1 /* $NetBSD: cdefs.h,v 1.58 2004/12/11 05:59:00 christos Exp $ */
2
3 /*
4 * Copyright (c) 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Berkeley Software Design, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * @(#)cdefs.h 8.8 (Berkeley) 1/9/95
35 */
36
37 #ifndef _SYS_CDEFS_H_
38 #define _SYS_CDEFS_H_
39
40 #include <android/api-level.h>
41 #include <android/versioning.h>
42
43 #define __BIONIC__ 1
44
45 /*
46 * Testing against Clang-specific extensions.
47 */
48 #ifndef __has_extension
49 #define __has_extension __has_feature
50 #endif
51 #ifndef __has_feature
52 #define __has_feature(x) 0
53 #endif
54 #ifndef __has_include
55 #define __has_include(x) 0
56 #endif
57 #ifndef __has_builtin
58 #define __has_builtin(x) 0
59 #endif
60 #ifndef __has_attribute
61 #define __has_attribute(x) 0
62 #endif
63
64 #define __strong_alias(alias, sym) \
65 __asm__(".global " #alias "\n" \
66 #alias " = " #sym);
67
68 #if defined(__cplusplus)
69 #define __BEGIN_DECLS extern "C" {
70 #define __END_DECLS }
71 #else
72 #define __BEGIN_DECLS
73 #define __END_DECLS
74 #endif
75
76 #if defined(__cplusplus)
77 #define __BIONIC_CAST(_k,_t,_v) (_k<_t>(_v))
78 #else
79 #define __BIONIC_CAST(_k,_t,_v) ((_t) (_v))
80 #endif
81
82 #define __BIONIC_ALIGN(__value, __alignment) (((__value) + (__alignment)-1) & ~((__alignment)-1))
83
84 /*
85 * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
86 * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
87 * The __CONCAT macro is a bit tricky -- make sure you don't put spaces
88 * in between its arguments. __CONCAT can also concatenate double-quoted
89 * strings produced by the __STRING macro, but this only works with ANSI C.
90 */
91
92 #define ___STRING(x) __STRING(x)
93 #define ___CONCAT(x,y) __CONCAT(x,y)
94
95 #if defined(__STDC__) || defined(__cplusplus)
96 #define __P(protos) protos /* full-blown ANSI C */
97 #define __CONCAT(x,y) x ## y
98 #define __STRING(x) #x
99
100 #if defined(__cplusplus)
101 #define __inline inline /* convert to C++ keyword */
102 #endif /* !__cplusplus */
103
104 #else /* !(__STDC__ || __cplusplus) */
105 #define __P(protos) () /* traditional C preprocessor */
106 #define __CONCAT(x,y) x/**/y
107 #define __STRING(x) "x"
108
109 #endif /* !(__STDC__ || __cplusplus) */
110
111 #define __always_inline __attribute__((__always_inline__))
112 #define __attribute_const__ __attribute__((__const__))
113 #define __attribute_pure__ __attribute__((__pure__))
114 #define __dead __attribute__((__noreturn__))
115 #define __noreturn __attribute__((__noreturn__))
116 #define __mallocfunc __attribute__((__malloc__))
117 #define __packed __attribute__((__packed__))
118 #define __unused __attribute__((__unused__))
119 #define __used __attribute__((__used__))
120
121 #define __printflike(x, y) __attribute__((__format__(printf, x, y)))
122 #define __scanflike(x, y) __attribute__((__format__(scanf, x, y)))
123 #define __strftimelike(x) __attribute__((__format__(strftime, x, 0)))
124
125 /*
126 * GNU C version 2.96 added explicit branch prediction so that
127 * the CPU back-end can hint the processor and also so that
128 * code blocks can be reordered such that the predicted path
129 * sees a more linear flow, thus improving cache behavior, etc.
130 *
131 * The following two macros provide us with a way to use this
132 * compiler feature. Use __predict_true() if you expect the expression
133 * to evaluate to true, and __predict_false() if you expect the
134 * expression to evaluate to false.
135 *
136 * A few notes about usage:
137 *
138 * * Generally, __predict_false() error condition checks (unless
139 * you have some _strong_ reason to do otherwise, in which case
140 * document it), and/or __predict_true() `no-error' condition
141 * checks, assuming you want to optimize for the no-error case.
142 *
143 * * Other than that, if you don't know the likelihood of a test
144 * succeeding from empirical or other `hard' evidence, don't
145 * make predictions.
146 *
147 * * These are meant to be used in places that are run `a lot'.
148 * It is wasteful to make predictions in code that is run
149 * seldomly (e.g. at subsystem initialization time) as the
150 * basic block reordering that this affects can often generate
151 * larger code.
152 */
153 #define __predict_true(exp) __builtin_expect((exp) != 0, 1)
154 #define __predict_false(exp) __builtin_expect((exp) != 0, 0)
155
156 #define __wur __attribute__((__warn_unused_result__))
157
158 #ifdef __clang__
159 # define __errorattr(msg) __attribute__((unavailable(msg)))
160 # define __warnattr(msg) __attribute__((deprecated(msg)))
161 # define __warnattr_real(msg) __attribute__((deprecated(msg)))
162 # define __enable_if(cond, msg) __attribute__((enable_if(cond, msg)))
163 # define __clang_error_if(cond, msg) __attribute__((diagnose_if(cond, msg, "error")))
164 # define __clang_warning_if(cond, msg) __attribute__((diagnose_if(cond, msg, "warning")))
165 #else
166 # define __errorattr(msg) __attribute__((__error__(msg)))
167 # define __warnattr(msg) __attribute__((__warning__(msg)))
168 # define __warnattr_real __warnattr
169 /* enable_if doesn't exist on other compilers; give an error if it's used. */
170 /* diagnose_if doesn't exist either, but it's often tagged on non-clang-specific functions */
171 # define __clang_error_if(cond, msg)
172 # define __clang_warning_if(cond, msg)
173
174 /* errordecls really don't work as well in clang as they do in GCC. */
175 # define __errordecl(name, msg) extern void name(void) __errorattr(msg)
176 #endif
177
178 #if defined(ANDROID_STRICT)
179 /*
180 * For things that are sketchy, but not necessarily an error. FIXME: Enable
181 * this.
182 */
183 # define __warnattr_strict(msg) /* __warnattr(msg) */
184 #else
185 # define __warnattr_strict(msg)
186 #endif
187
188 /*
189 * Some BSD source needs these macros.
190 * Originally they embedded the rcs versions of each source file
191 * in the generated binary. We strip strings during build anyway,.
192 */
193 #define __IDSTRING(_prefix,_s) /* nothing */
194 #define __COPYRIGHT(_s) /* nothing */
195 #define __FBSDID(_s) /* nothing */
196 #define __RCSID(_s) /* nothing */
197 #define __SCCSID(_s) /* nothing */
198
199 /*
200 * With bionic, you always get all C and POSIX API.
201 *
202 * If you want BSD and/or GNU extensions, _BSD_SOURCE and/or _GNU_SOURCE are
203 * expected to be defined by callers before *any* standard header file is
204 * included.
205 *
206 * In our header files we test against __USE_BSD and __USE_GNU.
207 */
208 #if defined(_GNU_SOURCE)
209 # define __USE_BSD 1
210 # define __USE_GNU 1
211 #endif
212
213 #if defined(_BSD_SOURCE)
214 # define __USE_BSD 1
215 #endif
216
217 /*
218 * _FILE_OFFSET_BITS 64 support.
219 * See https://android.googlesource.com/platform/bionic/+/master/docs/32-bit-abi.md
220 */
221 #if !defined(__LP64__) && defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64
222 # define __USE_FILE_OFFSET64 1
223 /*
224 * Note that __RENAME_IF_FILE_OFFSET64 is only valid if the off_t and off64_t
225 * functions were both added at the same API level because if you use this,
226 * you only have one declaration to attach __INTRODUCED_IN to.
227 */
228 # define __RENAME_IF_FILE_OFFSET64(func) __RENAME(func)
229 #else
230 # define __RENAME_IF_FILE_OFFSET64(func)
231 #endif
232
233 /*
234 * For LP32, `long double` == `double`. Historically many `long double` functions were incorrect
235 * on x86, missing on most architectures, and even if they are present and correct, linking to
236 * them just bloats your ELF file by adding extra relocations. The __BIONIC_LP32_USE_LONG_DOUBLE
237 * macro lets us test the headers both ways (and adds an escape valve).
238 *
239 * Note that some functions have their __RENAME_LDBL commented out as a sign that although we could
240 * use __RENAME_LDBL it would actually cause the function to be introduced later because the
241 * `long double` variant appeared before the `double` variant.
242 */
243 #if defined(__LP64__) || defined(__BIONIC_LP32_USE_LONG_DOUBLE)
244 #define __RENAME_LDBL(rewrite,rewrite_api_level,regular_api_level) __INTRODUCED_IN(regular_api_level)
245 #else
246 #define __RENAME_LDBL(rewrite,rewrite_api_level,regular_api_level) __RENAME(rewrite) __INTRODUCED_IN(rewrite_api_level)
247 #endif
248
249 /*
250 * On all architectures, `struct stat` == `struct stat64`, but LP32 didn't gain the *64 functions
251 * until API level 21.
252 */
253 #if defined(__LP64__) || defined(__BIONIC_LP32_USE_STAT64)
254 #define __RENAME_STAT64(rewrite,rewrite_api_level,regular_api_level) __INTRODUCED_IN(regular_api_level)
255 #else
256 #define __RENAME_STAT64(rewrite,rewrite_api_level,regular_api_level) __RENAME(rewrite) __INTRODUCED_IN(rewrite_api_level)
257 #endif
258
259 /* glibc compatibility. */
260 #if defined(__LP64__)
261 #define __WORDSIZE 64
262 #else
263 #define __WORDSIZE 32
264 #endif
265
266 /*
267 * When _FORTIFY_SOURCE is defined, automatic bounds checking is
268 * added to commonly used libc functions. If a buffer overrun is
269 * detected, the program is safely aborted.
270 *
271 * https://android-developers.googleblog.com/2017/04/fortify-in-android.html
272 */
273
274 #define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1)
275
276 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
277 # if defined(__clang__)
278 /*
279 * FORTIFY's _chk functions effectively disable ASAN's stdlib interceptors.
280 * Additionally, the static analyzer/clang-tidy try to pattern match some
281 * standard library functions, and FORTIFY sometimes interferes with this. So,
282 * we turn FORTIFY off in both cases.
283 */
284 # if !__has_feature(address_sanitizer) && !defined(__clang_analyzer__)
285 # define __BIONIC_FORTIFY 1
286 # endif
287 # elif defined(__OPTIMIZE__) && __OPTIMIZE__ > 0
288 # define __BIONIC_FORTIFY 1
289 # endif
290 #endif
291
292 // As we move some FORTIFY checks to be always on, __bos needs to be
293 // always available.
294 #if defined(__BIONIC_FORTIFY)
295 # if _FORTIFY_SOURCE == 2
296 # define __bos_level 1
297 # else
298 # define __bos_level 0
299 # endif
300 #else
301 # define __bos_level 0
302 #endif
303
304 #define __bosn(s, n) __builtin_object_size((s), (n))
305 #define __bos(s) __bosn((s), __bos_level)
306
307 #if defined(__BIONIC_FORTIFY)
308 # define __bos0(s) __bosn((s), 0)
309 # if defined(__clang__)
310 # define __pass_object_size_n(n) __attribute__((pass_object_size(n)))
311 /*
312 * FORTIFY'ed functions all have either enable_if or pass_object_size, which
313 * makes taking their address impossible. Saying (&read)(foo, bar, baz); will
314 * therefore call the unFORTIFYed version of read.
315 */
316 # define __call_bypassing_fortify(fn) (&fn)
317 /*
318 * Because clang-FORTIFY uses overloads, we can't mark functions as `extern
319 * inline` without making them available externally.
320 */
321 # define __BIONIC_FORTIFY_INLINE static __inline__ __always_inline
322 /*
323 * We should use __BIONIC_FORTIFY_VARIADIC instead of __BIONIC_FORTIFY_INLINE
324 * for variadic functions because compilers cannot inline them.
325 * The __always_inline attribute is useless, misleading, and could trigger
326 * clang compiler bug to incorrectly inline variadic functions.
327 */
328 # define __BIONIC_FORTIFY_VARIADIC static __inline__
329 /* Error functions don't have bodies, so they can just be static. */
330 # define __BIONIC_ERROR_FUNCTION_VISIBILITY static
331 # else
332 /*
333 * Where they can, GCC and clang-style FORTIFY share implementations.
334 * So, make these nops in GCC.
335 */
336 # define __pass_object_size_n(n)
337 # define __call_bypassing_fortify(fn) (fn)
338 /* __BIONIC_FORTIFY_NONSTATIC_INLINE is pointless in GCC's FORTIFY */
339 # define __BIONIC_FORTIFY_INLINE extern __inline__ __always_inline __attribute__((gnu_inline)) __attribute__((__artificial__))
340 /* __always_inline is probably okay and ignored by gcc in __BIONIC_FORTIFY_VARIADIC */
341 # define __BIONIC_FORTIFY_VARIADIC __BIONIC_FORTIFY_INLINE
342 # endif
343 #else
344 /* Further increase sharing for some inline functions */
345 # define __pass_object_size_n(n)
346 #endif
347 #define __pass_object_size __pass_object_size_n(__bos_level)
348 #define __pass_object_size0 __pass_object_size_n(0)
349
350 #if defined(__BIONIC_FORTIFY) || defined(__BIONIC_DECLARE_FORTIFY_HELPERS)
351 # define __BIONIC_INCLUDE_FORTIFY_HEADERS 1
352 #endif
353
354 /*
355 * Used to support clangisms with FORTIFY. Because these change how symbols are
356 * emitted, we need to ensure that bionic itself is built fortified. But lots
357 * of external code (especially stuff using configure) likes to declare
358 * functions directly, and they can't know that the overloadable attribute
359 * exists. This leads to errors like:
360 *
361 * dcigettext.c:151:7: error: redeclaration of 'getcwd' must have the 'overloadable' attribute
362 * char *getcwd ();
363 * ^
364 *
365 * To avoid this and keep such software building, don't use overloadable if
366 * we're not using fortify.
367 */
368 #if defined(__clang__) && defined(__BIONIC_FORTIFY)
369 # define __overloadable __attribute__((overloadable))
370 #else
371 # define __overloadable
372 #endif
373
374 /* Used to tag non-static symbols that are private and never exposed by the shared library. */
375 #define __LIBC_HIDDEN__ __attribute__((visibility("hidden")))
376
377 /*
378 * Used to tag symbols that should be hidden for 64-bit,
379 * but visible to preserve binary compatibility for LP32.
380 */
381 #ifdef __LP64__
382 #define __LIBC32_LEGACY_PUBLIC__ __attribute__((visibility("hidden")))
383 #else
384 #define __LIBC32_LEGACY_PUBLIC__ __attribute__((visibility("default")))
385 #endif
386
387 /* Used to rename functions so that the compiler emits a call to 'x' rather than the function this was applied to. */
388 #define __RENAME(x) __asm__(#x)
389
390 #if __has_builtin(__builtin_umul_overflow) || __GNUC__ >= 5
391 #if defined(__LP64__)
392 #define __size_mul_overflow(a, b, result) __builtin_umull_overflow(a, b, result)
393 #else
394 #define __size_mul_overflow(a, b, result) __builtin_umul_overflow(a, b, result)
395 #endif
396 #else
397 extern __inline__ __always_inline __attribute__((gnu_inline))
__size_mul_overflow(__SIZE_TYPE__ a,__SIZE_TYPE__ b,__SIZE_TYPE__ * result)398 int __size_mul_overflow(__SIZE_TYPE__ a, __SIZE_TYPE__ b, __SIZE_TYPE__ *result) {
399 *result = a * b;
400 static const __SIZE_TYPE__ mul_no_overflow = 1UL << (sizeof(__SIZE_TYPE__) * 4);
401 return (a >= mul_no_overflow || b >= mul_no_overflow) && a > 0 && (__SIZE_TYPE__)-1 / a < b;
402 }
403 #endif
404
405 #if defined(__clang__)
406 /*
407 * Used when we need to check for overflow when multiplying x and y. This
408 * should only be used where __size_mul_overflow can not work, because it makes
409 * assumptions that __size_mul_overflow doesn't (x and y are positive, ...),
410 * *and* doesn't make use of compiler intrinsics, so it's probably slower than
411 * __size_mul_overflow.
412 */
413 #define __unsafe_check_mul_overflow(x, y) ((__SIZE_TYPE__)-1 / (x) < (y))
414 #endif
415
416 #endif /* !_SYS_CDEFS_H_ */
417