Introduce a way to speed up local builds. Don't build all test
modules if ANDROID_NO_TEST_CHECK is set to true.
On master branch this reduces what is built by more than
300 apps and 50 java libraries. Time for doing this on a
12 core machine running with -j13 is about 10 minutes.
Change-Id: I90feb108695ee60d0dbbf497644f767cc3748215
Do not clean installed files, only intermediate files. This way, two
consequitive builds first without, then with SANITIZE_TARGET will
produce a frankenbuild with both sets of shared libraries.
Bug: 21785137
Change-Id: I231868b15331be942c783458cf36233c2e7740d3
A fully (or even mostly) asan-instrumented device will have 2 copies of each
shared library, which might not fit on system partition. Moving instrumented
libraries to /data.
Bug: 21785137
Change-Id: I64184261da2eb24a1382c67e4931c34a5a38b3c0
This also does a bit of cleanup in config_sanitizers.mk. The result is
that `LOCAL_SANITIZE := <any arbitrary ubsan group>` should function
fine for both host and target.
This is a superset of LOCAL_DETECT_INTEGER_OVERFLOWS, so remove that.
This also checks integer division by zero. It's supposed to cover
shifting undefined behaviors as well, but apparently it does not
(though `LOCAL_SANITIZE := shift` works fine).
Change-Id: I4ac99eafa6920a3f8cb82af37ce56ff0fdb95223
The same as SANITIZE_HOST, but for the target.
Also, skip all LOCAL_FORCE_STATIC_EXECUTABLE targets, as ASan does not
support static linking.
Bug: 21785137
Change-Id: Ief53ff8de1fee18f230d6c7dd31845db5bbd415c
I've migrated all users of this to the new option now, so we can drop
this.
Dropping `SANITIZE_HOST := true` will have to wait until the build
server configs have been updated.
Change-Id: I591436e197a6c6c079a6cd6a2decb702b574cd71
Add build system support for LOCAL_DETECT_INTEGER_OVERFLOWS. When enabled,
an attempt to perform an integer arithmetic operation which overflows
will result in a call to abort(). This is intended for security
sensitive code, where integer overflow operations are not expected
nor desirable.
Two classes of underflows/overflows are detected and blocked:
1) Signed integer underflow/overflow.
2) Unsigned integer underflow/overflows.
Signed integer overflows are undefined behavior, according to the
C standard. Unsigned integer overflows are defined behavior, but
still undesirable in security sensitive code.
Only clang is supported today. gcc has -ftrapv for handling signed
integer overflow, but it's widely considered broken
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=35412) and we're
deliberately avoiding it's use here.
Change-Id: Ib4918dc84e37e83d4205e5035544545d91671e5f
Vaguely-Related-Bug: 11859726
Clang is really aggressive at optimizing a handful of cases (read:
clang will ruin your day some if you write bad code). Fortunately, it
also emits a warning when it's about to do this.
To prevent anyone from suffering from these optimizations, make these
warnings errors and make them impossible to disable.
Change-Id: I5e10bb0fc2ca23190017da716b3b84635577a0bd
The catch all "org" package was catching several thousand
org.apache.harmony.tests.* tests that are already covered by
other packages. Replace the catch-all org.* with specific prefixes.
Needs additional support in CollectAllTests to handle multiple
prefixes. This is implemented in the companion change.
bug: 20862863
(cherry picked from commit cf7fbcd03d)
Change-Id: I1d28f91cfca098ccdcd62e88bb486b433d9c29d8
For historical reason, the aosp_* products were named full_*.
We keep the full, full_x86 and full_mips in case some tools still
reference these legacy names; But no reason the have the full_* product
names for the new 64-bit archs.
Change-Id: I240ed0c6ded0ded2d80603bd0c5ff24750999afc
New custom image configuration variables:
- CUSTOM_IMAGE_SELINUX, set to "true" if the image supports selinux.
- CUSTOM_IMAGE_SUPPORT_VERITY, set to "true" if the product supports verity.
- CUSTOM_IMAGE_VERITY_BLOCK_DEVICE
Also changed the staging directory name to the mount point, like we do
for other images built by the build system.
Bug: 19609718
Change-Id: I6bbf06b79eee63e4c77834f2e6f1d5a7f7e00a12
(cherry picked from commit 7d51a40295)
Build additional images requested by the product makefile.
This script gives the ability to build multiple additional images and
you can configure what modules/files to include in each image.
1. Define PRODUCT_CUSTOM_IMAGE_MAKEFILES in your product makefile.
PRODUCT_CUSTOM_IMAGE_MAKEFILES is a list of makefiles.
Each makefile configures an image.
For image configuration makefile foo/bar/xyz.mk, the built image
file name
will be xyz.img. So make sure they won't conflict.
2. In each image's configuration makefile, you can define variables:
- CUSTOM_IMAGE_MOUNT_POINT, the mount point, such as "oem", "odm"
etc.
- CUSTOM_IMAGE_PARTITION_SIZE
- CUSTOM_IMAGE_FILE_SYSTEM_TYPE
- CUSTOM_IMAGE_DICT_FILE, a text file defining a dictionary
accepted by BuildImage() in tools/releasetools/build_image.py.
- CUSTOM_IMAGE_MODULES, a list of module names you want to include
in the image; Not only the module itself will be installed to proper
path in the image, you can also piggyback additional files/directories
with the module's LOCAL_PICKUP_FILES.
- CUSTOM_IMAGE_COPY_FILES, a list of "<src>:<dest>" to be copied to
the image. <dest> is relativ to the root of the image.
To build all those images, run "make custom_images".
Bug: 19609718
Change-Id: Ic73587e08503a251be27797c7b00329716051927
(cherry picked from commit 5fcf1094f9)
Normally the binaries use the exsiting $ORIGIN/../lib[64] with binaries
in the bin subdirectory;
For historical reason the binaries in the SDK package don't have a bin
subdirectory. This workaround enables them to work in the existing SDK
directory structure.
Bug: 21301578
Change-Id: Ibebfbfb8b30e81e7bbaf13a21bb205f3f0282d24
(cherry-pick from commit 4fe7bfd373)
The gcc 4.9 devirtualization bug was fixed with a cherry pick of r212222.
BUG: 19872411
Change-Id: I6d9677f112402fe84d70da770f364392398e9cc9
(cherry picked from commit ad2494bb79)
GDB does not yet have support for compact branches, and is unable to
set a breakpoint on them. Turn compact branch generation off, until
GDB is fixed.
Change-Id: Ie7d6fb891e9934f8fc645fe9cf8f706be15a5f77
This allows to compile dex targeted java sources using Jack and Jill.
Default is still to compile with the legacy toolchain. Default can be
switched to the new toolchain by setting environement variable:
export ANDROID_COMPILE_WITH_JACK=true
Toolchain can also be forced for one module by defining
LOCAL_JACK_ENABLED:=full # disabled, full, incremental
in the mk portion defining the module.
Jack execution environement can be controlled with:
Global variable ANDROID_JACK_VM allow to change the jvm executing Jack.
Global variable ANDROID_JACK_VM_ARGS allows to change default args given
to the jvm.
Global variable ANDROID_JACK_EXTRA_ARGS allows to define some default args
to give to Jack
LOCAL_JACK_VM_ARGS allows to override default args given to the jvm for
the module.
LOCAL_JACK_EXTRA_ARGS allows to override default args passed to Jack.
This includes cherry-picks of the following changes:
b4c49cba5722c3fa6d73138768c1bb5dd3e1d31283d5d040478bc90fd2d6140274707e0fbc9ff2a2833b427d72f9a27f45b4280966694137822c443dc6b44d43c3d2a76c14bf06744f60fc95573d5036b8213916142794e7b582801f2c44d0c76d99dca1f528e132d676a5e0bd1ae25b3984ff Partially, only Jack related parts werekept
ec46a3b71fabee3a9f4177cbe10fd9daf07db4cdb6bfb5893a
Ie all Jack related changes untill
b6bfb5893a
except
a96cc59ab5 "Use Jack by default"
Change-Id: If9d47ef1c4fd1e6765ad2a47d816c1ad3cfab0e3
Clang++ for Mips and Mips64 generates read-only exception unwind
tables that trigger DT_TEXTREL warnings at link time. Until Clang
is fixed, ignore those performance warnings instead of failing the build.
With this patch, Mips clang++ can be (optionally) used when building
libdeqp.
NDK's Mips llvm has been using an alternate temporary fix, marking the
.gcc_exception_table section as read-write for Mips only:
https://android-review.googlesource.com/#/c/119660/
A permanent fix using a read-only exception table is pending upstream:
http://reviews.llvm.org/D9669
Change-Id: Ie0cd7da398acbe45dbe39adc251e7fd5b5ca1445
Commit 28acbeab18f6083299c07f9ebe769d22e49f8107 removed the dependency of
sepolicy-analyze on libc++, eliminating the only consumer of the library for the
cts host-side tests. Remove the library since it is no longer needed but leave
the ability to add other shared libs in the future.
Bug: 19566396
Change-Id: I4fbfa44ce9f099ad058fd0630ac48749e389e3e1
This reverts commit 32e1689684.
Now that prebuilts/gcc/darwin-x86/aarch64/aarch64-linux-android-4.9 is also updated
Change-Id: Id95c1c4cc651c434461655e62b8f23afd56b53e4
Print modules and their transitive dependencies with license files.
To invoke, run
"make deps-license PROJ_PATH=<proj-path-patterns> DEP_PATH=<dep-path-patterns>".
PROJ_PATH restricts the paths of the source modules;
DEP_PATH restricts the paths of the dependency modules.
Both can be makefile patterns supported by makefile function $(filter).
Example:
$ make deps-license packages/app/% external/%
prints all modules in packages/app/ with their dpendencies in external/.
The printout lines look like "<module_name> :: <module_paths> :: <license_files>".
Bug: 20823995
Change-Id: I06b66e85ff56c8628bffa3d948085ed45870100f
The only remaining users of stlport are vendor blobs. Prevent any new
users from using it.
Bug: http://b/15193147
Change-Id: I577a16c8c52e2c7d939c3b5026e18ad90e4b9f26
We don't have a toolchain for 64-bit windows.
This allows running `USE_MINGW=1 mm` in a directory that has a host
module with LOCAL_MULTILIB := both.
Change-Id: I31f981b38fb80b0d6582bab0a4bd580a3c654c91
The previous check tested against USE_MINGW even for target builds.
Hadn't been a problem because people don't typically set USE_MINGW
directly.
Change-Id: I90fe0ea890c44917eb29dd02d7c7f76c19e7fbd6
USE_MINGW=1 mm didn't work in directories that contained target modules
because the build system would use the Windows locations and extensions
when trying to find the host GCC prebuilts. Windows is the target OS,
not the OS we're building from.
Change-Id: Ic994fed15388d0c7d393f71ba28fe7afdc659f5c
Also filter out gcc-only flags -Wno-clobbered and -fno-devirtualize
when compiled with clang/llvm.
BUG: 19872411
Change-Id: I6de57583be04da607f569df65e93531787dbb789
We need PT_LOAD segments to match for the gdb sake.
If we pack module after stripping symbolic version
PT_LOAD differ from actual ones; this confuses gdb.
Bug: http://b/20687795
Change-Id: If7b1ffcda918d0cc47051a30ca1202007ed62403
(cherry picked from commit 258b29cf76)
The relocation packer is causing the kernel to load the executable
overlapping ASAN's shadow space.
Bug: http://b/20665974
Change-Id: Ifc5914f4fbed5f4f00ed1c795d01cf2fcb849cfe
Always link libm with asan. Hasn't been a problem before because ASAN
was only ever used when libc++ was as well, which already links libm.
Pass --no-as-needed for host modules.
These aren't needed for the target builds because the target uses the
shared RTL.
Change-Id: I5d6a3c2dd557b5231be2b7711df6438693753a88
ASan runtime library (when using dynamic linking) must be the first
dependency of the main executable to achieve correct symbol
interposition. This matches how the clang driver works.
In multilib setup, ASan-RT name depends on the target arch:
/system/lib/libclang_rt.asan-arm-android.so
/system/lib64/libclang_rt.asan-arm64-android.so
We also set RPATH to /system/lib/asan or /system/lib64/asan
to have a place for ASan-only versions of system libraries.
Change-Id: I5c0cdb89e5e08a1950eb276e406da9f31a6e52dd
This is needed for projects that have known ubsan issues that we can't
fix right away (perhaps because it's an upstream project that we're
diligent about keeping in sync with upsteam).
Also make the normal ubsan use -fno-sanitize-recover=all by default.
Change-Id: I1b0f3309792f32dbd08c18816d7306e76c8d7c30
Enable the following compiler hardening flags:
* -Wl,-z,relro
* -Wl,-z,now
* -fstack-protector
relro / bind_now make the relro region read-only after linking,
preventing certain attacks against ELF data structures.
stack-protector adds stack canaries, which can detect exploits
which overwrite parts of the stack.
Explicitly not added in this change is FORTIFY_SOURCE=2. Adding that
option turns on glibc's warn_unused_result attributes. This generates
a huge number of new compile time warnings, and for the multiple
makefiles which have -Werror in them, turns those warnings into errors.
I'm not able to fix all the errors right away.
Bug: 20558757
Change-Id: I86791177c6695f5325233d9dd9a5dd3ccc2b1a2f
Do not pack relocations for prebuilds unless
LOCAL_PACK_MODULE_RELOCATIONS is true
Bug: http://b/20537715
Bug: http://b/18051137
Change-Id: Iddef3b09741da6ae10d73c98103b868cc7695d38
Add replocation-packer step for dynmic executables.
Enable it by default for arm and arm64 platforms.
Bug: http://b/18051137
Change-Id: I0c88fd31595bcea62a087f219acb9ecf9c80f2e5
Add ability to include dirs to the cts distribtion to enable bundling of shared
libraries on which host-side executables rely.
Bug: 19566396
Change-Id: Id501874244ae98fbfef2aa591885c88dee5b8b02
If a prebuilt APK contains shared libraries and the flag
LOCAL_PAGE_ALIGN_JNI_SHARED_LIBRARIES := true is set, then
uncompress any shared libraries stored within the APK.
This allows processes to load the shared library directly from
the APK.
Bug: 20247329
Bug: 8076853
Bug: 1162500
Change-Id: Iac4db32457d9ce31eb7256410023819b44fda0a6
Some of the ubsan checks expose a few pathological performance cases
in clang, and thus aren't suited to be used in SANITIZE_HOST.
This mode is also supported on the target despite not having the
target runtime libraries for ubsan by generating traps.
Change-Id: I0b0f0a08ca84d72e44e2174a66726b1c5e5cad7e
Ying pointed out in https://android-review.googlesource.com/#/c/147290
that my_sanitize_host would be read as some garbage value for target
builds. Move the configuration later and don't use the local at all.
Change-Id: Id8a095821d000a184e72f950b9481597073a7044
Previously using a sanitizer would imply clang. It should be an error
instead so it's more obvious.
Change-Id: I67c949bfda3718a0d19da7e358b5fde447fce334
* Refactor a few pieces to avoid deeply nested conditionals.
* LOCAL_SANITIZE := never replaces LOCAL_ADDRESS_SANITIZER := false.
Change-Id: I68bb8c5edda6ecd40179c5ba9f18d06e96aaa260
For dex preopt and JNI library extraction, we should remove the
classes.dex and .so files before we sign the APK so that there
isn't an entry in the manifest.
Prebuilt APKs which are pre-signed will simply not have the files
removed. This may cause some system.img bloat, but signature checks make
this necessary.
Bug: 20247329
Change-Id: I4742d1aa3aa64ab5aea2264304cb8c0bea24f784
After fixing the link order here, it seems libunwindbacktrace no
longer works for exception unwinding, but libgcc now does.
Change-Id: Ice79af4b8f234ed6a053ee818b6dec3aa9706c8a
Decouple generation of CFI from the rest of debug symbols.
This makes it possible to generate oat with CFI but without
the rest of debug symbols.
This is in line with intention of the .eh_frame section.
The section does not have the .debug_ prefix because it
is considered somewhat different to the rest of debug symbols.
Change-Id: I32816ecd4f30ac4e0dc69d69a4993e349c737f96
Bug: 20148343
The latest clang warns on "%p" being used with non-void pointer types, which
would require a great deal of cleanup in several sub-projects.
Change-Id: I4175d5cf8709504455067c906a2eb8ccc8e25432
Clang will sometimes generate this call (dex2oat with ubsan is one
known case), and it doesn't exist in libgcc.
Change-Id: I2eb68e2a326eb0407dca03b5870077eeebca1c0a
Rather than adding LOCAL_UB_SANITIZER, LOCAL_THREAD_SANITIZER, etc for
each new sanitizer, deprecate LOCAL_ADDRESS_SANITIZER in favor of
LOCAL_SANITZE that mirrors the behavior of -fsanitize=<sanitizers>.
For example, the following will use both asan and ubsan:
LOCAL_SANITIZE := address undefined
We'll leave LOCAL_ADDRESS_SANITIZER around for compatibility until we
can clean up the tree.
Change-Id: I8a62315129d4753f8e992584ca6db1e5dfdd4d2a
shamu has a 560dpi density, which is between xxhdpi and xxxhdpi. It
deserves the large font (18x32), otherwise it falls back to use the
small one and makes it mostly unreadable under recovery mode. Amend
the list to include 560dpi and 400dpi that are higher than xhdpi.
Ideally we should map string formats back to numbers for easy
comparison (and to handle any high but odd density values).
Change-Id: Ie08d9ce5e1c8850ff30a79bcbfd1b89e971b7e07
With this, you can easily add more executables, jars or shared libraries
to the package. Also now it automatically takes care of
32-bit-v.s.-64-bit library issue.
Change-Id: I5afe00fadc978d0da229b192eca1a4b1c149764e
Some programs (cough sqlite cough) do an improper check to see if
HAVE_MALLOC_H is defined. Instead of defining it with no value,
define it with a value so those checks pass.
Needed for bug: 20099586
Change-Id: I4c293b2c1b5f4caad85ffc1fc34ac385bab23f5c
Change host library builds to build for both architectures to
match device builds, removing the need for LOCAL_MULTILIB := both
in all the art library makefiles.
Change-Id: I2689f67c66f5055f93941f40b3e825127f693eca
The build was working on AOSP, but fails downstream when using
Jack because the javalib.jar file needed by CTS is not being
built by default there.
Change-Id: I8dd836b33a4e1bae5af623db3822de99e9b05cf0
Add vboot properties to the dictionary file, which will be packed into
the target_files zip. Add support in packaging and OTA scripts to
sign the generated bootable images (boot.img and recovery.img) when
vboot is enabled.
Change-Id: I08758ced03d173219415bca762bbdb66c464a9f5
(cherry picked from commit 5d5a3bd9e8d8b14b71d1b2105417a2958d13d3d2)
Previously we were bundling this into libc++ and having each binary
resolve its symbols from there. This means that the unwinder that gets
used for a given binary is sensitive to the order in which its
libraries are linked. Making this a static library dependency of each
binary means the right unwinder will always be used.
Bug: 18471342
Bug: 19958712
Change-Id: I782d212784dbf85355b5d9146d7460d675259a0e
With commit 33360dd569 we moved Java
resource packaging forward to creation of the jar file. But the Java
resource packaging will be skipped if a module has no Java code at all.
(The build system does support building an apk without Java code.)
In this change we add back the Java resources directly to the built apk
when the apk has no Java code.
(cherry-picked from commit 8b27d1879c)
Bug: 19947218
Change-Id: I0e1a65a9cbe656974f8ef3923b2f15e9efa5feb9
Added support to build system.img that combines contents of /system and
the ramdisk, and can be mounted at the root of the file system.
To enable this feature, define BoardConfig.mk variable:
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
Ideally we would just change TARGET_OUT (the path of the staging system
directory) to under TARGET_ROOT_OUT. But at this point many places in
the build system assume TARGET_OUT is independent of TARGET_ROOT_OUT and
we can't make it easily configurable.
Instead this implementation takes the least intrusive approach:
We don't change TARGET_OUT or TARGET_ROOT_OUT. We just assemble a
temporary staging directory that contains contents of both TARGET_OUT
and TARGET_ROOT_OUT, in build_image.BuildImage() of
tools/releasetools/build_image.py.
When build_image.py is directly called from the makefile, we pass in the
parameters from the global dictionary; when build_image.BuildImage() is
called from add_img_to_target_files.py, we need to override values to
point to files extracted from the target_files zip file.
We need to combine the fs_config files of both /system and ramdisk,
when fs_config is enabled.
Also this change refactored build_image.BuildImage() by moving the extra
parameters to the image property dictionary.
(cherry-picked from commit 0eabd4f2c5)
Bug:19868522
Change-Id: Iafc467a0e3427b0d6ad3b575abcc98ddcc9ea0f1
Fix the bug that build is still success when boot jars contain
non-whitelisted classes. Now, check-boot-jars.py correctly
finishes with exit code 1 when non-whitelisted classes are found.
Change-Id: Id5c80ef9fdb70213d878d569f6033be2c9eb90d3
-Wl,--fix-cortex-a8 is a workaround for an Erratum in Cortex-A8
processors. It slightly increases code size and decreases performance,
and there's no point in using it on non-A8 CPUs.
Instead of forcing it unconditionally, use it when targeting
Cortex-A8 or generic armv7-a (which might or might not be A8).
Change-Id: Ifa59765d380445237edccfe5440a67b3ba1e459a
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
Clang 3.6 (including the snapshot present in AOSP) added support for
-mcpu=cortex-a15 -- there's no need to fall back to generic armv7-a
anymore.
Change-Id: I8a582261ac35e32f8f1def1d244cf83f2096520d
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
The change follows the patten found in "Package OTA" and other places
to allow for overriding the mkbootimg command.
Now pass MKBOOTIMG variable to get make_recovery_patch and add_image_to_target
to use the tool set in BOARD_CUSTOM_MKBOOTIMG for boot/recovery image
generation.
Change-Id: I78533c25e87c2750eb24ac1bf39e4b7ca321a441
Clang's tail call optimization for position independent code
only works when the callee was called (bound in GOT) before
the jump through GOT.
It does not work for some lazy bound Android tail callee.
We used special flag to disable all tail call optimization.
This change removes that global flag and depends on
clang compiler fix from upstream or the temporary patch in
https://android-review.googlesource.com/#/c/142241
See proposed llvm changes and pointers to llvm bugs in
https://android-review.googlesource.com/#/c/142792
Change-Id: Idb6e98d6b5f0e4c3676884b69eb3e767eba2491a
Can't be done on the user's end because these libraries all need to be
linked after libc++_static.
Change-Id: Ib21364e6f43689cf59da31d6f561919731ef8272
Previously odex files were stored alongside the dex location as:
dex location: /foo/bar/base.apk
odex location: /foo/bar/<isa>/base.odex
This changes where odex files are stored, adding an "oat" directory:
dex location: /foo/bar/base.apk
odex location: /foo/bar/oat/<isa>/base.odex
See also the corresponding change in platform/art and
platform/frameworks/native.
Bug: 19550105
Change-Id: I4c6be4f0c41ff175904846db8e360c4af815b265
So that the cts config.mk can use global variables set by the core build
system config.mk.
Change-Id: I2571564abbb53257eee54485a3357ab1305eb870
(cherry picked from commit bacf5f8008)
Strip prebuilt shared library but not try adding gnu debuglink.
It would fail if you try run the adding gnu debuglink command if a
prebuilt is already stripped.
Bug: 17177288
Change-Id: If5811865715c2437e45fbd329983ef1212ef0109
(cherry picked from commit bfb52a2ec1)
"LOCAL_FDO_SUPPORT := always" enables FDO without user specifying
"BUILD_FDO_OPTIMIZE := true", i.e. it turns on FDO for a
module in any build configuration.
Change-Id: I05d8db2edb2b3f5db073fa14d5bf1083a04571c0
(cherry picked from commit 45d0143ab1)
Some releasetools python sripts rely on $PATH to search for the
executables. With this change, you don't need to run lunch even after you
change the build system variable OUT_DIR.
Bug: 19320328
Change-Id: Ia44b11084fb1bdcceb60b1d33cb7e460c9b705a8
(cherry picked from commit 9d252e1009)
Add a target to zip up all the otatools and releasetools, for easy
copying to the OTA builder machine.
Change-Id: If14b4afefcc1a20ea19dfca3f3b9f9fae73189a6
(cherry picked from commit f22b0f43ef)
v8.renderscript is needed, even for bundled apps.
Bug: 19343399
Change-Id: I461e244be15e08d4525439bc042529314c84031e
(cherry picked from commit c919b0ba88)
Ying Wang