2017-12-13 23:18:15 +00:00
|
|
|
# Android bionic status
|
2017-08-28 16:18:34 +00:00
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
## Bionic function availability
|
2017-11-28 01:00:16 +00:00
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
### POSIX
|
2017-11-28 01:00:16 +00:00
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
You can see the current status with respect to POSIX in the form of tests:
|
|
|
|
|
https://android.googlesource.com/platform/bionic/+/master/tests/headers/posix/
|
2017-11-28 01:00:16 +00:00
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
Some POSIX functionality is not supported by the Linux kernel, and
|
|
|
|
|
is guarded with tests for `__linux__`. Other functionality is not
|
|
|
|
|
supported by bionic or glibc, and guarded with tests for `__BIONIC__`
|
|
|
|
|
and `__GLIBC__`. In other cases historical accidents mean 32-bit
|
|
|
|
|
bionic diverged but 64-bit bionic matches POSIX; these are guarded with
|
|
|
|
|
`__LP64__`.
|
2017-11-28 01:00:16 +00:00
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
Most bionic-only diversions should be accompanied by an explanatory comment.
|
2017-11-28 01:00:16 +00:00
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
Missing functions are either obsolete or explicitly disallowed by SELinux:
|
|
|
|
|
* `a64l`/`l64a`
|
|
|
|
|
* `confstr`
|
|
|
|
|
* `crypt`/`encrypt`/`setkey`
|
|
|
|
|
* `gethostid`
|
|
|
|
|
* `shm_open`/`shm_unlink`
|
|
|
|
|
* `sockatmark`
|
2017-11-28 01:00:16 +00:00
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
Missing functionality:
|
|
|
|
|
* `<aio.h>`
|
|
|
|
|
* `<wordexp.h>`
|
|
|
|
|
* Thread cancellation
|
|
|
|
|
* Robust mutexes
|
2017-11-28 01:00:16 +00:00
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
Run `./libc/tools/check-symbols-glibc.py` in bionic/ for the current
|
|
|
|
|
list of POSIX functions implemented by glibc but not by bionic.
|
2017-11-28 01:00:16 +00:00
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
### libc
|
2017-08-28 16:18:34 +00:00
|
|
|
|
|
|
|
|
Current libc symbols: https://android.googlesource.com/platform/bionic/+/master/libc/libc.map.txt
|
|
|
|
|
|
|
|
|
|
New libc functions in P:
|
|
|
|
|
* `__freading`/`__fwriting` (completing <stdio_ext.h>)
|
2017-11-28 01:00:16 +00:00
|
|
|
* `endhostent`/`endnetent`/`endprotoent`/`getnetent`/`getprotoent`/`sethostent`/`setnetent`/`setprotoent` (completing <netdb.h>)
|
2017-10-19 21:35:18 +00:00
|
|
|
* `fexecve`
|
2017-10-31 00:47:12 +00:00
|
|
|
* `fflush_unlocked`/`fgetc_unlocked`/`fgets_unlocked`/`fputc_unlocked`/`fputs_unlocked`/`fread_unlocked`/`fwrite_unlocked`
|
2017-10-06 23:58:36 +00:00
|
|
|
* `getentropy`/`getrandom` (adding <sys/random.h>)
|
2017-08-28 16:18:34 +00:00
|
|
|
* `getlogin_r`
|
2017-10-06 23:58:36 +00:00
|
|
|
* `glob`/`globfree` (adding <glob.h>)
|
2017-11-28 01:00:16 +00:00
|
|
|
* `hcreate`/`hcreate_r`/`hdestroy`/`hdestroy_r`/`hsearch`/`hsearch_r` (completing <search.h>)
|
2017-08-28 16:18:34 +00:00
|
|
|
* `iconv`/`iconv_close`/`iconv_open` (adding <iconv.h>)
|
Implement pthread_attr_getinheritsched/pthread_attr_setinheritsched.
Historically, Android defaulted to EXPLICIT but with a special case
because SCHED_NORMAL/priority 0 was awkward. Because the code couldn't
actually tell whether SCHED_NORMAL/priority 0 was a genuine attempt to
explicitly set those attributes (because the parent thread is SCHED_FIFO,
say) or just because the pthread_attr_t was left at its defaults.
Now we support INHERIT, we could call sched_getscheduler to see whether
we actually need to call sched_setscheduler, but since the major cost
is the fixed syscall overhead, we may as well just conservatively
call sched_setscheduler and let the kernel decide whether it's a
no-op. (Especially because we'd then have to add both sched_getscheduler
and sched_setscheduler to any seccomp filter.)
Platform code (or app code that only needs to support >= P) can actually
add a call to pthread_attr_setinheritsched to say that they just want
to inherit (if they know that none of their threads actually mess with
scheduler attributes at all), which will save them a sched_setscheduler
call except in the doubly-special case of SCHED_RESET_ON_FORK (which we
do handle).
An alternative would be "make pthread_attr_setschedparams and
pthread_attr_setschedprio set EXPLICIT and change the platform default
to INHERIT", but even though I can only think of weird pathological
examples where anyone would notice that change, that behavior -- of
pthread_attr_setschedparams/pthread_attr_setschedprio overriding an
earlier call to pthread_attr_setinheritsched -- isn't allowed by POSIX
(whereas defaulting to EXPLICIT is).
If we have a lot of trouble with this change in the app compatibility
testing phase, though, we'll want to reconsider this decision!
-*-
This change also removes a comment about setting the scheduler attributes
in main_thread because we'd have to actually keep them up to date,
and it's not clear that doing so would be worth the trouble.
Also make async_safe_format_log preserve errno so we don't have to be
so careful around it.
Bug: http://b/67471710
Test: ran tests
Change-Id: Idd026c4ce78a536656adcb57aa2e7b2c616eeddf
2017-10-17 22:34:41 +00:00
|
|
|
* `pthread_attr_getinheritsched`/`pthread_attr_setinheritsched`/`pthread_setschedprio`
|
2018-01-26 06:50:09 +00:00
|
|
|
* `pthread_mutexattr_getprotocol`/`pthread_mutexattr_setprotocol` (mutex priority inheritance)
|
2018-02-01 22:21:51 +00:00
|
|
|
* <signal.h> support for `sigaction64_t` and `sigset64_t` allowing LP32 access to real-time signals
|
2017-10-06 23:58:36 +00:00
|
|
|
* <spawn.h>
|
2017-10-18 20:34:32 +00:00
|
|
|
* `swab`
|
2017-08-28 16:18:34 +00:00
|
|
|
* `syncfs`
|
2018-02-01 22:21:51 +00:00
|
|
|
* `%C` and `%S` support in the printf family (previously only the wprintf family supported these)
|
|
|
|
|
* `%mc`/`%ms`/`%m[` support in the scanf family
|
2017-08-28 16:18:34 +00:00
|
|
|
|
|
|
|
|
New libc functions in O:
|
|
|
|
|
* `sendto` FORTIFY support
|
|
|
|
|
* `__system_property_read_callback`/`__system_property_wait`
|
|
|
|
|
* legacy `bsd_signal`
|
|
|
|
|
* `catclose`/`catgets`/`catopen` (adding <nl_types.h>)
|
|
|
|
|
* `ctermid`
|
|
|
|
|
* all 6 <grp.h>/<pwd.h> (get|set|end)(gr|pw)ent functions
|
|
|
|
|
* `futimes`/`futimesat`/`lutimes`
|
|
|
|
|
* `getdomainname`/`setdomainname`
|
|
|
|
|
* `getsubopt`
|
|
|
|
|
* `hasmntopt`
|
|
|
|
|
* `mallopt`
|
|
|
|
|
* `mblen`
|
|
|
|
|
* 4 <sys/msg.h> `msg*` functions
|
|
|
|
|
* <langinfo.h> `nl_langinfo`/`nl_langinfo_l`
|
|
|
|
|
* `pthread_getname_np`
|
|
|
|
|
* 2 new Linux system calls `quotactl` and `sync_file_range`
|
|
|
|
|
* 4 <sys/sem.h> `sem*` functions
|
|
|
|
|
* 4 <sys/shm.h> `shm*` functions
|
|
|
|
|
* 5 legacy <signal.h> functions: `sighold`/`sigignore`/`sigpause`/`sigrelse`/`sigset`
|
|
|
|
|
* `strtod_l`/`strtof_l`/`strtol_l`/`strtoul_l`
|
|
|
|
|
* <wctype.h> `towctrans`/`towctrans_l`/`wctrans`/`wctrans_l`
|
|
|
|
|
|
|
|
|
|
New libc functions in N:
|
|
|
|
|
* more FORTIFY support functions (`fread`/`fwrite`/`getcwd`/`pwrite`/`write`)
|
|
|
|
|
* all remaining `_FILE_OFFSET_BITS=64` functions, completing `_FILE_OFFSET_BITS=64` support in bionic (8)
|
|
|
|
|
* all 7 `pthread_barrier*` functions
|
|
|
|
|
* all 5 `pthread_spin*` functions
|
|
|
|
|
* `lockf`/`preadv`/`pwritev`/`scandirat` and `off64_t` variants
|
|
|
|
|
* `adjtimex`/`clock_adjtime`
|
|
|
|
|
* `getifaddrs`/`freeifaddrs`/`if_freenameindex`/`if_nameindex`
|
|
|
|
|
* `getgrgid_r`/`getgrnam_r`
|
|
|
|
|
* GNU extensions `fileno_unlocked`/`strchrnul`
|
|
|
|
|
* 32-bit `prlimit`
|
|
|
|
|
|
|
|
|
|
libc function count over time:
|
|
|
|
|
G 803, H 825, I 826, J 846, J-MR1 873, J-MR2 881, K 896, L 1116, M 1181, N 1226, O 1278
|
|
|
|
|
|
|
|
|
|
```
|
2017-12-13 23:18:15 +00:00
|
|
|
ndk-r17$ for i in `ls -1v platforms/android-*/arch-arm/usr/lib/libc.so` ; do \
|
|
|
|
|
echo $i; nm $i | grep -vw [AbdNnt] | grep -vw B | wc -l ; done
|
2017-08-28 16:18:34 +00:00
|
|
|
```
|
|
|
|
|
|
2017-12-13 23:18:15 +00:00
|
|
|
### libm
|
2017-08-28 16:18:34 +00:00
|
|
|
|
|
|
|
|
Current libm symbols: https://android.googlesource.com/platform/bionic/+/master/libm/libm.map.txt
|
|
|
|
|
|
|
|
|
|
0 remaining missing POSIX libm functions.
|
|
|
|
|
|
|
|
|
|
19 new libm functions in O: complex trig/exp/log functions.
|
|
|
|
|
|
|
|
|
|
libm function count over time:
|
|
|
|
|
G 158, J-MR2 164, L 220, M 265, O 284
|
2017-12-13 23:18:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Target API level behavioral differences
|
|
|
|
|
|
|
|
|
|
Most bionic bug fixes and improvements have been made without checks for
|
|
|
|
|
the app's `targetSdkVersion`. As of O there were exactly two exceptions,
|
|
|
|
|
but there are likely to be more in future because of Project Treble.
|
|
|
|
|
|
|
|
|
|
### Invalid `pthread_t` handling (targetSdkVersion >= O)
|
|
|
|
|
|
|
|
|
|
As part of a long-term goal to remove the global thread list,
|
|
|
|
|
and in an attempt to flush out racy code, we changed how an invalid
|
|
|
|
|
`pthread_t` is handled. For `pthread_detach`, `pthread_getcpuclockid`,
|
|
|
|
|
`pthread_getschedparam`/`pthread_setschedparam`, `pthread_join`, and
|
|
|
|
|
`pthread_kill`, instead of returning ESRCH when passed an invalid
|
|
|
|
|
`pthread_t`, if you're targeting O or above, they'll abort with the
|
|
|
|
|
message "attempt to use invalid pthread\_t".
|
|
|
|
|
|
|
|
|
|
Note that this doesn't change behavior as much as you might think: the
|
|
|
|
|
old lookup only held the global thread list lock for the duration of
|
|
|
|
|
the lookup, so there was still a race between that and the dereference
|
|
|
|
|
in the caller, given that callers actually need the tid to pass to some
|
|
|
|
|
syscall or other, and sometimes update fields in the `pthread_internal_t`
|
|
|
|
|
struct too.
|
|
|
|
|
|
|
|
|
|
We can't check a thread's tid against 0 to see whether a `pthread_t`
|
|
|
|
|
is still valid because a dead thread gets its thread struct unmapped
|
|
|
|
|
along with its stack, so the dereference isn't safe.
|
|
|
|
|
|
|
|
|
|
To fix your code, taking the affected functions one by one:
|
|
|
|
|
|
|
|
|
|
* `pthread_getcpuclockid` and `pthread_getschedparam`/`pthread_setschedparam`
|
|
|
|
|
should be fine. Unsafe calls to those seem highly unlikely.
|
|
|
|
|
|
|
|
|
|
* Unsafe `pthread_detach` callers probably want to switch to
|
|
|
|
|
`pthread_attr_setdetachstate` instead, or use
|
|
|
|
|
`pthread_detach(pthread_self());` from the new thread's start routine
|
|
|
|
|
rather than calling detach in the parent.
|
|
|
|
|
|
|
|
|
|
* `pthread_join` calls should be safe anyway, because a joinable thread
|
|
|
|
|
won't actually exit and unmap until it's joined. If you're joining an
|
|
|
|
|
unjoinable thread, the fix is to stop marking it detached. If you're
|
|
|
|
|
joining an already-joined thread, you need to rethink your design!
|
|
|
|
|
|
|
|
|
|
* Unsafe `pthread_kill` calls aren't portably fixable. (And are obviously
|
|
|
|
|
inherently non-portable as-is.) The best alternative on Android is to
|
|
|
|
|
use `pthread_gettid_np` at some point that you know the thread to be
|
|
|
|
|
alive, and then call `kill`/`tgkill` with signal 0 (which checks
|
|
|
|
|
whether a process exists rather than actually sending a
|
|
|
|
|
signal). That's still not completely safe because if you're too late
|
|
|
|
|
the tid may have been reused, but your code is inherently unsafe without
|
|
|
|
|
a redesign anyway.
|
|
|
|
|
|
|
|
|
|
### Interruptable `sem_wait` (targetSdkVersion >= N)
|
|
|
|
|
|
|
|
|
|
POSIX says that `sem_wait` can be interrupted by delivery of a
|
|
|
|
|
signal. This wasn't historically true in Android, and when we fixed this
|
|
|
|
|
bug we found that existing code relied on the old behavior. To preserve
|
|
|
|
|
compatibility, `sem_wait` can only return EINTR on Android if the app
|
|
|
|
|
targets N or later.
|