musl/src/include, branch v1.2.2 musl - an implementation of the standard library for Linux-based systems give libc access to its own malloc even if public malloc is interposed 2020-11-11T16:38:21+00:00 Rich Felker dalias@aerifal.cx 2020-11-11T05:22:34+00:00 8d37958d58cf36f53d5fcc7a8aa6d633da6071b2 allowing the application to replace malloc (since commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732) has brought multiple headaches where it's used from various critical sections in libc components. for example: - the thread-local message buffers allocated for dlerror can't be freed at thread exit time because application code would then run in the context of a non-existant thread. this was handled in commit aa5a9d15e09851f7b4a1668e9dbde0f6234abada by queuing them for free later. - the dynamic linker has to be careful not to pass memory allocated at early startup time (necessarily using its own malloc) to realloc or free after redoing relocations with the application and all libraries present. bugs in this area were fixed several times, at least in commits 0c5c8f5da6e36fe4ab704bee0cd981837859e23f and 2f1f51ae7b2d78247568e7fdb8462f3c19e469a4 and possibly others. - by calling the allocator from contexts where libc-internal locks are held, we impose undocumented requirements on alternate malloc implementations not to call into any libc function that might attempt to take these locks; if they do, deadlock results. - work to make fork of a multithreaded parent give the child an unrestricted execution environment is blocked by lock order issues as long as the application-provided allocator can be called with libc-internal locks held. these problems are all fixed by giving libc internals access to the original, non-replaced allocator, for use where needed. it can't be used everywhere, as some interfaces like str[n]dup, open_[w]memstream, getline/getdelim, etc. are required to provide the called memory obtained as if by (the public) malloc. and there are a number of libc interfaces that are "pure library" code, not part of some internal singleton, and where using the application's choice of malloc implementation is preferable -- things like glob, regex, etc. one might expect there to be significant cost to static-linked programs, pulling in two malloc implementations, one of them mostly-unused, if malloc is replaced. however, in almost all of the places where malloc is used internally, care has been taken already not to pull in realloc/free (i.e. to link with just the bump allocator). this size optimization carries over automatically. the newly-exposed internal allocator functions are obtained by renaming the actual definitions, then adding new wrappers around them with the public names. technically __libc_realloc and __libc_free could be aliases rather than needing a layer of wrapper, but this would almost surely break certain instrumentation (valgrind) and the size and performance difference is negligible. __libc_calloc needs to be handled specially since calloc is designed to work with either the internal or the replaced malloc. as a bonus, this change also eliminates the longstanding ugly dependency of the static bump allocator on order of object files in libc.a, by making it so there's only one definition of the malloc function and having it in the same source file as the bump allocator. 
allowing the application to replace malloc (since commit
c9f415d7ea2dace5bf77f6518b6afc36bb7a5732) has brought multiple
headaches where it's used from various critical sections in libc
components. for example:

- the thread-local message buffers allocated for dlerror can't be
  freed at thread exit time because application code would then run in
  the context of a non-existant thread. this was handled in commit
  aa5a9d15e09851f7b4a1668e9dbde0f6234abada by queuing them for free
  later.

- the dynamic linker has to be careful not to pass memory allocated at
  early startup time (necessarily using its own malloc) to realloc or
  free after redoing relocations with the application and all
  libraries present. bugs in this area were fixed several times, at
  least in commits 0c5c8f5da6e36fe4ab704bee0cd981837859e23f and
  2f1f51ae7b2d78247568e7fdb8462f3c19e469a4 and possibly others.

- by calling the allocator from contexts where libc-internal locks are
  held, we impose undocumented requirements on alternate malloc
  implementations not to call into any libc function that might
  attempt to take these locks; if they do, deadlock results.

- work to make fork of a multithreaded parent give the child an
  unrestricted execution environment is blocked by lock order issues
  as long as the application-provided allocator can be called with
  libc-internal locks held.

these problems are all fixed by giving libc internals access to the
original, non-replaced allocator, for use where needed. it can't be
used everywhere, as some interfaces like str[n]dup, open_[w]memstream,
getline/getdelim, etc. are required to provide the called memory
obtained as if by (the public) malloc. and there are a number of libc
interfaces that are "pure library" code, not part of some internal
singleton, and where using the application's choice of malloc
implementation is preferable -- things like glob, regex, etc.

one might expect there to be significant cost to static-linked
programs, pulling in two malloc implementations, one of them
mostly-unused, if malloc is replaced. however, in almost all of the
places where malloc is used internally, care has been taken already
not to pull in realloc/free (i.e. to link with just the bump
allocator). this size optimization carries over automatically.

the newly-exposed internal allocator functions are obtained by
renaming the actual definitions, then adding new wrappers around them
with the public names. technically __libc_realloc and __libc_free
could be aliases rather than needing a layer of wrapper, but this
would almost surely break certain instrumentation (valgrind) and the
size and performance difference is negligible. __libc_calloc needs to
be handled specially since calloc is designed to work with either the
internal or the replaced malloc.

as a bonus, this change also eliminates the longstanding ugly
dependency of the static bump allocator on order of object files in
libc.a, by making it so there's only one definition of the malloc
function and having it in the same source file as the bump allocator.
move aio implementation details to a proper internal header 2020-10-15T00:27:12+00:00 Rich Felker dalias@aerifal.cx 2020-09-28T22:47:13+00:00 557673603bb553e90106e7d14da6447a5ff82164 also fix the lack of declaration (and thus hidden visibility) in __stdio_close's use of __aio_close. 
also fix the lack of declaration (and thus hidden visibility) in
__stdio_close's use of __aio_close.
refactor thrd_sleep and nanosleep in terms of clock_nanosleep 2019-07-27T06:46:57+00:00 Rich Felker dalias@aerifal.cx 2019-07-21T05:53:14+00:00 331993e3fc3623f111d95796d3d7f30b4f6552c1 for namespace-safety with thrd_sleep, this requires an alias, which is also added. this eliminates all but one direct call point for nanosleep syscalls, and arranges that 64-bit time_t conversion logic will only need to exist in one file rather than three. as a bonus, clock_nanosleep with CLOCK_REALTIME and empty flags is now implemented as SYS_nanosleep, thereby working on older kernels that may lack POSIX clocks functionality. 
for namespace-safety with thrd_sleep, this requires an alias, which is
also added. this eliminates all but one direct call point for
nanosleep syscalls, and arranges that 64-bit time_t conversion logic
will only need to exist in one file rather than three.

as a bonus, clock_nanosleep with CLOCK_REALTIME and empty flags is now
implemented as SYS_nanosleep, thereby working on older kernels that
may lack POSIX clocks functionality.
use namespace-safe __lseek for __stdio_seek instead of direct syscall 2019-07-16T22:31:33+00:00 Rich Felker dalias@aerifal.cx 2019-07-16T22:31:33+00:00 03919b26ed41c31876db41f7cee076ced4513fad this probably saves a few bytes, avoids duplicating the clunky lseek/_llseek syscall convention in two places, and sets the stage for fixing broken seeks on x32 and mipsn32. 
this probably saves a few bytes, avoids duplicating the clunky
lseek/_llseek syscall convention in two places, and sets the stage for
fixing broken seeks on x32 and mipsn32.
use the correct attributes for ___errno_location 2019-07-10T21:10:59+00:00 Samuel Holland samuel@sholland.org 2019-06-29T23:19:05+00:00 c225e6c1a4e6a89447cb00a71f50ae00f8f5ec3f In the public header, __errno_location is declared with the "const" attribute, conditional on __GNUC__. Ensure that its internal alias has the same attributes. Maintainer's note: This change also fixes a regression in quality of code generation -- multiple references to errno in a single function started generating multiple calls again -- introduced by commit e13063aad7aee341d278d2a879a76ec7b59b2ad8. 
In the public header, __errno_location is declared with the "const"
attribute, conditional on __GNUC__. Ensure that its internal alias has
the same attributes.

Maintainer's note: This change also fixes a regression in quality of
code generation -- multiple references to errno in a single function
started generating multiple calls again -- introduced by commit
e13063aad7aee341d278d2a879a76ec7b59b2ad8.
make FILE a complete type for pre-C11 standard profiles 2019-03-12T19:24:00+00:00 Rich Felker dalias@aerifal.cx 2019-03-12T19:24:00+00:00 f368d9fd26ae002fe2fce20add4cb2b806f48972 C11 removed the requirement that FILE be a complete type, which was deemed erroneous, as part of the changes introduced by N1439 regarding completeness of types (see footnote 6 for specific mention of FILE). however the current version of POSIX is still based on C99 and incorporates the old requirement that FILE be a complete type. expose an arbitrary, useless complete type definition because the actual object used to represent FILE streams cannot be public/ABI. thanks to commit 13d1afa46f8098df290008c681816c9eb89ffbdb, we now have a framework for suppressing the public complete-type definition of FILE when stdio.h is included internally, so that a different internal definition can be provided. this is perfectly well-defined, since the same struct tag can refer to different types in different translation units. it would be a problem if the implementation were accessing the application's FILE objects or vice versa, but either would be undefined behavior. 
C11 removed the requirement that FILE be a complete type, which was
deemed erroneous, as part of the changes introduced by N1439 regarding
completeness of types (see footnote 6 for specific mention of FILE).
however the current version of POSIX is still based on C99 and
incorporates the old requirement that FILE be a complete type.

expose an arbitrary, useless complete type definition because the
actual object used to represent FILE streams cannot be public/ABI.

thanks to commit 13d1afa46f8098df290008c681816c9eb89ffbdb, we now have
a framework for suppressing the public complete-type definition of FILE
when stdio.h is included internally, so that a different internal
definition can be provided. this is perfectly well-defined, since the
same struct tag can refer to different types in different translation
units. it would be a problem if the implementation were accessing the
application's FILE objects or vice versa, but either would be
undefined behavior.
add membarrier syscall wrapper, refactor dynamic tls install to use it 2019-02-22T08:25:39+00:00 Rich Felker dalias@aerifal.cx 2019-02-22T07:56:10+00:00 ba18c1ecc6a18203ad8496791154af86f706f632 the motivation for this change is twofold. first, it gets the fallback logic out of the dynamic linker, improving code readability and organization. second, it provides application code that wants to use the membarrier syscall, which depends on preregistration of intent before the process becomes multithreaded unless unbounded latency is acceptable, with a symbol that, when linked, ensures that this registration happens. 
the motivation for this change is twofold. first, it gets the fallback
logic out of the dynamic linker, improving code readability and
organization. second, it provides application code that wants to use
the membarrier syscall, which depends on preregistration of intent
before the process becomes multithreaded unless unbounded latency is
acceptable, with a symbol that, when linked, ensures that this
registration happens.
introduce namespace-safe rwlock aliases; use in pthread_key_create 2019-02-16T16:44:07+00:00 Rich Felker dalias@aerifal.cx 2019-02-16T16:44:07+00:00 639bcf251e549f634da9a3e7ef8528eb2ec12505 commit 84d061d5a31c9c773e29e1e2b1ffe8cb9557bc58 inadvertently introduced namespace violations by using the pthread-namespace rwlock functions in pthread_key_create, which is in turn used for C11 tss. fix that and possible future uses of rwlocks elsewhere. 
commit 84d061d5a31c9c773e29e1e2b1ffe8cb9557bc58 inadvertently
introduced namespace violations by using the pthread-namespace rwlock
functions in pthread_key_create, which is in turn used for C11 tss.
fix that and possible future uses of rwlocks elsewhere.
add namespace-safe version of getauxval for internal use 2018-12-10T03:40:52+00:00 Rich Felker dalias@aerifal.cx 2018-12-10T03:40:52+00:00 26c66c485c04fa782b8c6f7450bf008f4457b5a8 






bypass indirection through pointer objects to access stdin/out/err
2018-10-18T04:32:20+00:00

Rich Felker
dalias@aerifal.cx

2018-10-18T03:57:28+00:00

d8f2efa708a027132d443f45a8c98a0c7c1b2d77

by ABI, the public stdin/out/err macros use extern pointer objects,
and this is necessary to avoid copy relocations that would be
expensive and make the size of the FILE structure part of the ABI.
however, internally it makes sense to access the underlying FILE
objects directly. this avoids both an indirection through the GOT to
find the address of the stdin/out/err pointer objects (which can't be
computed PC-relative because they may have been moved to the main
program by copy relocations) and an indirection through the resulting
pointer object.

in most places this is just a minor optimization, but in the case of
getchar and putchar (and the unlocked versions thereof), ipa constant
propagation makes all accesses to members of stdin/out PC-relative or
GOT-relative, possibly reducing register pressure as well.





by ABI, the public stdin/out/err macros use extern pointer objects,
and this is necessary to avoid copy relocations that would be
expensive and make the size of the FILE structure part of the ABI.
however, internally it makes sense to access the underlying FILE
objects directly. this avoids both an indirection through the GOT to
find the address of the stdin/out/err pointer objects (which can't be
computed PC-relative because they may have been moved to the main
program by copy relocations) and an indirection through the resulting
pointer object.

in most places this is just a minor optimization, but in the case of
getchar and putchar (and the unlocked versions thereof), ipa constant
propagation makes all accesses to members of stdin/out PC-relative or
GOT-relative, possibly reducing register pressure as well.