Commit Graph

288 Commits

Author SHA1 Message Date
Sergio Giro 1cfa56d46c libutils/Unicode.cpp: Correct length computation and add checks for utf16->utf8
Inconsistent behaviour between utf16_to_utf8 and utf16_to_utf8_length
is causing a heap overflow.

Correcting the length computation and adding bound checks to the
conversion functions.

Test: ran libutils_tests
Bug: 29250543
Change-Id: I6115e3357141ed245c63c6eb25fc0fd0a9a7a2bb
(cherry picked from commit c4966a363e)
2016-08-25 20:07:51 +00:00
Sergio Giro 9de6776321 Unicode: specify destination length in utf8_to_utf16 methods
String16(const char *utf8) now returns the empty string in case
a string ends halfway throw a utf8 character.

Bug: 29267949
Clean cherry-pick from 1dcc0c8239

Change-Id: I5223caa7d42f4582a982609a898a02043265c6d3
2016-08-25 19:57:06 +00:00
Hans Boehm daac359be7 Merge "Make RefBase more robust and debuggable" 2016-08-24 23:36:13 +00:00
Hans Boehm 23c857ebd6 Make RefBase more robust and debuggable
This prevents two different kinds of client errors from causing
undetected memory corruption, and helps with the detection of others:

1. We no longer deallocate objects when the weak count goes to zero
and there have been no strong references.  This otherwise causes
us to return a garbage object from a constructor if the constructor
allocates and deallocates a weak pointer to this. And we do know
that clients allocate such weak pointers in constructors and their
lifetime is hard to trace.

2. We abort if a RefBase object is explicitly destroyed while
the weak count is nonzero.  Otherwise a subsequent decrement
would cause a write to potentially reallocated memory.

3. We check counter values returned by atomic decrements for
plausibility, and fail immediately if they are not plausible.

We unconditionally log any cases in which 1 changes behavior
from before. We abort in cases in which 2 changes behavior, since
those reflect clear bugs.
In case 1, a log message now indicates a possible leak. We have
not seen such a message in practice.

The third point introduces a small amount of overhead into the
reference count decrement path. But this should be negligible
compared to the actual decrement cost.

Add a test for promote/attemptIncStrong that tries to check for
both (1) above and concurrent operation of attemptIncStrong.

Add some additional warnings and explanations to the RefBase
documentation.

Bug: 30503444
Bug: 30292291
Bug: 30292538

Change-Id: Ida92b9a2e247f543a948a75d221fbc0038dea66c
2016-08-13 11:17:51 -07:00
Hans Boehm df6c464e9a Merge "Improve RefBase documentation, especially for clients."
am: 0f39fe22ae

Change-Id: I804989b192142dc9d69ca36f0122079822625e7e
2016-08-10 16:24:01 +00:00
Hans Boehm 0f39fe22ae Merge "Improve RefBase documentation, especially for clients." 2016-08-10 16:16:22 +00:00
Hans Boehm 9ba7192c1f Improve RefBase documentation, especially for clients.
Add basic interface documentation to RefBase.h.

Much, but not all, of this is cut-and-pasted from an email message
from Mathias Agopian. The rest is reconstructed from the code.

Delete some, now redundant, text from Refbase.cpp, and add a bit
more about the implementation strategy.

Some minor fixes to internal comments.

Bug: 30292291
Change-Id: I56518ae5553bc6de0cc2331778e7fcf2e6c4fd87
2016-08-09 15:12:19 -07:00
Greg Kaiser f068856284 Merge "SharedBuffer: Fix bug in return value of release()"
am: c064db48f1

Change-Id: I401318575ced17a94d19b47b2821ed4c310d9a03
2016-08-08 18:15:44 +00:00
Greg Kaiser c9b23cbb54 SharedBuffer: Fix bug in return value of release()
Since the equality operator '==' has higher precedence than the
assignment operator '=', we were assigning 'prev' to the result of
our comparison and not the result of mRefs.fetch_sub().

This means that 'prev' would only receive the values 0 or 1.  In
the cases where fetch_sub() returned 0 or 1, we were happening to
get the correct value.  But if fetch_sub() was greator than 1,
we would return to the user 0, instead of the previous reference
count.

We fix this by properly adding parentheses.  We also adjust the
whitespace a little to hopefully make the groupings of the logic
easier to see.

Change-Id: Ib129798a7076854b9ca4f6385c42edbf4fb75e57
2016-08-08 06:55:10 -07:00
Hans Boehm 0152d34d1f Merge "Fix race bug in attemptIncStrong"
am: 077135b18c

Change-Id: Iaf24710f74e61d3465ea2e0794eda91f0e81d46d
2016-08-04 01:37:25 +00:00
Hans Boehm 077135b18c Merge "Fix race bug in attemptIncStrong" 2016-08-04 01:27:04 +00:00
Hans Boehm 7f27cbc3f4 Fix race bug in attemptIncStrong
The compensating onLastStrongRef call could be made even when there
was no onIncStrongAttempted call to compensate for.  This
happened in the OBJECT_LIFETIME_STRONG case when e.g. curCount
was initially zero, but was concurrently incremented by another
thread.

I believe the old code was also incorrect in the
curCount = INITIAL_STRONG_VALUE + 1 case,
which seems to be possible under unlikely conditions.
In that case, I believe the compensating call IS needed.
Thus the condition was also changed.

Bug: 30503444
Change-Id: I44bcbcbb1264e4b52b6d3750dc39b041c4140381
2016-07-29 14:39:10 -07:00
Chih-Hung Hsieh 89cc78b77f Merge \"Fix google-explicit-constructor warnings in system/core.\"
am: 6dc68cb5f9

Change-Id: I5a010465364b6e14423b19e8c0f9cffa58ee3152
2016-07-29 17:01:17 +00:00
Chih-Hung Hsieh 034c475931 Fix google-explicit-constructor warnings in system/core.
* Declare explicit conversion constructors.
* Add NOLINT for implicit conversion constructors.
* Fix also some misaligned indendations.

Bug: 28341362
Change-Id: Idf911f35923b408d92285cc1a053f382ba08c63e
Test: build with clang-tidy
2016-07-26 11:26:01 -07:00
Sergio Giro 4476929073 Merge \"LruCache: avoid copying keys in lookup\"
am: 896c6b14ae

Change-Id: If8223e90988510385378506cd3a05d382ab73fc9
2016-07-20 19:48:44 +00:00
Sergio Giro 4c56e0a222 LruCache: avoid copying keys in lookup
Create objects of type KeyedEntry for lookups that only have
a key reference

Bug: 27567036
Change-Id: I5e609a3db63d3b9277ff1547a3cca37dce70251c
2016-07-20 18:38:44 +00:00
Hans Boehm 2b67ca305e Merge \"Add test for RefBase etc.\"
am: dc9fbc3440

Change-Id: I77ead7f91c17ee8c5614da783152ac3478fc5342
2016-07-14 00:44:58 +00:00
Hans Boehm 4a8276c779 Add test for RefBase etc.
Add some basic tests for RefBase, as well as a more ambitious memory
ordering test.

Add a README.txt with instructions to run the tests.

Comment out a couple of BlobCache tests that failed consistently and
appeared to be incorrect.  With that fix, I managed to run
libutils_tests successfully on device.

Bug: 28705989
Change-Id: I8ad29995097a149a0cc38615d6ed37117ec6cb5c
2016-07-13 12:03:03 -07:00
Dan Willemsen 8333a913b8 Merge \"libutils: Limit integer sanitize to target only\"
am: fc36f6fab6

Change-Id: I6bab757829cffa84f6bdae3edfa81597567704ce
2016-07-13 08:21:40 +00:00
Dan Willemsen e16bdb1bd1 libutils: Limit integer sanitize to target only
This matches what the Android.mk defined, and should temporarily fix
builds that were broken with:

system/core/libutils/Unicode.cpp:225:12: runtime error: unsigned integer
overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned
long')

Change-Id: I0363b42fc2d62dfd2d05649c9aa9ef0be573e20a
2016-07-13 00:20:20 -07:00
Colin Cross 2fedbf79bb resolve merge conflicts of 41e82a3 to stage-aosp-master
Change-Id: I5a7faca3249f0c038914540b1dd29edf0084c0e1
2016-07-12 23:53:04 -07:00
Dan Willemsen 2e1591bef9 Convert libbacktrace, libutils to Soong
Change-Id: I8b578f671f92246aca61f98937d75a60b56bc5c6
2016-07-12 17:20:18 -07:00
Hans Boehm 12f788e763 Merge "Fix SharedBuffer. Remove aref." am: 069517574e
am: 1e081a8c5f

* commit '1e081a8c5f2d6e6cb55658bb289db1f0b4f5774a':
  Fix SharedBuffer. Remove aref.

Change-Id: I5849137bb49d727d1c1d245f0f61d11c4ee10859
2016-05-23 22:22:18 +00:00
Hans Boehm 3e4c076ef2 Fix SharedBuffer. Remove aref.
Add comment that SharedBuffer is deprecated.

Both aref and SharedBuffer had memory ordering bugs.  Aref has no
clients.

SharedBuffer had several bugs, which are fixed here:

mRefs was declared neither volatile, not atomic, allowing the
compiler to, for example, reuse a stale previously loaded value.

It used the default android_atomic release memory ordering, which
is insufficient for reference count decrements.

It used an ordinary memory read in onlyOwner() to check whether
an object is safe to deallocate, without any attempt to ensure
memory ordering.

Comments claimed that SharedBuffer was exactly 16 bytes, but
this was neither checked, nor correct on 64-bit platforms.

This turns mRef into a std::atomic and removes the android_atomic
dependency.

Bug: 28826227
Change-Id: I39fa0b4f70ac0471b14ad274806fc4e0c0802e78
2016-05-23 17:28:52 +00:00
Hans Boehm fdad5af164 Merge "Fix memory order and race bugs in Refbase.h & RefBase.cpp" am: 62212954ef
am: d657e639cf

* commit 'd657e639cf74e0ee5a32d0f67efe0097c3df17a1':
  Fix memory order and race bugs in Refbase.h & RefBase.cpp

Change-Id: I79106bb0399e7699d51d526235843504ab52708b
2016-05-19 22:12:01 +00:00
Hans Boehm 62212954ef Merge "Fix memory order and race bugs in Refbase.h & RefBase.cpp" 2016-05-19 22:01:41 +00:00
Hans Boehm e263e6c633 Fix memory order and race bugs in Refbase.h & RefBase.cpp
Convert to use std::atomic directly.

Consistently use relaxed ordering for increments, release ordering
for decrements, and an added acquire fence when the count goes to
zero.

Fix what looks like another race in attemptIncStrong:
It seems entirely possible that the final adjustment for
INITIAL_STRONG_VALUE would see e.g. INITIAL_STRONG_VALUE + 1,
since we could be running in the middle of another initial
increment.

Attempt to somewhat document what this actually does, and
what's expected from the client. Hide the documentation in
the .cpp file for now.

Remove a confusing redundant test in decWeak. OBJECT_LIFETIME_STRONG
and OBJECT_LIFETIME_WEAK are the only options, in spite of some
of the original comments.

It's conceivable that either of these issues has resulted in
actual crashes, though I would guess the probability is small.
It's hard enough to reason about this code without the bugs.

Bug: 28705989
Change-Id: I4107a56c3fc0fdb7ee17fc8a8f0dd7fb128af9d8
2016-05-17 16:11:11 -07:00
Michael Wright 30a1db7045 Merge "Fix strstr16." into nyc-dev
am: a34a383607

* commit 'a34a383607007d632878929c6c9278221242d457':
  Fix strstr16.

Change-Id: I8fa1fab977f974c861cecb8b24b72cd175c27752
2016-05-17 17:28:02 +00:00
Michael Wright 0fd60eb9b4 Fix strstr16.
strcmp needs a limit, otherwise it will compare the null terminator
with the next character in the haystack, which results in the compare
failing for all searches except where the needle is found at the very
end.

Bug: 28663748
Change-Id: I1939dc4037c2f2a75d617943b063d2d38a8c5e3a
2016-05-16 21:23:07 +01:00
Greg Hackmann 1e18e78601 Merge "SystemClock: elapsedRealtimeNano() should use clock_gettime() on Linux" am: e3ff256228
am: 6d28bd81f5

* commit '6d28bd81f55236d1a82f00f8ac568ad61a03128d':
  SystemClock: elapsedRealtimeNano() should use clock_gettime() on Linux

Change-Id: Id5ecad63fb6cd79cc7db641d992e9525bc2b8779
2016-05-16 18:23:42 +00:00
Greg Hackmann 8f9a6372f6 Merge "SystemClock: add test" am: 282e8fb037
am: a91a1a990f

* commit 'a91a1a990f1d629377dcd2c3f2b57ccab48dc8cf':
  SystemClock: add test

Change-Id: I547a4c3422eb468530e3cdd02eb2bb157a444a15
2016-05-16 18:23:41 +00:00
Treehugger Robot e3ff256228 Merge "SystemClock: elapsedRealtimeNano() should use clock_gettime() on Linux" 2016-05-16 18:18:57 +00:00
Treehugger Robot 282e8fb037 Merge "SystemClock: add test" 2016-05-16 18:18:30 +00:00
Michael Wright 2a9a993af9 Merge commit '8b452b876b90dcfff1dab9012b65b5e67c4531a4' into manual_merge_8b452b8
Change-Id: Iacdc2d521f669661b4979c03b0476512abdb37c7
2016-05-16 15:06:22 +01:00
Michael Wright 5bacef33c9 Add String16#contains and strstr16 methods.
These are needed for aapt to find javadoc comments that contain
"@removed" in order to skip them when printing styleable docs.

Bug: 28663748
Change-Id: I8866d2167c41e11d6c2586da369560d5815fd13e
2016-05-09 19:45:07 +01:00
Greg Hackmann e94c92cd48 SystemClock: elapsedRealtimeNano() should use clock_gettime() on Linux
We've removed the Android alarm driver from our supported kernels.
clock_gettime(CLOCK_BOOTTIME) has been a viable option since 2.6.39, so
there's no need for the legacy code path anymore.

We can use this on Linux hosts too, since no one should be building
Android on hosts with kernels that old.

Bug: 28357356

Change-Id: I0aa164383c95e77c53d2c85883d83f85d4abc7b1
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2016-05-02 14:00:02 -07:00
Greg Hackmann 340079df26 SystemClock: add test
Bug: 28357356

Change-Id: Idf66c048bda09cd8cb08adf89ed0edd3770c4e39
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2016-05-02 13:59:58 -07:00
Chih-hung Hsieh fb44ca5178 Merge "Fix google-explicit-constructor warnings." am: 7bdd6a8b5a
am: 427d8d840f

* commit '427d8d840f6ec5ce5767b2ee521e4ac5b7ebd619':
  Fix google-explicit-constructor warnings.

Change-Id: I26dc45aca83f991aa7993f6d4233e0439dd44a22
2016-04-30 05:16:35 +00:00
Chih-Hung Hsieh 1c563d96f0 Fix google-explicit-constructor warnings.
Bug: 28341362
Change-Id: I4504e98a8db31e0edcbe63c23f9af43eb13e9d86
2016-04-29 15:44:04 -07:00
Elliott Hughes 7b2d2d6afa Merge "Remove debugging code for a fixed 3.6 kernel bug." am: af61acc
am: 058fd2e

* commit '058fd2edbcea9a6d224a3473fe8fdcb2f7735d37':
  Remove debugging code for a fixed 3.6 kernel bug.

Change-Id: I40ce05d262ab8e718fff4df8df7a41d2d6923e05
2016-04-09 00:31:32 +00:00
Elliott Hughes ad19af7132 Remove debugging code for a fixed 3.6 kernel bug.
Change-Id: If17d41d6151cd7b81677afc5d341d7aa788170e4
2016-04-04 16:06:53 -07:00
Brian Carlstrom de6d6041c1 system/core: Make Thread::run threadName argument required
am: e71b914775

* commit 'e71b9147756ab4da306e4c16461ad23936769603':
  system/core: Make Thread::run threadName argument required
2016-03-14 15:24:54 +00:00
Brian Carlstrom e71b914775 system/core: Make Thread::run threadName argument required
Bug: 27557176
Change-Id: Iae83a1e5489c86c2858fc8481f246b8480f0eec4
2016-03-12 21:32:52 -08:00
George Burgess IV 02f689e11a Merge "Cleanup uses of sprintf so we can deprecate it." am: 2c5b89a64a
am: 3368bdebba

* commit '3368bdebba02316710bafc5bce120eec388365fb':
  Cleanup uses of sprintf so we can deprecate it.
2016-03-08 07:41:39 +00:00
George Burgess IV e7aa2b2c83 Cleanup uses of sprintf so we can deprecate it.
Also cleans up two instances of open() with useless mode params, and
changes a few uses of snprintf to use sizeof(buffer) instead of
hardcoded buffer sizes.

Change-Id: If11591003d910c995e72ad8f75afd072c255a3c5
2016-03-07 18:40:40 -08:00
James Hawkins 650ba8b8d6 Merge "system/core/lib[c]utils: Fix signedness comparison warnings." am: bba2151b29
am: 65df16b05f

* commit '65df16b05f8d590e1fccc19e9a28833d6a71567d':
  system/core/lib[c]utils: Fix signedness comparison warnings.
2016-03-01 20:32:09 +00:00
James Hawkins b898075f30 system/core/lib[c]utils: Fix signedness comparison warnings.
* Store the output of a length variable in size_t.
* Annotate unsigned constant values as such.

Bug: 27384813
Change-Id: I8504c0a8f5840d4d42e5c0df797a4e5d02d13eb9
2016-03-01 11:21:53 -08:00
Dan Willemsen 9dddd137c7 Fix windows 64-bit builds
pid_t is 64-bit in 64-bit mingw, but the windows process/thread
functions return a DWORD(uint32_t). Instead of promoting to a pid_t and
fixing the format strings, just use a uint32_t to store the values.

android_thread_id also cannot be a 64-bit pointer, so for windows just
force it to be a uint32_t.

libutils/ProcessCallStack only works under Linux, since it makes heavy
use of /proc. Don't compile it under Windows or Darwin.

Bug: 26957718

(cherry picked from commit 86cf941c48)

Change-Id: I8d39d1951fea1b3011caf585c983e1da7959f7c0
2016-02-25 18:43:55 -08:00
Dimitry Ivanov ca0c8ce614 Merge "Make libutils symbols protected" into nyc-dev
am: aa2cf3facf

* commit 'aa2cf3facf8d26a3642c90cbf5b83e18934da48c':
  Make libutils symbols protected
2016-02-25 21:10:24 +00:00
Dimitry Ivanov 96ccb85fa2 Make libutils symbols protected
This change is a workaround for apps linking
libutils statically and dynamically which causes
them to crash for newer version of Android.

Bug: http://b/27313399
Change-Id: I47ac4146041b6eeef03cb605ea436719d552ec8f
(cherry picked from commit 2c7960c8d9)
2016-02-25 13:09:40 -08:00