1 /* $NetBSD: cdefs.h,v 1.58 2004/12/11 05:59:00 christos Exp $ */
2
3 /*
4 * Copyright (c) 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Berkeley Software Design, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * @(#)cdefs.h 8.8 (Berkeley) 1/9/95
35 */
36
37 #ifndef _SYS_CDEFS_H_
38 #define _SYS_CDEFS_H_
39
40 /*
41 * Testing against Clang-specific extensions.
42 */
43 #ifndef __has_extension
44 #define __has_extension __has_feature
45 #endif
46 #ifndef __has_feature
47 #define __has_feature(x) 0
48 #endif
49 #ifndef __has_include
50 #define __has_include(x) 0
51 #endif
52 #ifndef __has_builtin
53 #define __has_builtin(x) 0
54 #endif
55 #ifndef __has_attribute
56 #define __has_attribute(x) 0
57 #endif
58
59 #define __strong_alias(alias, sym) \
60 __asm__(".global " #alias "\n" \
61 #alias " = " #sym);
62
63 #if defined(__cplusplus)
64 #define __BEGIN_DECLS extern "C" {
65 #define __END_DECLS }
66 #else
67 #define __BEGIN_DECLS
68 #define __END_DECLS
69 #endif
70
71 #if defined(__cplusplus)
72 #define __BIONIC_CAST(_k,_t,_v) (_k<_t>(_v))
73 #else
74 #define __BIONIC_CAST(_k,_t,_v) ((_t) (_v))
75 #endif
76
77 /*
78 * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
79 * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
80 * The __CONCAT macro is a bit tricky -- make sure you don't put spaces
81 * in between its arguments. __CONCAT can also concatenate double-quoted
82 * strings produced by the __STRING macro, but this only works with ANSI C.
83 */
84
85 #define ___STRING(x) __STRING(x)
86 #define ___CONCAT(x,y) __CONCAT(x,y)
87
88 #if defined(__STDC__) || defined(__cplusplus)
89 #define __P(protos) protos /* full-blown ANSI C */
90 #define __CONCAT(x,y) x ## y
91 #define __STRING(x) #x
92
93 #if defined(__cplusplus)
94 #define __inline inline /* convert to C++ keyword */
95 #endif /* !__cplusplus */
96
97 #else /* !(__STDC__ || __cplusplus) */
98 #define __P(protos) () /* traditional C preprocessor */
99 #define __CONCAT(x,y) x/**/y
100 #define __STRING(x) "x"
101
102 #endif /* !(__STDC__ || __cplusplus) */
103
104 #define __always_inline __attribute__((__always_inline__))
105 #define __attribute_const__ __attribute__((__const__))
106 #define __attribute_pure__ __attribute__((__pure__))
107 #define __dead __attribute__((__noreturn__))
108 #define __noreturn __attribute__((__noreturn__))
109 #define __mallocfunc __attribute__((__malloc__))
110 #define __packed __attribute__((__packed__))
111 #define __unused __attribute__((__unused__))
112 #define __used __attribute__((__used__))
113
114 /*
115 * _Nonnull is similar to the nonnull attribute in that it will instruct
116 * compilers to warn the user if it can prove that a null argument is being
117 * passed. Unlike the nonnull attribute, this annotation indicated that a value
118 * *should not* be null, not that it *cannot* be null, or even that the behavior
119 * is undefined. The important distinction is that the optimizer will perform
120 * surprising optimizations like the following:
121 *
122 * void foo(void*) __attribute__(nonnull, 1);
123 *
124 * int bar(int* p) {
125 * foo(p);
126 *
127 * // The following null check will be elided because nonnull attribute
128 * // means that, since we call foo with p, p can be assumed to not be
129 * // null. Thus this will crash if we are called with a null pointer.
130 * if (p != NULL) {
131 * return *p;
132 * }
133 * return 0;
134 * }
135 *
136 * int main() {
137 * return bar(NULL);
138 * }
139 *
140 * http://clang.llvm.org/docs/AttributeReference.html#nonnull
141 */
142 #if !(defined(__clang__) && __has_feature(nullability))
143 #define _Nonnull
144 #define _Nullable
145 #endif
146
147 #define __printflike(x, y) __attribute__((__format__(printf, x, y)))
148 #define __scanflike(x, y) __attribute__((__format__(scanf, x, y)))
149
150 /*
151 * GNU C version 2.96 added explicit branch prediction so that
152 * the CPU back-end can hint the processor and also so that
153 * code blocks can be reordered such that the predicted path
154 * sees a more linear flow, thus improving cache behavior, etc.
155 *
156 * The following two macros provide us with a way to use this
157 * compiler feature. Use __predict_true() if you expect the expression
158 * to evaluate to true, and __predict_false() if you expect the
159 * expression to evaluate to false.
160 *
161 * A few notes about usage:
162 *
163 * * Generally, __predict_false() error condition checks (unless
164 * you have some _strong_ reason to do otherwise, in which case
165 * document it), and/or __predict_true() `no-error' condition
166 * checks, assuming you want to optimize for the no-error case.
167 *
168 * * Other than that, if you don't know the likelihood of a test
169 * succeeding from empirical or other `hard' evidence, don't
170 * make predictions.
171 *
172 * * These are meant to be used in places that are run `a lot'.
173 * It is wasteful to make predictions in code that is run
174 * seldomly (e.g. at subsystem initialization time) as the
175 * basic block reordering that this affects can often generate
176 * larger code.
177 */
178 #define __predict_true(exp) __builtin_expect((exp) != 0, 1)
179 #define __predict_false(exp) __builtin_expect((exp) != 0, 0)
180
181 #define __wur __attribute__((__warn_unused_result__))
182
183 #ifdef __clang__
184 # define __errorattr(msg) __attribute__((unavailable(msg)))
185 # define __warnattr(msg) __attribute__((deprecated(msg)))
186 # define __warnattr_real(msg) __attribute__((deprecated(msg)))
187 # define __enable_if(cond, msg) __attribute__((enable_if(cond, msg)))
188 #else
189 # define __errorattr(msg) __attribute__((__error__(msg)))
190 # define __warnattr(msg) __attribute__((__warning__(msg)))
191 # define __warnattr_real __warnattr
192 /* enable_if doesn't exist on other compilers; give an error if it's used. */
193
194 /* errordecls really don't work as well in clang as they do in GCC. */
195 # define __errordecl(name, msg) extern void name(void) __errorattr(msg)
196 #endif
197
198 #if defined(ANDROID_STRICT)
199 /*
200 * For things that are sketchy, but not necessarily an error. FIXME: Enable
201 * this.
202 */
203 # define __warnattr_strict(msg) /* __warnattr(msg) */
204 #else
205 # define __warnattr_strict(msg)
206 #endif
207
208 /*
209 * Some BSD source needs these macros.
210 * Originally they embedded the rcs versions of each source file
211 * in the generated binary. We strip strings during build anyway,.
212 */
213 #define __IDSTRING(_prefix,_s) /* nothing */
214 #define __COPYRIGHT(_s) /* nothing */
215 #define __FBSDID(_s) /* nothing */
216 #define __RCSID(_s) /* nothing */
217 #define __SCCSID(_s) /* nothing */
218
219 /*
220 * With bionic, you always get all C and POSIX API.
221 *
222 * If you want BSD and/or GNU extensions, _BSD_SOURCE and/or _GNU_SOURCE are
223 * expected to be defined by callers before *any* standard header file is
224 * included.
225 *
226 * In our header files we test against __USE_BSD and __USE_GNU.
227 */
228 #if defined(_GNU_SOURCE)
229 # define __USE_BSD 1
230 # define __USE_GNU 1
231 #endif
232
233 #if defined(_BSD_SOURCE)
234 # define __USE_BSD 1
235 #endif
236
237 /* _FILE_OFFSET_BITS 64 support. */
238 #if !defined(__LP64__) && defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64
239 #define __USE_FILE_OFFSET64 1
240 #define __RENAME_IF_FILE_OFFSET64(func) __RENAME(func)
241 #else
242 #define __RENAME_IF_FILE_OFFSET64(func)
243 #endif
244
245 #define __BIONIC__ 1
246 #include <android/api-level.h>
247
248 /* glibc compatibility. */
249 #if defined(__LP64__)
250 #define __WORDSIZE 64
251 #else
252 #define __WORDSIZE 32
253 #endif
254
255 /*
256 * When _FORTIFY_SOURCE is defined, automatic bounds checking is
257 * added to commonly used libc functions. If a buffer overrun is
258 * detected, the program is safely aborted.
259 *
260 * https://android-developers.googleblog.com/2017/04/fortify-in-android.html
261 */
262
263 #define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1)
264
265 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0
266 # define __BIONIC_FORTIFY 1
267 # if _FORTIFY_SOURCE == 2
268 # define __bos_level 1
269 # else
270 # define __bos_level 0
271 # endif
272 # define __bosn(s, n) __builtin_object_size((s), (n))
273 # define __bos(s) __bosn((s), __bos_level)
274 # define __bos0(s) __bosn((s), 0)
275 # if defined(__clang__)
276 # define __pass_object_size_n(n) __attribute__((pass_object_size(n)))
277 /*
278 * FORTIFY'ed functions all have either enable_if or pass_object_size, which
279 * makes taking their address impossible. Saying (&read)(foo, bar, baz); will
280 * therefore call the unFORTIFYed version of read.
281 */
282 # define __call_bypassing_fortify(fn) (&fn)
283 /*
284 * Because clang-FORTIFY uses overloads, we can't mark functions as `extern
285 * inline` without making them available externally.
286 */
287 # define __BIONIC_FORTIFY_INLINE static __inline__ __always_inline
288 /* Error functions don't have bodies, so they can just be static. */
289 # define __BIONIC_ERROR_FUNCTION_VISIBILITY static
290 # else
291 /*
292 * Where they can, GCC and clang-style FORTIFY share implementations.
293 * So, make these nops in GCC.
294 */
295 # define __pass_object_size_n(n)
296 # define __call_bypassing_fortify(fn) (fn)
297 /* __BIONIC_FORTIFY_NONSTATIC_INLINE is pointless in GCC's FORTIFY */
298 # define __BIONIC_FORTIFY_INLINE extern __inline__ __always_inline __attribute__((gnu_inline)) __attribute__((__artificial__))
299 # endif
300 #else
301 /* Further increase sharing for some inline functions */
302 # define __pass_object_size_n(n)
303 #endif
304 #define __pass_object_size __pass_object_size_n(__bos_level)
305 #define __pass_object_size0 __pass_object_size_n(0)
306
307 /*
308 * Used to support clangisms with FORTIFY. Because these change how symbols are
309 * emitted, we need to ensure that bionic itself is built fortified. But lots
310 * of external code (especially stuff using configure) likes to declare
311 * functions directly, and they can't know that the overloadable attribute
312 * exists. This leads to errors like:
313 *
314 * dcigettext.c:151:7: error: redeclaration of 'getcwd' must have the 'overloadable' attribute
315 * char *getcwd ();
316 * ^
317 *
318 * To avoid this and keep such software building, don't use overloadable if
319 * we're not using fortify.
320 */
321 #if defined(__clang__) && defined(__BIONIC_FORTIFY)
322 # define __overloadable __attribute__((overloadable))
323 /* We don't use __RENAME directly because on gcc this could result in unnecessary renames. */
324 # define __RENAME_CLANG(x) __RENAME(x)
325 #else
326 # define __overloadable
327 # define __RENAME_CLANG(x)
328 #endif
329
330 /* Used to tag non-static symbols that are private and never exposed by the shared library. */
331 #define __LIBC_HIDDEN__ __attribute__((visibility("hidden")))
332
333 /*
334 * Used to tag symbols that should be hidden for 64-bit,
335 * but visible to preserve binary compatibility for LP32.
336 */
337 #ifdef __LP64__
338 #define __LIBC32_LEGACY_PUBLIC__ __attribute__((visibility("hidden")))
339 #else
340 #define __LIBC32_LEGACY_PUBLIC__ __attribute__((visibility("default")))
341 #endif
342
343 /* Used to rename functions so that the compiler emits a call to 'x' rather than the function this was applied to. */
344 #define __RENAME(x) __asm__(#x)
345
346 #include <android/versioning.h>
347
348 #if __has_builtin(__builtin_umul_overflow) || __GNUC__ >= 5
349 #if defined(__LP64__)
350 #define __size_mul_overflow(a, b, result) __builtin_umull_overflow(a, b, result)
351 #else
352 #define __size_mul_overflow(a, b, result) __builtin_umul_overflow(a, b, result)
353 #endif
354 #else
355 extern __inline__ __always_inline __attribute__((gnu_inline))
__size_mul_overflow(__SIZE_TYPE__ a,__SIZE_TYPE__ b,__SIZE_TYPE__ * result)356 int __size_mul_overflow(__SIZE_TYPE__ a, __SIZE_TYPE__ b, __SIZE_TYPE__ *result) {
357 *result = a * b;
358 static const __SIZE_TYPE__ mul_no_overflow = 1UL << (sizeof(__SIZE_TYPE__) * 4);
359 return (a >= mul_no_overflow || b >= mul_no_overflow) && a > 0 && (__SIZE_TYPE__)-1 / a < b;
360 }
361 #endif
362
363 #if defined(__clang__)
364 /*
365 * Used when we need to check for overflow when multiplying x and y. This
366 * should only be used where __size_mul_overflow can not work, because it makes
367 * assumptions that __size_mul_overflow doesn't (x and y are positive, ...),
368 * *and* doesn't make use of compiler intrinsics, so it's probably slower than
369 * __size_mul_overflow.
370 */
371 #define __unsafe_check_mul_overflow(x, y) ((__SIZE_TYPE__)-1 / (x) < (y))
372 #endif
373
374 #endif /* !_SYS_CDEFS_H_ */
375