Systems like FreeBSD's Capsicum and Nuxi CloudABI apply the concept of
capability-based security on the way processes can interact with the
filesystem API. It is no longer possible to interact with the VFS
through calls like open(), unlink(), rename(), etc. Instead, processes
are only allowed to interact with files and directories to which they
have been granted access. The *at() functions can be used for this
purpose.
This change adds a new config switch called
_LIBCPP_HAS_NO_GLOBAL_FILESYSTEM_NAMESPACE. If set, all functionality
that requires the global filesystem namespace will be disabled. More
concretely:
- fstream's open() function will be removed.
- cstdio will no longer pull in fopen(), rename(), etc.
- The test suite's get_temp_file_name() will be removed. This will cause
all tests that use the global filesystem namespace to break, but will
at least make all the other tests run (as get_temp_file_name will not
build anyway).
It is important to mention that this change will make fstream rather
useless on those systems for now. Still, I'd rather not have fstream
disabled entirely, as it is of course possible to come up with an
extension for fstream that would allow access to local filesystem
namespaces (e.g., by adding an openat() member function).
Differential revision: http://reviews.llvm.org/D8194
Reviewed by: jroelofs (thanks!)
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@232049 91177308-0d34-0410-b5e6-96231b3b80d8
On a new platform that I am working on
(https://github.com/NuxiNL/cloudlibc) I am not implementing the
cat{open,close,gets}() API, just like Android, Newlib, etc.
Instead of adding yet another operating system name to the #ifs,
introduce _LIBCPP_HAS_CATOPEN in include/__config. Also adjust the code
to only pull in nl_types.h when _LIBCPP_HAS_CATOPEN is set. We only
needed this header for the cat*() API.
Differential Revision: http://reviews.llvm.org/D8163
Reviewed by: marshall
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@231937 91177308-0d34-0410-b5e6-96231b3b80d8
CloudABI provides the _l() functions that are part of POSIX.1-2008, but
also the extensions that are available on systems like OS X and *BSD
(scanf_l, printf_l, etc).
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@231777 91177308-0d34-0410-b5e6-96231b3b80d8
Nuxi CloudABI (https://github.com/NuxiNL/cloudlibc) does not allow
processes to access the global filesystem namespace. This breaks
random_device, as it attempts to use /dev/{u,}random. This change adds
support for arc4random(), which is present on CloudABI.
In my opinion it would also make sense to use arc4random() on other
operating systems, such as *BSD and Mac OS X, but I'd rather leave that
to the maintainers of the respective platforms. Switching to
arc4random() does change the ABI.
This change also attempts to make some cleanups to the code. It adds a
single #define for every random interface, instead of testing against
operating systems explicitly.
As discussed, also validate the token argument to be equal to
"/dev/urandom" on all systems that only provide pseudo-random numbers.
This should cause little to no breakage, as "/dev/urandom" is also the
default argument value.
Reviewed by: jfb
Differential Revision: http://reviews.llvm.org/D8134
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@231764 91177308-0d34-0410-b5e6-96231b3b80d8
Add a new _LIBCPP_UNUSED define in __config, which can be used to
indicate explicitly unused items, and apply it to the __imp__ field of
__libcpp_refstring.
Somebody who knows about Microsoft C++ and IBM C++ should fill in the
unused attribute syntax appropriate for those compilers, if there is
any.
Differential Revision: http://reviews.llvm.org/D6836
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@228281 91177308-0d34-0410-b5e6-96231b3b80d8
Summary:
The NaCl sandbox doesn't allow opening files under /dev, but it offers an API which provides the same capabilities. This is the same random device emulation that nacl_io performs for POSIX support, but nacl_io is an optional library so libc++ can't assume that device emulation will be performed. Note that NaCl only supports /dev/urandom, not /dev/random.
This patch also cleans up some of the preprocessor #endif, and fixes the test for Win32 (it accepts any token, and would therefore never throw regardless of the token provided).
Test Plan: ninja check-libcxx
Reviewers: dschuff, mclow.lists, danalbert
Subscribers: jfb, cfe-commits
Differential Revision: http://reviews.llvm.org/D6442
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@223068 91177308-0d34-0410-b5e6-96231b3b80d8
Summary: This fixes ODR violations in C++03 mode in test/localization/locale.stdcvt. The special case for linux was introduced in 2010 before clang always defined __char16_t and __char32_t.
Reviewers: mclow.lists, danalbert, jroelofs, EricWF
Reviewed By: EricWF
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D5930
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@220716 91177308-0d34-0410-b5e6-96231b3b80d8
Turning off explicit template instantiation leads to a pretty
significant build time and code size cost. We're better off dealing
with ABI incompatibility issues that come up in a less heavy handed
way.
This reverts commit r189610.
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@215740 91177308-0d34-0410-b5e6-96231b3b80d8
libc++ currently relies on undefined initialization order of global
initializers when using gcc:
1. __start_std_streams in iostream.cpp calls locale:🆔:_init, which assigns
an id to each locale::facet in an initializer
2. Every facet has a static locale::id id, whose constructor sets the facet's
id to 0
If 2 runs after 1, it clobbers the facet's assigned consecutive id, causing
exceptions to be thrown when e.g. running code like "cout << endl".
To fix this, let _LIBCPP_CONSTEXPR evaluate to "constexpr" instead of nothing
with gcc. locale::id's constructor is marked _LIBCPP_CONSTEXPR, which ensures
that it won't get an initializer that could potentially run after the
iostream.cpp initializer. (This remains broken when building with msvc.)
Also switch constexpr-specific code in bitset to use __SIZEOF_SIZE_T__ instead
of __SIZE_WIDTH__, because gcc doesn't define the latter.
Pair-programmed/debugged with Dana Jansens.
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@210188 91177308-0d34-0410-b5e6-96231b3b80d8
libc++ will not call address_sanitizer to detect addressing errors in the
standard library containers. This is a negative macro to enable users to
disable the libc++ checks even if they are compiling with address sanitizer
enabled by defining this macro.
At the present time, there is no code in libc++ that looks at this macro.
That will come soon. This is just infrastructure.
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@206184 91177308-0d34-0410-b5e6-96231b3b80d8
ARM64 generates RTTI with hidden visibility, which means that typeinfo
must be compared char-by-char since it's not guaranteed to be uniqued
across the whole program.
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@205139 91177308-0d34-0410-b5e6-96231b3b80d8
with Visual C++ 2013 by making libcxx definition text-identical to yvals.h.
Persumably this definition is for older Visual C++ versions.
In such cases it will still be defined so no functionality change.
Other platforms should not be affected as this is inside
#elif defined(_LIBCPP_MSVC)
Patch by G M!
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@201328 91177308-0d34-0410-b5e6-96231b3b80d8
GCC does not support strong enum if -std=c++0x is not used.
Without the strong enum, we will see following error:
In file included from libcxx/include/ostream:131:0,
from libcxx/include/sstream:174,
from libcxx/include/complex:247,
from cpp03-headers.cpp:11:
libcxx/include/ios:419:68: error: 'io_errc' is not a class or namespace
libcxx/include/ios:420:66: error: 'io_errc' is not a class or namespace
To workaround this issue, this commit will define
_LIBCPP_HAS_NO_STRONG_ENUMS when we are compiling with
g++ without c++0x.
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@197313 91177308-0d34-0410-b5e6-96231b3b80d8
type_traits:3280:31: error: expected primary-expression before 'decltype'
type_traits:3280:29: error: expected ';' at end of member declaration
memory:2415:49: error: function 'std::__1::default_delete<_Tp>::default_delete()'
defaulted on its first declaration must not have an exception-specification
memory:2435:49: error: function 'std::__1::default_delete<_Tp []>::default_delete()'
defaulted on its first declaration must not have an exception-specification
The attached patch defines _LIBCPP_HAS_NO_ADVANCED_SFINAE and
_LIBCPP_HAS_NO_DEFAULTED_FUNCTIONS for gcc version < 4.7, making
the library compile with gcc 4.6.4.
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@195431 91177308-0d34-0410-b5e6-96231b3b80d8
trivial in C++03, thus making it trivial in both C++03 and C++11.
This patch allows one to opt-in/out of this decision with a macro. You can
choose to have the pair copy constructor always be trivial, or always be
non-trivial. The flag controlling this is now _LIBCPP_TRIVIAL_PAIR_COPY_CTOR.
The client can define this flag to 1, and the pair copy constructor will be
trivial (when possible of course), or to 0, and the pair copy constructor will
be nontrivial.
Default settings for this flag are set in <__config> (as usual). With this
commit the default is _LIBCPP_TRIVIAL_PAIR_COPY_CTOR=1 for all platforms
except __APPLE__, which defaults to _LIBCPP_TRIVIAL_PAIR_COPY_CTOR=0.
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@194742 91177308-0d34-0410-b5e6-96231b3b80d8
pair, and a couple of pair-like implementation detail types. The
C++98/03 and 11 standards all specify that the copy constructor of
pair<int, int> is trivial. However as libc++ tracked the draft C++11
standard over the years, this copy constructor became non-trivial, and
then just recently was corrected back to trivial for C++11.
Unfortunately (for libc++1) the Itanium ABI specifies different calling
conventions for trivial and non-trivial copy constructors. Therefore
currently the C++03 libc++ copy constructor for pair<int, int> is ABI
incompatible with the C++11 libc++ copy constructor for pair<int, int>.
This is Bad(tm). This patch corrects the situation by making this copy
constructor trivial in C++03 mode as well.
Just in case it is needed for an incomplete C++11 compiler, libc++
retains the ability to support pair with rvalue references, but without
defaulted special members. However the pair needs non-trivial special
members to implement this special case, (as it did when clang was in
this place a couple of years ago).
During this work a bug was also found and fixed in
is_trivially_constructible.
And there is a minor drive-by fix in <__config> regarding
__type_visibility__.
A test is updated to ensure that the copy constructor of pair<int, int>
is trivial in both C++03 and C++11. This test will necessarily fail for
a compiler that implements rvalue references but not defaulted special
members.
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@194536 91177308-0d34-0410-b5e6-96231b3b80d8
The issue this patch seeks to address is that MS's compiler (cl.exe) doesn't support the __attribute__((__weak__)) or __atribute__((__visibility__("default")) syntax; so a solution must be found where cl.exe doesn't see this syntax.
This patch seeks to solve this problem by changing code patterned like this:
__attribute__((__weak__, __visibility__("default")))
void* operator new(size_t size, const std::nothrow_t&) _NOEXCEPT { /*snip*/; return p; }
to code like this:
_LIBCPP_WEAK
void* operator new(size_t size, const std::nothrow_t&) _NOEXCEPT { return p; }
Howard: Thanks for all the comments regarding the default visibility
tag on the definition. I agree it isn't needed, and that there are lots
of other places where it is missing. That being said, I'm not wanting
to rock the boat on that issue right now. So I've added it back to the
definition via _LIBCPP_FUNC_VIS. A later pass dedicated just to this
issue can bring things in to a consistent state one way or the other.
Note that we do not want to have the exact same attributes on the
declaration and defintion in this case. The declaration should not be
marked weak, whereas the definition should (which is what G M's patch
did). I've fully tested on OS X to ensure that the resultant attribute
syntax actually works.
git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@192007 91177308-0d34-0410-b5e6-96231b3b80d8
