musl/src/include, branch v1.2.4 musl - an implementation of the standard library for Linux-based systems provide an internal namespace-safe __fstat 2022-05-04T14:51:00+00:00 Rich Felker dalias@aerifal.cx 2022-05-04T14:51:00+00:00 05a55868ff0f42cfc8701c7977322aa4c8e1aca3 this avoids the need for implementation-internal callers to depend on the nonstandard AT_EMPTY_PATH extension to use __fstatat and isolates knowledge of that extension to the implementation of __fstat. 
this avoids the need for implementation-internal callers to depend on
the nonstandard AT_EMPTY_PATH extension to use __fstatat and isolates
knowledge of that extension to the implementation of __fstat.
provide an internal namespace-safe __fstatat 2022-05-02T03:25:21+00:00 Rich Felker dalias@aerifal.cx 2022-04-28T06:14:34+00:00 c9ba0769a749e4e08fd8a8815b8ced96fba4927b this makes it so we can drop direct stat syscall use in interfaces that can't use the POSIX namespace. 
this makes it so we can drop direct stat syscall use in interfaces
that can't use the POSIX namespace.
add qsort_r and make qsort a wrapper around it 2021-09-24T00:09:22+00:00 Érico Nogueira ericonr@disroot.org 2021-03-09T21:02:13+00:00 b76f37fd5625d038141b52184956fb4b7838e9a5 we make qsort a wrapper by providing a wrapper_cmp function that uses the extra argument as a function pointer. should be optimized to a tail call on most architectures, as long as it's built with -fomit-frame-pointer, so the performance impact should be minimal. to keep the git history clean, for now qsort_r is implemented in qsort.c and qsort is implemented in qsort_nr.c. qsort.c also received a few trivial cleanups, including replacing (*cmp)() calls with cmp(). qsort_nr.c contains only wrapper_cmp and qsort as a qsort_r wrapper itself. 
we make qsort a wrapper by providing a wrapper_cmp function that uses
the extra argument as a function pointer. should be optimized to a tail
call on most architectures, as long as it's built with
-fomit-frame-pointer, so the performance impact should be minimal.

to keep the git history clean, for now qsort_r is implemented in qsort.c
and qsort is implemented in qsort_nr.c.  qsort.c also received a few
trivial cleanups, including replacing (*cmp)() calls with cmp().
qsort_nr.c contains only wrapper_cmp and qsort as a qsort_r wrapper
itself.
give libc access to its own malloc even if public malloc is interposed 2020-11-11T16:38:21+00:00 Rich Felker dalias@aerifal.cx 2020-11-11T05:22:34+00:00 8d37958d58cf36f53d5fcc7a8aa6d633da6071b2 allowing the application to replace malloc (since commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732) has brought multiple headaches where it's used from various critical sections in libc components. for example: - the thread-local message buffers allocated for dlerror can't be freed at thread exit time because application code would then run in the context of a non-existant thread. this was handled in commit aa5a9d15e09851f7b4a1668e9dbde0f6234abada by queuing them for free later. - the dynamic linker has to be careful not to pass memory allocated at early startup time (necessarily using its own malloc) to realloc or free after redoing relocations with the application and all libraries present. bugs in this area were fixed several times, at least in commits 0c5c8f5da6e36fe4ab704bee0cd981837859e23f and 2f1f51ae7b2d78247568e7fdb8462f3c19e469a4 and possibly others. - by calling the allocator from contexts where libc-internal locks are held, we impose undocumented requirements on alternate malloc implementations not to call into any libc function that might attempt to take these locks; if they do, deadlock results. - work to make fork of a multithreaded parent give the child an unrestricted execution environment is blocked by lock order issues as long as the application-provided allocator can be called with libc-internal locks held. these problems are all fixed by giving libc internals access to the original, non-replaced allocator, for use where needed. it can't be used everywhere, as some interfaces like str[n]dup, open_[w]memstream, getline/getdelim, etc. are required to provide the called memory obtained as if by (the public) malloc. and there are a number of libc interfaces that are "pure library" code, not part of some internal singleton, and where using the application's choice of malloc implementation is preferable -- things like glob, regex, etc. one might expect there to be significant cost to static-linked programs, pulling in two malloc implementations, one of them mostly-unused, if malloc is replaced. however, in almost all of the places where malloc is used internally, care has been taken already not to pull in realloc/free (i.e. to link with just the bump allocator). this size optimization carries over automatically. the newly-exposed internal allocator functions are obtained by renaming the actual definitions, then adding new wrappers around them with the public names. technically __libc_realloc and __libc_free could be aliases rather than needing a layer of wrapper, but this would almost surely break certain instrumentation (valgrind) and the size and performance difference is negligible. __libc_calloc needs to be handled specially since calloc is designed to work with either the internal or the replaced malloc. as a bonus, this change also eliminates the longstanding ugly dependency of the static bump allocator on order of object files in libc.a, by making it so there's only one definition of the malloc function and having it in the same source file as the bump allocator. 
allowing the application to replace malloc (since commit
c9f415d7ea2dace5bf77f6518b6afc36bb7a5732) has brought multiple
headaches where it's used from various critical sections in libc
components. for example:

- the thread-local message buffers allocated for dlerror can't be
  freed at thread exit time because application code would then run in
  the context of a non-existant thread. this was handled in commit
  aa5a9d15e09851f7b4a1668e9dbde0f6234abada by queuing them for free
  later.

- the dynamic linker has to be careful not to pass memory allocated at
  early startup time (necessarily using its own malloc) to realloc or
  free after redoing relocations with the application and all
  libraries present. bugs in this area were fixed several times, at
  least in commits 0c5c8f5da6e36fe4ab704bee0cd981837859e23f and
  2f1f51ae7b2d78247568e7fdb8462f3c19e469a4 and possibly others.

- by calling the allocator from contexts where libc-internal locks are
  held, we impose undocumented requirements on alternate malloc
  implementations not to call into any libc function that might
  attempt to take these locks; if they do, deadlock results.

- work to make fork of a multithreaded parent give the child an
  unrestricted execution environment is blocked by lock order issues
  as long as the application-provided allocator can be called with
  libc-internal locks held.

these problems are all fixed by giving libc internals access to the
original, non-replaced allocator, for use where needed. it can't be
used everywhere, as some interfaces like str[n]dup, open_[w]memstream,
getline/getdelim, etc. are required to provide the called memory
obtained as if by (the public) malloc. and there are a number of libc
interfaces that are "pure library" code, not part of some internal
singleton, and where using the application's choice of malloc
implementation is preferable -- things like glob, regex, etc.

one might expect there to be significant cost to static-linked
programs, pulling in two malloc implementations, one of them
mostly-unused, if malloc is replaced. however, in almost all of the
places where malloc is used internally, care has been taken already
not to pull in realloc/free (i.e. to link with just the bump
allocator). this size optimization carries over automatically.

the newly-exposed internal allocator functions are obtained by
renaming the actual definitions, then adding new wrappers around them
with the public names. technically __libc_realloc and __libc_free
could be aliases rather than needing a layer of wrapper, but this
would almost surely break certain instrumentation (valgrind) and the
size and performance difference is negligible. __libc_calloc needs to
be handled specially since calloc is designed to work with either the
internal or the replaced malloc.

as a bonus, this change also eliminates the longstanding ugly
dependency of the static bump allocator on order of object files in
libc.a, by making it so there's only one definition of the malloc
function and having it in the same source file as the bump allocator.
move aio implementation details to a proper internal header 2020-10-15T00:27:12+00:00 Rich Felker dalias@aerifal.cx 2020-09-28T22:47:13+00:00 557673603bb553e90106e7d14da6447a5ff82164 also fix the lack of declaration (and thus hidden visibility) in __stdio_close's use of __aio_close. 
also fix the lack of declaration (and thus hidden visibility) in
__stdio_close's use of __aio_close.
refactor thrd_sleep and nanosleep in terms of clock_nanosleep 2019-07-27T06:46:57+00:00 Rich Felker dalias@aerifal.cx 2019-07-21T05:53:14+00:00 331993e3fc3623f111d95796d3d7f30b4f6552c1 for namespace-safety with thrd_sleep, this requires an alias, which is also added. this eliminates all but one direct call point for nanosleep syscalls, and arranges that 64-bit time_t conversion logic will only need to exist in one file rather than three. as a bonus, clock_nanosleep with CLOCK_REALTIME and empty flags is now implemented as SYS_nanosleep, thereby working on older kernels that may lack POSIX clocks functionality. 
for namespace-safety with thrd_sleep, this requires an alias, which is
also added. this eliminates all but one direct call point for
nanosleep syscalls, and arranges that 64-bit time_t conversion logic
will only need to exist in one file rather than three.

as a bonus, clock_nanosleep with CLOCK_REALTIME and empty flags is now
implemented as SYS_nanosleep, thereby working on older kernels that
may lack POSIX clocks functionality.
use namespace-safe __lseek for __stdio_seek instead of direct syscall 2019-07-16T22:31:33+00:00 Rich Felker dalias@aerifal.cx 2019-07-16T22:31:33+00:00 03919b26ed41c31876db41f7cee076ced4513fad this probably saves a few bytes, avoids duplicating the clunky lseek/_llseek syscall convention in two places, and sets the stage for fixing broken seeks on x32 and mipsn32. 
this probably saves a few bytes, avoids duplicating the clunky
lseek/_llseek syscall convention in two places, and sets the stage for
fixing broken seeks on x32 and mipsn32.
use the correct attributes for ___errno_location 2019-07-10T21:10:59+00:00 Samuel Holland samuel@sholland.org 2019-06-29T23:19:05+00:00 c225e6c1a4e6a89447cb00a71f50ae00f8f5ec3f In the public header, __errno_location is declared with the "const" attribute, conditional on __GNUC__. Ensure that its internal alias has the same attributes. Maintainer's note: This change also fixes a regression in quality of code generation -- multiple references to errno in a single function started generating multiple calls again -- introduced by commit e13063aad7aee341d278d2a879a76ec7b59b2ad8. 
In the public header, __errno_location is declared with the "const"
attribute, conditional on __GNUC__. Ensure that its internal alias has
the same attributes.

Maintainer's note: This change also fixes a regression in quality of
code generation -- multiple references to errno in a single function
started generating multiple calls again -- introduced by commit
e13063aad7aee341d278d2a879a76ec7b59b2ad8.
make FILE a complete type for pre-C11 standard profiles 2019-03-12T19:24:00+00:00 Rich Felker dalias@aerifal.cx 2019-03-12T19:24:00+00:00 f368d9fd26ae002fe2fce20add4cb2b806f48972 C11 removed the requirement that FILE be a complete type, which was deemed erroneous, as part of the changes introduced by N1439 regarding completeness of types (see footnote 6 for specific mention of FILE). however the current version of POSIX is still based on C99 and incorporates the old requirement that FILE be a complete type. expose an arbitrary, useless complete type definition because the actual object used to represent FILE streams cannot be public/ABI. thanks to commit 13d1afa46f8098df290008c681816c9eb89ffbdb, we now have a framework for suppressing the public complete-type definition of FILE when stdio.h is included internally, so that a different internal definition can be provided. this is perfectly well-defined, since the same struct tag can refer to different types in different translation units. it would be a problem if the implementation were accessing the application's FILE objects or vice versa, but either would be undefined behavior. 
C11 removed the requirement that FILE be a complete type, which was
deemed erroneous, as part of the changes introduced by N1439 regarding
completeness of types (see footnote 6 for specific mention of FILE).
however the current version of POSIX is still based on C99 and
incorporates the old requirement that FILE be a complete type.

expose an arbitrary, useless complete type definition because the
actual object used to represent FILE streams cannot be public/ABI.

thanks to commit 13d1afa46f8098df290008c681816c9eb89ffbdb, we now have
a framework for suppressing the public complete-type definition of FILE
when stdio.h is included internally, so that a different internal
definition can be provided. this is perfectly well-defined, since the
same struct tag can refer to different types in different translation
units. it would be a problem if the implementation were accessing the
application's FILE objects or vice versa, but either would be
undefined behavior.
add membarrier syscall wrapper, refactor dynamic tls install to use it 2019-02-22T08:25:39+00:00 Rich Felker dalias@aerifal.cx 2019-02-22T07:56:10+00:00 ba18c1ecc6a18203ad8496791154af86f706f632 the motivation for this change is twofold. first, it gets the fallback logic out of the dynamic linker, improving code readability and organization. second, it provides application code that wants to use the membarrier syscall, which depends on preregistration of intent before the process becomes multithreaded unless unbounded latency is acceptable, with a symbol that, when linked, ensures that this registration happens. 
the motivation for this change is twofold. first, it gets the fallback
logic out of the dynamic linker, improving code readability and
organization. second, it provides application code that wants to use
the membarrier syscall, which depends on preregistration of intent
before the process becomes multithreaded unless unbounded latency is
acceptable, with a symbol that, when linked, ensures that this
registration happens.