32/power4/multiarch/mempcpy.c
* sysdeps/powerpc/powerpc64/multiarch/mempcpy.c
* sysdeps/powerpc/powerpc64/multiarch/stpcpy.c
* sysdeps/s390/multiarch/mempcpy.c
No need to define _HAVE_STRING_ARCH_mempcpy.
Do define __NO_STRING_INLINES and NO_MEMPCPY_STPCPY_REDIRECT.
* sysdeps/i386/i686/multiarch/strncat-c.c
* sysdeps/s390/multiarch/strncat-c.c
* sysdeps/x86_64/multiarch/strncat-c.c
Define STRNCAT_PRIMARY. Don't change definition of libc_hidden_def.
There is no longer a need for string2.h, so remove it and all mention of it.
Move the redirect for __stpcpy to include/string.h since it is still required
until all internal uses have been renamed.
This fixes several linknamespace/localplt failures when building with -Os.
[BZ #15105]
[BZ #19463]
* include/string.h: Add internal redirect for __stpcpy.
* string/Makefile: Remove bits/string2.h.
* string/string.h: Update comment.
* string/string-inlines.c: Remove bits/string2.h include and comment.
* string/bits/string2.h: Remove file.
glibc headers include some code (not particularly consistent or
systematic) to put various declarations in C++ namespaces std and
__c99, if _GLIBCPP_USE_NAMESPACES is defined.
As noted in <https://gcc.gnu.org/ml/libstdc++/2017-03/msg00025.html>,
this macro was removed from libstdc++ in 2000. I don't expect
compilation with such old versions of libstdc++ to work with current
glibc headers anyway (whereas old *binaries* are expected to stay
working with current glibc); this patch (which should be a no-op with
any libstdc++ version postdating that removal) removes all this code
from the glibc headers.
The begin-end-check.pl test, whose comments say it is about checking
these namespace macro calls, is also removed. The code in that test
would have covered __BEGIN_DECLS / __END_DECLS as well, but if those
weren't properly matched it would show up with the
check-installed-headers-cxx tests, so I don't think there is an actual
use for keeping begin-end-check.pl with the namespace code removed.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
* misc/sys/cdefs.h (__BEGIN_NAMESPACE_STD): Remove macro.
(__END_NAMESPACE_STD): Likewise.
(__USING_NAMESPACE_STD): Likewise.
(__BEGIN_NAMESPACE_C99): Likewise.
(__END_NAMESPACE_C99): Likewise.
(__USING_NAMESPACE_C99): Likewise.
* math/math.h (_Mdouble_BEGIN_NAMESPACE): Do not define and
undefine macro.
(_Mdouble_END_NAMESPACE): Likewise.
* ctype/ctype.h: Do not handle C++ namespaces.
* libio/bits/stdio-ldbl.h: Likewise.
* libio/stdio.h: Likewise.
* locale/locale.h: Likewise.
* math/bits/mathcalls.h: Likewise.
* setjmp/setjmp.h: Likewise.
* signal/signal.h: Likewise.
* stdlib/bits/stdlib-float.h: Likewise.
* stdlib/bits/stdlib-ldbl.h: Likewise.
* stdlib/stdlib.h: Likewise.
* string/string.h: Likewise.
* sysdeps/x86/fpu/bits/mathinline.h: Likewise.
* time/bits/types/clock_t.h: Likewise.
* time/bits/types/struct_tm.h: Likewise.
* time/bits/types/time_t.h: Likewise.
* time/time.h: Likewise.
* wcsmbs/bits/wchar-ldbl.h: Likewise.
* wcsmbs/uchar.h: Likewise.
* wcsmbs/wchar.h: Likewise.
[_GLIBCPP_USE_NAMESPACES] (wint_t): Remove conditional definition.
* wctype/wctype.h: Do not handle C++ namespaces.
* scripts/begin-end-check.pl: Remove.
* Makefile (installed-headers): Likewise.
(tests-special): Do not add $(objpfx)begin-end-check.out.
($(objpfx)begin-end-check.out): Remove.
* string/string.h [__USE_MISC]: Include strings.h.
(__bzero, bcmp, bcopy, bzero, index, rindex)
(strcasecmp, strncasecmp, strcasecmp_l, strncasecmp_l)
(ffs, ffsl, ffsll): Don't declare.
* string/strings.h: Do not suppress the file if string.h has
already been included.
(bcmp, bcopy, bzero, strcasecmp, strncasecmp): Add __nonnull
annotations.
(index, rindex): Define inline forwarders even if
__CORRECT_ISO_CPP_STRING_H_PROTO is defined.
(ffs): Use __attribute_const__.
(ffsl, ffsll): Declare here.
(strcasecmp_l, strncasecmp_l): Correct comments; these functions
have now been standardized.
* include/string.h (__bzero): Declare here.
explicit_bzero(s, n) is the same as memset(s, 0, n), except that the
compiler is not allowed to delete a call to explicit_bzero even if the
memory pointed to by 's' is dead after the call. Right now, this effect
is achieved externally by having explicit_bzero be a function whose
semantics are unknown to the compiler, and internally, with a no-op
asm statement that clobbers memory. This does mean that small
explicit_bzero operations cannot be expanded inline as small memset
operations can, but on the other hand, small memset operations do get
deleted by the compiler. Hopefully full compiler support for
explicit_bzero will happen relatively soon.
There are two new tests: test-explicit_bzero.c verifies the
visible semantics in the same way as the existing test-bzero.c,
and tst-xbzero-opt.c verifies the not-being-optimized-out property.
The latter is conceptually based on a test written by Matthew Dempsky
for the OpenBSD regression suite.
The crypt() implementation has an immediate use for this new feature.
We avoid having to add a GLIBC_PRIVATE alias for explicit_bzero
by running all of libcrypt's calls through the fortified variant,
__explicit_bzero_chk, which is in the impl namespace anyway. Currently
I'm not aware of anything in libc proper that needs this, but the
glue is all in place if it does become necessary. The legacy DES
implementation wasn't bothering to clear its buffers, so I added that,
mostly for consistency's sake.
* string/explicit_bzero.c: New routine.
* string/test-explicit_bzero.c, string/tst-xbzero-opt.c: New tests.
* string/Makefile (routines, strop-tests, tests): Add them.
* string/test-memset.c: Add ifdeffage for testing explicit_bzero.
* string/string.h [__USE_MISC]: Declare explicit_bzero.
* debug/explicit_bzero_chk.c: New routine.
* debug/Makefile (routines): Add it.
* debug/tst-chk1.c: Test fortification of explicit_bzero.
* string/bits/string3.h: Fortify explicit_bzero.
* manual/string.texi: Document explicit_bzero.
* NEWS: Mention addition of explicit_bzero.
* crypt/crypt-entry.c (__crypt_r): Clear key-dependent intermediate
data before returning, using explicit_bzero.
* crypt/md5-crypt.c (__md5_crypt_r): Likewise.
* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.
* include/string.h: Redirect internal uses of explicit_bzero
to __explicit_bzero_chk[_internal].
* string/Versions [GLIBC_2.25]: Add explicit_bzero.
* debug/Versions [GLIBC_2.25]: Add __explicit_bzero_chk.
* sysdeps/arm/nacl/libc.abilist
* sysdeps/unix/sysv/linux/aarch64/libc.abilist
* sysdeps/unix/sysv/linux/alpha/libc.abilist
* sysdeps/unix/sysv/linux/arm/libc.abilist
* sysdeps/unix/sysv/linux/hppa/libc.abilist
* sysdeps/unix/sysv/linux/i386/libc.abilist
* sysdeps/unix/sysv/linux/ia64/libc.abilist
* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist
* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist
* sysdeps/unix/sysv/linux/microblaze/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist
* sysdeps/unix/sysv/linux/nios2/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist
* sysdeps/unix/sysv/linux/sh/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist:
Add entries for explicit_bzero and __explicit_bzero_chk.
This patch implements support for the __STDC_WANT_LIB_EXT2__ feature
test macro from ISO/IEC TR 24731-2:2010, thereby implementing one
possible approach for supporting ISO C feature test macros.
Recall that, as described in
<https://sourceware.org/ml/libc-alpha/2016-05/msg00486.html>, these
macros work based on the definition when affected headers are
included, so cannot be handled once when the first system header is
included because that might not be one of the headers the particular
macro in question affects.
<https://sourceware.org/ml/libc-alpha/2016-05/msg00680.html> expresses
views on possible approaches for implementation and
<https://sourceware.org/ml/libc-alpha/2016-06/msg00039.html> follows
up on that.
This patch arranges things so that the relevant condition is
__GLIBC_USE (LIB_EXT2), following one of the suggestions given.
Headers using these macros include <bits/libc-header-start.h>, which
in turn includes <features.h>. Headers must define
__GLIBC_INTERNAL_STARTING_HEADER_IMPLEMENTATION before including
<bits/libc-header-start.h>, to discourage inclusion outside glibc as
requested. __USE_GNU conditions on affected functions are changed to
__GLIBC_USE (LIB_EXT2), while it's added as an additional alternative
on the conditions for functions already enabled for some POSIX
versions.
It would be possible to convert existing __USE_* conditionals to
__GLIBC_USE (with the relevant __GLIBC_USE_* being defined in
<features.h> where __USE_* are presently defined), and so make them
typo-proof (given -Wundef -Werror in glibc builds) because __GLIBC_USE
is used with #if not #ifdef / #if defined.
No attempt is made to enforce the rule about diagnosing different
definitions of __STDC_WANT_LIB_EXT2__ when affected headers are
included; such a diagnostic is incompatible with multiple-include
guards on the affected headers, unless compiler extensions are added
to support it.
As previously noted, glibc does not implement all features from TR
24731-2:2010: the functions aswprintf vaswprintf getwdelim getwline
are not in glibc, although they would be appropriate to add if someone
wished to do so. But I think it makes sense to support the feature
test macro if *any* of the controlled features are present in glibc.
Tested for x86_64 and x86 (testsuite, and that installed stripped
shared libraries are unchanged by the patch).
* bits/libc-header-start.h: New file.
* Makefile (headers): Add bits/libc-header-start.h.
* include/features.h (__STDC_WANT_LIB_EXT2__): Document.
(__GLIBC_USE): New macro.
* libio/stdio.h: Define
__GLIBC_INTERNAL_STARTING_HEADER_IMPLEMENTATION and include
<bits/libc-header-start.h> instead of including <features.h>.
(fmemopen): Declare also if [__GLIBC_USE (LIB_EXT2)].
(open_memstream): Likewise.
(vasprintf): Declare if [__GLIBC_USE (LIB_EXT2)], not [__USE_GNU].
(__asprintf): Likewise.
(asprintf): Likewise.
(__getdelim): Declare also if [__GLIBC_USE (LIB_EXT2)].
(getdelim): Likewise.
(getline): Likewise.
* string/string.h: Define
__GLIBC_INTERNAL_STARTING_HEADER_IMPLEMENTATION and include
<bits/libc-header-start.h> instead of including <features.h>.
(strdup): Declare also if [__GLIBC_USE (LIB_EXT2)]
(strndup): Likewise.
* wcsmbs/wchar.h: Define
__GLIBC_INTERNAL_STARTING_HEADER_IMPLEMENTATION and include
<bits/libc-header-start.h> instead of including <features.h>.
(open_wmemstream): Declare also if [__GLIBC_USE (LIB_EXT2)].
* manual/creature.texi (__STDC_WANT_LIB_EXT2__): Document macro.
This patch cleans up cases of __USE_MISC that are trivially redundant
after the recent substitution of __USE_MISC for __USE_BSD and
__USE_SVID: either in constructs such as "defined __USE_MISC ||
defined __USE_MISC", or else (in the bits/mman.h case) a conditional
on __USE_MISC nested inside another __USE_MISC conditional. (The
cleanups remaining after this patch are still quite large, but it
seems a reasonable piece to separate out.)
Tested x86_64.
* bits/mman.h [__USE_MISC]: Remove redundant conditionals.
* ctype/ctype.h [__USE_MISC]: Likewise.
* dirent/dirent.h [__USE_MISC]: Likewise.
* grp/grp.h [__USE_MISC]: Likewise.
* io/fcntl.h [__USE_MISC]: Likewise.
* io/sys/stat.h [__USE_MISC]: Likewise.
* libio/stdio.h [__USE_MISC]: Likewise.
* posix/unistd.h [__USE_MISC]: Likewise.
* pwd/pwd.h [__USE_MISC]: Likewise.
* stdlib.h [__USE_MISC]: Likewise.
* string/bits/string2.h [__USE_MISC]: Likewise.
* string/string.h [__USE_MISC]: Likewise.
* time/time.h [__USE_MISC]: Likewise.
In the string/string.h and string/strings.h headers, we have a couple
of macros that "tell the caller that we provide correct C++
prototypes" according to the comment; they are used to determine
whether to wrap some prototypes in "extern "C++"" (and provide
multiple overloads of them, and some other magic) when __cplusplus is
defined.
The macros are set to check for sufficiently-recent GCC versions (4.4
and later), but this is not the right check for non-GCC compilers. In
particular, these macros should also be set when using Clang -- if
they are not set, then Clang will be unable to correctly diagnose a
number of subtle bugs that will be errors in GCC compilations.
As per discussion on earlier versions of this patch, rather than
restrict the fix to Clang per se, we assume that all C++ compilers that
claim to fully support C++98 are using a standard-conforming C++
standard library, which seems pretty reasonable. Clang has been
providing an appropriate value of __cplusplus since May 2012.
Not using the result of the GNU strerror_r() is always a mistake.
Moreover this would generate warning if XSI version was expected but GNU
version was used instead (because some random used header defined
_GNU_SOURCE which was Python.h in this case).
* wcsmbs/wchar.h: mbsnrtowcs, open_wmemstream, wcpcpy, wcpncpy,
wcscasecmp, wcsdup, wcsncasecmp, wcsnlen, wcsnrtombs,
wcscasecmp_l, wcsncasecmp_l, wcscoll_l, and wcsxfrm_l.
* sysdeps/mach/hurd/bits/posix_opt.h: Reset value of macros from
200112L to 200809L.
* sysdeps/unix/sysv/linux/bits/posix_opt.h: Likewise.
* posix/getconf.c (vars): Add _SC_THREAD_ROBUST_PRIO_INHERIT and
_SC_THREAD_ROBUST_PRIO_PROTECT entries.
* bits/confname.h: Add _SC_THREAD_ROBUST_PRIO_INHERIT and
_SC_THREAD_ROBUST_PRIO_PROTECT.
* posix/unistd.h: fexecve is in POSIX 2008.
* time/time.h: strftime_l is in POSIX 2008.
* io/sys/stat.h: futimens is in POSIX 2008.
* string/strings.h: strcasecmp_l and strncasecmp_l are in POSIX 2008.
* string/string.h: stpcpy, stpncpy, strndup, strnlen, strsignal,
strcoll_l, strerror_l, and strxfrm_l are in POSIX 2008.
* stdlib/stdlib.h: mkdtemp is in POSIX 2008.