Commit Graph

350 Commits

Author SHA1 Message Date
Keith Packard fb01286fab stdlib: Make strtod/strtof set ERANGE consistently for underflow.
The C standard says that errno may acquire the value ERANGE if the
result from strtod underflows. According to IEEE 754, underflow occurs
whenever the value cannot be represented in normalized form.

Newlib is inconsistent in this, setting errno to ERANGE only if the
value underflows to zero, but not for denorm values, and never for hex
format floats.

This patch attempts to consistently set errno to ERANGE for all
'underflow' conditions, which is to say all values which are not
exactly zero and which cannot be represented in normalized form.

This matches glibc behavior, as well as the Linux, Mac OS X, OpenBSD,
FreeBSD and SunOS strtod man pages.

Signed-off-by: Keith Packard <keithp@keithp.com>
2021-07-07 13:22:02 -04:00
Ola Olsson 84d068971d Nano-malloc: Fix for unwanted external heap fragmentation
The only reason why it is tough for us to use nano malloc
is because of the small shortcoming where nano_malloc()
splits a bigger chunk from the free list into two pieces
while handing back the second one (the tail) to the user.
This is error prone and especially bad for smaller heaps,
where nano malloc is supposed to be superior. The normal
malloc doesn't have this issue and we need to use it even
though it costs us ~2k bytes compared to nano-malloc.

The problem arise especially after giving back _every_
malloced memory to the heap and then starting to exercise
the heap again by allocating something small. This small
item might split the whole heap in two equally big parts
depending on how the heap has been exercised before.

I have uploaded the smallest possible application
(only tested on ST and Nordic devices) to show the issue
while the real customer applications are far more complicated:
https://drive.google.com/file/d/1kfSC2KOm3Os3mI7EBd-U0j63qVs8xMbt/view?usp=sharing

The application works like the following pseudo code,
where we assume a heap of 100 bytes
(I haven't taken padding and other nitty and gritty
details into account. Everything to simplify understanding):

void *ptr = malloc(52); // We get 52 bytes and we have
                        // 48 bytes to use.
free(ptr); // Hand back the 52 bytes to nano_malloc
           // This is the magic line that shows the issue of
           // nano_malloc
ptr = malloc(1); // Nano malloc will split the 52 bytes
                 // in the free list and hand you a pointer
                 // somewhere in the
                 // middle of the heap.
ptr2 = malloc(52); // Out of memory...

I have done a fix which hands back the first part of the
splitted chunk. Once this is fixed we obviously
have the 1 byte placed in position 0 of the heap instead
of somewhere in the middle.

However, this won't let us malloc 52 new bytes even though
we potentially have 99 bytes left to use in the heap. The
reason is that when we try to do the allocation,
nano-malloc looks into the free list and sees a 51 byte
chunk to be used.
This is not big enough so nano-malloc decides to call
sbrk for _another_ 52 bytes which is not possible since
there is only 48 bytes left to ask for.

The solution for this problem is to check if the last
item in the free list is adjacent to sbrk(0). If it is,
as it is in this case, we can just ask sbrk for the
remainder of what is needed. In this case 1 byte.

NB! I have only tested the solution on our ST device.
2021-05-03 13:00:33 +02:00
Corinna Vinschen 80bd01ef83 Add build mechanism to share common header files between machines
So far the build mechanism in newlib only allowed to either define
machine-specific headers, or headers shared between all machines.
In some cases, architectures are sufficiently alike to share header
files between them, but not with other architectures.  A good example
is ix86 vs. x86_64, which share certain traits with each other, but
not with other architectures.

Introduce a new configure variable called "shared_machine_dir".  This
dir can then be used for headers shared between architectures.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2021-04-13 12:55:33 +02:00
Hans-Peter Nilsson c1a565c396 Include malloc.h in libc/stdlib/aligned_alloc.c
Without this, for a bare-iron/simulator target such as cris-elf,
you'll see, at newlib build time:

/x/gccobj/./gcc/xgcc -B/x/gccobj/./gcc/ <many options elided> -c -o lib_a-aligned_alloc.o \
 `test -f 'aligned_alloc.c' || echo '/y/newlib/libc/stdlib/'`aligned_alloc.c
/y/newlib/libc/stdlib/aligned_alloc.c: In function 'aligned_alloc':
/y/newlib/libc/stdlib/aligned_alloc.c:35:10: warning: implicit declaration of function \
 '_memalign_r' [-Wimplicit-function-declaration]
   35 |   return _memalign_r (_REENT, align, size);
      |          ^~~~~~~~~~~
2021-02-18 02:05:47 +01:00
Corinna Vinschen aa106b29a6 malloc/nano-malloc: correctly check for out-of-bounds allocation reqs
The overflow check in mEMALIGn erroneously checks for INT_MAX,
albeit the input parameter is size_t.  Fix this to check for
__SIZE_MAX__ instead.  Also, it misses to check the req against
adding the alignment before calling mALLOc.

While at it, add out-of-bounds checks to pvALLOc, nano_memalign,
nano_valloc, and Cygwin's (unused) dlpvalloc.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2020-11-17 10:52:34 +01:00
Jozef Lawrynowicz 754386c7f5 Fix warnings when building for msp430-elf
The MSP430 target supports both 16-bit and 20-bit size_t and intptr_t.
Some implicit casts in Newlib expect these types to be
"long", (a 32-bit type on MSP430) which causes warnings during
compilation such as:
  "cast from pointer to integer of different size"
2020-09-03 12:55:32 +02:00
Keith Packard via Newlib 8a7ec55c53 libm/stdlib: Realloc when shrinking by 2* or more
This reduces memory usage when reallocating objects much smaller.

Signed-off-by: Keith Packard <keithp@keithp.com>
2020-08-17 11:43:55 +02:00
Keith Packard via Newlib ce4044adee libm/stdlib: don't read past source in nano_realloc
Save the computed block size and use it to avoid reading past
the end of the source block.

Signed-off-by: Keith Packard <keithp@keithp.com>
2020-08-17 11:43:55 +02:00
Craig Blackmore ab215e3dd1 libc/stdlib: Fix build failure in nano_calloc
commit 588a5e1dde added a non-reentrant
call to nano_malloc which causes a build failure if INTERNAL_NEWLIB is
defined.

Here is a snippet of the error:

In file included from .../newlib/newlib/libc/stdlib/nano-mallocr.c:38:
.../newlib/newlib/libc/include/malloc.h:42:25: note: expected 'struct _reent *' but argument is of type 'ptrdiff_t' {aka 'int'}
   42 | extern void *_malloc_r (struct _reent *, size_t);
      |                         ^~~~~~~~~~~~~~~
.../newlib/newlib/libc/stdlib/nano-mallocr.c:67:22: error: too few arguments to function '_malloc_r'
   67 | #define nano_malloc  _malloc_r
      |                      ^~~~~~~~~
.../newlib/newlib/libc/stdlib/nano-mallocr.c:456:11: note: in expansion of macro 'nano_malloc'
  456 |     mem = nano_malloc(bytes);
      |           ^~~~~~~~~~~
In file included from .../newlib/newlib/libc/stdlib/nano-mallocr.c:38:
.../newlib/newlib/libc/include/malloc.h:42:14: note: declared here
   42 | extern void *_malloc_r (struct _reent *, size_t);
      |              ^~~~~~~~~
.../newlib/newlib/libc/stdlib/nano-mallocr.c:43: warning: "assert" redefined
   43 | #define assert(x) ((void)0)
      |

This patch adds a missing RCALL to the args when calling nano_malloc
from nano_calloc, so that if the call is reentrant, reent_ptr is passed
as the first argument.

The variable `bytes` (also added in 588a5e1d) has been changed from a
`ptrdiff_t` to `malloc_size_t` as it does not need to be signed. It is
used to store the product of two unsigned malloc_size_t variables and
then iff there was no overflow is it passed to malloc and memset which
both expect size_t which is unsigned.

Signed-off-by: Craig Blackmore <craig.blackmore@embecosm.com>
2020-08-13 09:59:45 +02:00
Keith Packard via Newlib 588a5e1dde libc/stdlib: Use __builtin_mul_overflow for reallocarray and calloc
This built-in function (available in both gcc and clang) is more
efficient and generates shorter code than open-coding the test.

Signed-off-by: Keith Packard <keithp@keithp.com>
2020-08-12 10:09:56 +02:00
Szabolcs Nagy 0f785536f3 Reimplement aligned_alloc
The original implementation had multiple issues:

- Only worked when posix_memalign was available (Linux, RTEMS).
- Violated C11 link namespace rules by calling posix_memalign.
- Failed to set errno on error.

These can be fixed by essentially using the same implementation
for aligned_alloc as for memalign, i.e. simply calling _memalign_r
(which is always available and a "more reserved name" although
technically still not in the reserved link namespace, at least
code written in c cannot define a colliding symbol, newlib has
plenty such namespace issues so this is fine).

It is not clear what the right policy is when MALLOC_PROVIDED is set,
currently that does not cover aligned_alloc so it is kept that way.

Tested on aarch64-none-elf
2020-05-19 15:19:33 +02:00
Keith Packard 9042d0ce65 Use remove-advertising-clause script to edit BSD licenses
This edits licenses held by Berkeley and NetBSD, both of which
have removed the advertising requirement from their licenses.

Signed-off-by: Keith Packard <keithp@keithp.com>
2020-01-29 19:03:31 +01:00
Jeff Johnston 1fdf871c9d Prevent more NULL ptr accesses due to Balloc out of memory
- fix gdtoa-gethex.c, ldtoa.c, and strtodg.c to use eBalloc
2020-01-09 15:18:14 -05:00
Keith Packard 76dcfd0c4d Don't display trailing '.' in _dcvt
In the two helper functions that _dcvt calls for 'f' and 'e' mode, if
there are no digits to display after the decimal point, don't add one.

Signed-off-by: Keith Packard <keithp@keithp.com>
2019-12-18 20:53:36 +01:00
Keith Packard 11f99384d2 Fix gcvt to always show 'ndigits' of precision
Leading zeros after the decimal point should not count
towards the 'ndigits' limit.

This makes gcvt match glibc and the posix gcvt man page.

Signed-off-by: Keith Packard <keithp@keithp.com>
2019-12-18 20:53:36 +01:00
Keith Packard abcc586ffe Fix fcvt to only show 'ndigit' past decimal
Even if the number is really small and this means showing *no* digits.
This makes newlib match glibc, and the fcvt posix man page.

Signed-off-by: Keith Packard <keithp@keithp.com>
2019-12-18 20:53:36 +01:00
Keith Packard 2635b580ec Return EINVAL for illegal base in strtol
Signed-off-by: Keith Packard <keithp@keithp.com>
2019-12-17 10:07:44 +01:00
Bruno Haible c81a76b3b9 strtold: set errno to ERANGE on underflow per POSIX
https://pubs.opengroup.org/onlinepubs/9699919799/functions/strtod.html
2019-12-16 15:18:52 +01:00
Jeff Johnston f88aece242 Prevent NULL ptr accesses due to Balloc out of memory
- add new eBalloc macro to mprec.h which calls Balloc and
  aborts if Balloc fails due to out of memory
- change mprec.c functions that use Balloc without checking to use eBalloc instead
- fix dtoa.c to use eBalloc
2019-10-04 17:43:49 -04:00
uchan-nos 9cde02051e fix compile errors for efgcvt.c 2019-07-24 11:58:21 +02:00
Jeff Johnston 5726873100 Bump release to 3.1.0 for yearly snapshot 2018-12-31 23:40:11 -05:00
Corinna Vinschen 256f1171ac newlib: Build internal strtold code only if HAVE_LONG_DOUBLE defined
Commit fbace81684
("Import correctly working strtold from David M. Gay.")
introduced two new files, strtorx.c and strtodg.c.  The functions
are only called from strtold.c.  However, while strtold.c is only
built if HAVE_LONG_DOUBLE is defined, the patch erroneously added
the two new files to GENERAL_SOURCES unconditionally.

Fix this by building both files only if HAVE_LONG_DOUBLE has been
defined.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-10-10 18:01:22 +02:00
Corinna Vinschen 35555851d7 newlib: strtold: use __builtin_nanl to avoid libm dependency
Commit 6c212a8b78
("Fix strtod ("nan") and strtold ("nan") returns wrong negative NaN")
introduced an unconditional dependency to nanl and, in turn, to libm.

Rather than including nanl in libc as well, just call __builtin_nanl
from here.  Requires GCC 3.3 or later.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-10-10 17:53:55 +02:00
Keith Packard 3b6994ec5f stdlib: Use __get_numeric_locale instead of __localeconv_l for decimal_point
The string/float conversion functions need to get the locale decimal
point. Instead of calling __localeconv_l (which copies locale data
into lconv form from __get_numeric_locale), use __get_numeric_locale
directly.

Signed-off-by: Keith Packard <keithp@keithp.com>
2018-09-06 14:14:05 +02:00
Jon Beniston 7283d2513c stdlib/arc4random.c: Fix reseed count for 16-bit targets. 2018-09-06 13:26:25 +02:00
Keith Packard 2c245028af Use nanf("") instead of nanf(NULL)
Newer GCC versions require a non-NULL argument to this function for
some reason.

Signed-off-by: Keith Packard <keithp@keithp.com>
2018-08-29 15:57:27 +02:00
Masamichi Hosoda c8d4c99ecd Fix strtof ("-nan") returns positive NaN
strtof ("-nan") returned positive NaN instead of negative NaN.
strtod ("-nan") and strtold ("-nan") return negative NaN.

Linux glibc has been fixed
that strto{f|d|ld} ("-nan") returns negative NaN.
https://sourceware.org/bugzilla/show_bug.cgi?id=23007

This commit makes strtof preserves the negative sign bit
when parsing "-nan" like glibc.
2018-08-16 13:17:44 +02:00
Masamichi Hosoda 4c8fa88e4d Remove unused NaN's integer representation definitions
By previous commit, strto{d|ld} ("nan")
does not use the definition of NaN.
There is no other function that uses the definitions.

This commit remove the definitions.
2018-08-16 13:17:44 +02:00
Masamichi Hosoda 6c212a8b78 Fix strtod ("nan") and strtold ("nan") returns wrong negative NaN
The definition of qNaN for x86_64 and i386 was wrong.
strto{d|ld} ("nan") returned wrong negative NaN
instead of correct positive NaN
since it used the wrong definition.

On the other hand, strtof ("nan") returns correct positive NaN
since it uses nanf ("") instead of the wrong definition.

This commit makes strto{d|ld} ("nan") uses {nan|nanl} ("")
like strtof ("nan") using.
So strto{d|ld} ("nan") returns positive NaN.
2018-08-16 13:17:44 +02:00
Aditya Upadhyay a9a4554723 Added Restriction on base value 2018-08-13 09:42:21 +02:00
Corinna Vinschen 6f485ba026 newlib: don't check malloc/free pointer
use preprocessor check for MALLOC_PROVIDED instead

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-08-08 10:50:19 +02:00
Corinna Vinschen 2d87d95f12 newlib: fix various gcc warnings
* unused variables
* potentially used uninitialized
* suggested bracketing
* misleading indentation

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-08-08 10:50:19 +02:00
Thomas Kindler 9dd3c3b0ad newlib: getopt now permutes multi-flag options correctly
Previously, "test 1 2 3 -a -b -c"  was permuted to "test -a -b -c 1 2 3",
but "test 1 2 3 -abc" was left as "test 1 2 3 -abc".

Signed-off-by: Thomas Kindler <mail+newlib@t-kindler.de>
2018-06-18 18:45:44 +02:00
Jeff Johnston 4a3d0a5a5d Fix issue with malloc_extend_top
- when calculating a correction to align next brk to page boundary,
  ensure that the correction is less than a page size
- if allocating the correction fails, ensure that the top size is
  set to brk + sbrk_size (minus any front alignment made)

Signed-off-by: Jeff Johnston <jjohnstn@redhat.com>
2018-05-29 10:16:48 -04:00
Jeff Johnston cd31fbb2ae Add nvptx port.
- From: Cesar Philippidis <cesar@codesourcery.com>
  Date: Tue, 10 Apr 2018 14:43:42 -0700
  Subject: [PATCH] nvptx port

  This port adds support for Nvidia GPU's, which are primarily used as
  offload accelerators in OpenACC and OpenMP.
2018-04-13 15:42:37 -04:00
Corinna Vinschen 27652b608d strtod: Convert 64 bit double to 64 bit int during computation
The gdtoa implementation uses the type long, defined as Long, in lots
of code.  For historical reason newlib defines Long as int32_t instead.

This works fine, as long as floating point exceptions are not enabled.
The conversion to 32 bit int can lead to a FE_INVALID situation.

Example:

  const char *str = "121645100408832000.0";
  char *ptr;

  feenableexcept (FE_INVALID);
  strtod (str, &ptr);

This leads to the following situation in strtod

  double aadj;
  Long L;

  [...]
  L = (Long)aadj;

For instance, on x86_64 the code here is

  cvttsd2si %xmm0,%eax

At this point, aadj is 2529648000.0 in our example.  The conversion to
32 bit %eax results in a negative int value, thus the conversion is
invalid.  With feenableexcept (FE_INVALID), a SIGFPE is raised.

Fix this by always using 64 bit ints here if double is not a 32 bit type
to avoid this type of FP exceptions.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2018-04-09 11:31:04 +02:00
Jaap de Wolff 337cee51ca Add prototype to _malloc_lock() and *unlock() to malloc.h, and inlude this from nano-mallocr.c 2018-02-16 12:16:07 +01:00
Orlando Arias b7e0f286a2 Fix syntax error in exit.c
This patch fixes a syntax error in exit.c that was introduced during the
ANSI-fication of newlib. The patch fixes a compile-time issue that arises when
newlib is configured with the --enable-lite-exit feature.
2018-01-19 19:58:10 +01:00
Yaakov Selkowitz 7192f84096 ansification: remove _HAVE_STDC
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:30 -06:00
Yaakov Selkowitz 70ee6b17df ansification: remove _EXFUN, _EXFUN_NOTHROW
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:29 -06:00
Yaakov Selkowitz 77f16db546 ansification: remove _EXFNPTR, _EXPARM
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:27 -06:00
Yaakov Selkowitz 9087163804 ansification: remove _DEFUN
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:26 -06:00
Yaakov Selkowitz 67ee0cac4c ansification: remove _VOID
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:20 -06:00
Yaakov Selkowitz fff27f8429 ansification: remove _DEFUN_VOID
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:19 -06:00
Yaakov Selkowitz e6321aa6a6 ansification: remove _PTR
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:16 -06:00
Yaakov Selkowitz eea249da3b ansification: remove _PARAMS
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:13 -06:00
Yaakov Selkowitz 0bda30e1ff ansification: remove _CONST
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:08 -06:00
Yaakov Selkowitz 6783860a2e ansification: remove _AND
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-17 11:47:05 -06:00
Jon Turney c006fd459f makedoc: make errors visible
Discard QUICKREF sections, rather than writing them to stderr
Discard MATHREF sections, rather than discarding as an error
Pass NOTES sections through to texinfo, rather than discarding as an error
Don't redirect makedoc stderr to .ref file
Remove makedoc output on error
Remove .ref files from CLEANFILES
Regenerate Makefile.ins

Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
2017-12-07 11:54:11 +00:00
Yaakov Selkowitz a38fc79ee9 stdlib: remove TRAD_SYNOPSIS
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-12-01 03:41:52 -06:00